I have a Samba PDC with LDAP (samba version 3.0.21c with Openldap 2.3.19). where i have all the users. I have configured sendmail on another system with dovecot as IMAP and POP3 server. I wanted to enable user authentication from LDAP server which is on samba PDC.
So configured /etc/dovecot.conf
################################################################
protocols = pop3 imap imap_listen = [::] pop3_listen = [::] login_dir = /var/run/dovecot-login login = imap login_user = testuser login = pop3 verbose_proctitle = yes maildir_copy_with_hardlinks = yes mbox_locks = fcntl auth = default auth_mechanisms = plain digest-md5 auth_userdb = ldap /etc/dovecot-ldap.conf auth_passdb = ldap /etc/dovecot-ldap.conf auth_user = dovecot auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ ################################################################
configured /etc/dovecot-ldap.conf ####################################################################### # NOTE: We don't support "authentication binds", so you'll have to give # dovecot-auth read access to userPassword field in LDAP server. With OpenLDAP # this is done by modifying /etc/ldap/slapd.conf. There should already be # something like this: #
# access to attribute=userPassword
# by dn="
# Space separated list of LDAP hosts to use. host:port is allowed too. hosts = 192.168.129.18
# Distinguished Name - the username used to login to the LDAP server
dn = uid=root,ou=People,dc=msdpl,dc=com
# Password for LDAP server
dnpass = mobil5@b1d
# LDAP protocol version to use. Likely 2 or 3.
ldap_version = 3
# LDAP base
base = dc=msdpl,dc=com
# Dereference: never, searching, finding, always
deref = never
# Search scope: base, onelevel, subtree
scope = subtree
# User attributes in order:
# Virtual user name (user@domain)
# Home directory
# MAIL environment
# System user name (for initgroups())
# System UID
# System GID
#user_attrs = uid,homeDirectory,,uid,uidNumber,gidNumber
user_attrs = uid,homeDirectory,,uid,,
# Filter for user lookup. Some variables can be used:
# %u - username
# %n - user part in user@domain, same as %u if there's no domain
# %d - domain part in user@domain, empty if user there's no domain
user_filter = (&(objectClass=posixAccount)(uid=%u))
#ser_filter = (&(objectClass=sambaSamAccount)(uid=%u))
# Password checking attributes in order:
# Virtual user name (user@domain)
# Password, may optionally start with {type}, eg. {crypt}
pass_attrs = uid,userPassword
# Filter for password lookups
#pass_filter = (&(objectClass=posixAccount)(uid=%u))
# Default password scheme. "{scheme}" before password overrides this.
# Currently supported schemes include PLAIN, PLAIN-MD5, DIGEST-MD5, CRYPT
#default_pass_scheme = CRYPT
# You can use same UID and GID for all user accounts if you really want to.
# If the UID/GID is still found from LDAP reply, it overrides these values.
#user_global_uid = 100
#user_global_gid = 100
####################################################################### The following is the error when we check using [root]#telnet mymailserverip 110 Trying 192.168.129.248 Connected to testmail.mydomain.com (192.168.129.248) Escape character is '^]`. user dcadmin pass mypass ERR-Authentication Failure
The following is the log output of /var/log/maillog ######################################################################### Jun 8 13:09:16 testmail dovecot-auth: ldap(dcadmin): No password in reply Jun 8 13:10:16 testmail pop3-login: Disconnected: Inactivity [::ffff: 127.0.0.1]
Jun 8 13:10:26 testmail dovecot-auth: ldap(root): No password in reply Jun 8 13:11:26 testmail pop3-login: Disconnected: Inactivity [::ffff: 127.0.0.1] Jun 8 13:11:38 testmail dovecot-auth: LDAP: ldap_result() failed: Can't contact LDAP server Jun 8 13:13:46 testmail dovecot-auth: ldap(root): No password in reply Jun 8 13:13:46 testmail imap-login: Disconnected [::ffff:127.0.0.1] Jun 8 13:14:03 testmail dovecot-auth: ldap(dcadmin): No password in reply Jun 8 13:14:03 testmail imap-login: Disconnected [::ffff:127.0.0.1] ############################################################################
Regards Niranjan