-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wed, 30 Oct 2013, me@electronico.nc wrote:
passdb { args = /etc/dovecot/dovecot-ldap-passdb.conf.ext driver = ldap }
/etc/dovecot/dovecot-ldap-passdb.conf.ext:
hosts = localhost auth_bind = yes auth_bind_userdn = cn=%u,OU=users,dc=domain,dc=lan
You define your bind DN as cn=%u,OU=users,dc=domain,dc=lan
ldap_version = 3 base = ou=users,dc=domain,dc=lan scope = subtree pass_filter = (&(objectClass=person)(cn=%u)(mail=*))
user_attrs = uid=20001, gid=20001, home=/media/data/email/%n, mail=/media/data/email/%n/mail user_filter = (&(objectClass=person)(cn=%n)(mail=*))
pass_filter and user_filter differ in %u vs. %n.
Here is the debug part when user test3 (located in ou=users, ou=administrative) tries to login:
The auth_bind_userdn does not match the ou=administrative location. Drop the auth_bind_userdn, IMHO, so Dovecot actually uses pass_filter to search for the DN of the user.
Oct 30 18:49:12 serveur dovecot: auth: ldap(test3,10.10.20.208,<L6uskfDpKwAKChTQ>): invalid credentials Oct 30 18:49:14 serveur dovecot: auth: Debug: client passdb out: FAIL#0111#011user=test3
As soon as I move user 'test3' back to ou=users, it can login ...
Oct 30 18:53:57 serveur dovecot: auth: Debug: client passdb out: OK#0111#011user=test3
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBUnDECl3r2wJMiz2NAQLEJQgAp/fECmujABG7xDI4nSkyn7ZcDp5xOqLm qa+t2O+DPmEqC9EI+MIBaM8XOzKBG7iAVHpVtJJ06WA/Sn0aupyWxq6mAFEIYTtM 2byKy4eSWexZU3XbhvggqMVaRJTBGHV31f2d05ZXjLzFeU4nzczN7xZ4DKVRqzhz ii72NyMDf1bUhEx+1O7irMLnitOtpBlxsI5Xws6qrc1T4xlv0jjEkaqXEQAnPLWH 9F4x+t1mKks+UcMMl6wOUQ/Siozg4GBVjnyNd8F7bLVRznntkhxzOY0apCC8Df9+ kC2OhOF9ItHXKR2QI9w/emdqeKjbGQHEdrqC3Von2T/ntUA3yYHrCw== =mGae -----END PGP SIGNATURE-----