I left auth_bind on, but commented out the dn and dnpass fields. I would think those would be the credentials with which to bind to search for the user, then bind with the supplied credentials when the user's been found since the user could be anywhere in the ldap structure. In any event, I've enabled anonymous lookups (for the time being) so it's not necessary.
It was also suggested that the LDAP path is backwards, but again this is pretty much the same path I used in configuring Postfix. Oh, and unfortunately, dumping Outlook isn't something we can do. :(
I'm all out of ideas... I'm sniffing the packets and it's just like it gets a query result but never attempts to bind.
- Burton
> Here's the meat of the dovecot-ldap.conf file I'm using:
> hosts = 192.168.x.x
> dn = cn=Administrator,cn=Users,DC=domain,DC=local
> dnpass = xxxxx
> auth_bind = yes
> ldap_version = 3
> base = DC=domain,DC=local
> scope = subtree
> user_attrs = sAMAccountName,mail,,,,
> user_filter = (&(objectClass=organizationalPerson)(sAMAccountName=%u))
> pass_filter = (&(objectClass=organizationalPerson)(sAMAccountName=%u))
> user_global_uid = 44
> user_global_gid = 44
You might want to turn off auth_bind. auth_bind will bind to the active
directory/ldap server with the user's credentials, not the dn. Not sure
if that's what is causing your problems or not.