On Fri, 2008-04-18 at 10:10 +0200, Steffen Kaiser wrote:
I got the impression that this is problem, see the Doc: http://wiki.dovecot.org/AuthDatabase/LDAP
pass_attrs = uid=user,userPassword=password
This is the default, please add "mail=user" to your pass_attrs and re-add auth_bind. Also, kill all dovecot processes (well, you know: make sure it is correct confuig that is used, e.g. add a syntax error, so you see it is even the correct file you're editing)
I did try it with mail=user; same failure mode. Since I also get thisfailure mode with auth_bind = no, I don't think this is the issue.
Rob had this in his conf:
user_attrs = mail=user user_filter = (&(objectClass=user)(mail=%u)) pass_attrs = mail=user,userPassword=password,mail=userdb_user pass_filter = (&(objectClass=user)(mail=%u))
Note the two mail=user settings, I have them, too. Drop the mail=userdb_user, as you use another userdb.
Problematic, since my userdb is static.Rob also have
user_global_uid = dovecot user_global_gid = dovecot
"If you're using a single UID and GID for all the users, you can use user_global_uid and user_global_gid settings instead of of returning them from LDAP." Which seems to apply to userdb only, but who knows?
Also, could you please drop the TLS/SSL on the connection, if any, and sniff the connection?
To sniff, use wireshark (ethereal) or tshark (tethereal) "port 389" as capture filter. wireshark understands the LDAP protocol und decodes it. Moreover, you see _what_ is returned in detail.
I am not using TLS/SSL for the LDAP connection.BTW: Do you use any sort of firewall, iptables or whatsoever on the mail, dns or ldap server? Did you disabled it?
LDAP and IMAP are on the same server. Since the query and the resultboth show up in the LDAP logs, it couldn't be a firewall issue.
-- Jack McKinney GPG 1024D/99C6A174 jackmc@lorentz.com YM:lfaatsnat2006 AIM:jackmclorentz Beware geeks bearing diffs