I think you're pointing me in the right direction. I copied the LDAP configuration from version 2.3 to 2.4 and modified it, but perhaps I modified the bind section not correctly. If so, it probably works because an anonymous bind provides the requested data. In that case I need to rethink my access rules in the LDAP.
What if have:
ldap_uris = ldap://localhost ldap_auth_dn = cn=xxxx,ou=xxxx,dc=abc,dc=xy ldap_auth_dn_password = secret ldap_base = ou=xxx,dc=xxx,dc=xx
passdb ldap {...}
userdb ldap {....}
And looking at the documentation now, perhaps it should be:
dict_server { dict ldap { ldap_uris = ldap://localhost ldap_auth_dn = cn=xxxx,ou=xxxx,dc=abc,dc=xy ldap_auth_dn_password = secret ldap_base = ou=xxx,dc=xxx,dc=xx ldap_deref = never ldap_scope = subtree ldap_starttls = no ssl_client_require_valid_cert = no } }
passdb ldap {...}
userdb ldap {....}
Op 5-2-2026 om 06:23 schreef Aki Tuomi via dovecot:
On 04/02/2026 22:29 EET Ruud Baart via dovecot <dovecot@dovecot.org> wrote:
I'm tired. I have been working many hours now. So it may be that I don't quite understand you correctly. The conclusion I draw from these responsen is that there is something strange going on that I can't do anything about. Dovecot seems to be working fine on my server, so I'm not immediately concerned.
I checked the exact spelling of the attributes I use. It is as follows. In the ldif dump: mailBase, mailMessageStore, dovecotQuota, mailDeliveryAddress and userPassword. And indeed, only userPassword gives an error.
You are using ldap_bind, which usually means that the driver attempts to bind with the user's credentials. I wonder if you intended to use this as you are also looking up user's password too.
Aki
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
Cordialement,
*R.J. Baart Portable: +33 7 88398245*
I think you're pointing me in the right direction. I copied the LDAP configuration from version 2.3 to 2.4 and modified it, but perhaps I modified the bind section not correctly. If so, it probably works because an anonymous bind provides the requested data. In that case I need to rethink my access rules in the LDAP.
What if have:
ldap_uris = [1]ldap://localhost ldap_auth_dn = cn=xxxx,ou=xxxx,dc=abc,dc=xy ldap_auth_dn_password = secret ldap_base = ou=xxx,dc=xxx,dc=xx
passdb ldap {...}
userdb ldap {....}
And looking at the documentation now, perhaps it should be:
dict_server { dict ldap { ldap_uris = [2]ldap://localhost ldap_auth_dn = cn=xxxx,ou=xxxx,dc=abc,dc=xy ldap_auth_dn_password = secret ldap_base = ou=xxx,dc=xxx,dc=xx ldap_deref = never ldap_scope = subtree ldap_starttls = no ssl_client_require_valid_cert = no } }
passdb ldap {...}
userdb ldap {....}
Op 5-2-2026 om 06:23 schreef Aki Tuomi via dovecot:
On 04/02/2026 22:29 EET Ruud Baart via dovecot
[3]<dovecot@dovecot.org> wrote:
I'm tired. I have been working many hours now. So it may be that I
don't
quite understand you correctly. The conclusion I draw from these
responsen is that there is something strange going on that I can't do
anything about. Dovecot seems to be working fine on my server, so I'm
not immediately concerned.
I checked the exact spelling of the attributes I use. It is as
follows. In the ldif dump: mailBase, mailMessageStore, dovecotQuota,
mailDeliveryAddress and userPassword. And indeed, only userPassword
gives an error.
You are using ldap_bind, which usually means that the driver attempts to
bind with the user's credentials. I wonder if you intended to use this
as you are also looking up user's password too.
Aki
_______________________________________________
dovecot mailing list -- [4]dovecot@dovecot.org
To unsubscribe send an email to [5]dovecot-leave@dovecot.org--
Cordialement,
R.J. Baart Portable: +33 7 88398245
References
Visible links
- file:///tmp/tmpvxy31psp/ldap:/localhost
- file:///tmp/tmpvxy31psp/ldap:/localhost
- mailto:dovecot@dovecot.org
- mailto:dovecot@dovecot.org
- mailto:dovecot-leave@dovecot.org