I
have a Samba PDC with LDAP (samba version 3.0.21c with Openldap
2.3.19). where i have all the users.
I
have configured sendmail on another system with dovecot as IMAP and
POP3 server. I wanted
to
enable user authentication from LDAP server which is on samba PDC.
So configured /etc/dovecot.conf
################################################################
protocols
= pop3 imap
imap_listen
= [::]
pop3_listen
= [::]
login_dir
= /var/run/dovecot-login
login
= imap
login_user
= testuser
login
= pop3
verbose_proctitle
= yes
maildir_copy_with_hardlinks
= yes
mbox_locks
= fcntl
auth
= default
auth_mechanisms
= plain digest-md5
auth_userdb
= ldap /etc/dovecot-ldap.conf
auth_passdb
= ldap /etc/dovecot-ldap.conf
auth_user
= dovecot
auth_username_chars
= abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
################################################################
configured
/etc/dovecot-ldap.conf
#######################################################################
#
NOTE: We don't support "authentication binds", so you'll
have to give
#
dovecot-auth read access to userPassword field in LDAP server. With
OpenLDAP
#
this is done by modifying /etc/ldap/slapd.conf. There should already
be
#
something like this:
#
#
access to attribute=userPassword
#
by dn="<dovecot's dn>" read # add this
#
by anonymous auth
#
by self write
#
by * none
#
Space separated list of LDAP hosts to use. host:port is allowed too.
hosts
= 192.168.129.18
# Distinguished Name - the username used to login to the LDAP server
dn = uid=root,ou=People,dc=msdpl,dc=com
# Password for LDAP server
dnpass = mobil5@b1d
# LDAP protocol version to use. Likely 2 or 3.
ldap_version = 3
# LDAP base
base = dc=msdpl,dc=com
# Dereference: never, searching, finding, always
deref = never
# Search scope: base, onelevel, subtree
scope = subtree
# User attributes in order:
# Virtual user name (user@domain)
# Home directory
# MAIL environment
# System user name (for initgroups())
# System UID
# System GID
#user_attrs = uid,homeDirectory,,uid,uidNumber,gidNumber
user_attrs = uid,homeDirectory,,uid,,
# Filter for user lookup. Some variables can be used:
# %u - username
# %n - user part in user@domain, same as %u if there's no domain
# %d - domain part in user@domain, empty if user there's no domain
user_filter = (&(objectClass=posixAccount)(uid=%u))
#ser_filter = (&(objectClass=sambaSamAccount)(uid=%u))
# Password checking attributes in order:
# Virtual user name (user@domain)
# Password, may optionally start with {type}, eg. {crypt}
pass_attrs = uid,userPassword
# Filter for password lookups
#pass_filter = (&(objectClass=posixAccount)(uid=%u))
# Default password scheme. "{scheme}" before password overrides this.
# Currently supported schemes include PLAIN, PLAIN-MD5, DIGEST-MD5, CRYPT
#default_pass_scheme = CRYPT
# You can use same UID and GID for all user accounts if you really want to.
# If the UID/GID is still found from LDAP reply, it overrides these values.
#user_global_uid = 100
#user_global_gid = 100
#######################################################################
The following is the error when we check usingJun
8 13:10:26 testmail dovecot-auth: ldap(root): No password in reply
Jun
8 13:11:26 testmail pop3-login: Disconnected: Inactivity
[::ffff:127.0.0.1]
Jun
8 13:11:38 testmail dovecot-auth: LDAP: ldap_result() failed: Can't
contact LDAP server
Jun
8 13:13:46 testmail dovecot-auth: ldap(root): No password in reply
Jun
8 13:13:46 testmail imap-login: Disconnected [::ffff:127.0.0.1]
Jun
8 13:14:03 testmail dovecot-auth: ldap(dcadmin): No password in
reply
Jun
8 13:14:03 testmail imap-login: Disconnected [::ffff:127.0.0.1]
############################################################################
Regards
Niranjan