Hi,
Not much time to reply now.
On 12/05/2017 05:21 AM, Mark Foley wrote:
mj - thanks! That the first useful example I've received from any forum/list. I'm getting ready to try my config (have to do so after hours), but I have some probably simple-minded questions: Well, that looks as if you are testing/trying out on your production machine. Why not setup a seperate (virtual?) test server to play with..? Use the same os version, with the same dovecot version. Or clone your production machine, so you can test as much as you like, without time pressure, at any given time.
Your example is not the complete dovecot-ldap.conf.ext file, right? Have you just given me differences in your config from the "original"? You've kept the hosts, base, ldap_version, scope, deref, debug_level, and auth_bind_userdn settings in your config, right? Not the complete file, no. I just provided the essentials.
Your dn is:
dn = cn=search_dovecit,cn=users,dc=company,dc=com
Mine (original) is:
dn = cn=user_for_bind,cn=Users,dc=dom
Can you tell me why you have "search_dovecit" versus "user_for_bind"? Is that something I need in order to make this work? It's the user that dovecot uses to search for your user, Can be anything, as long as it can authenticate using the password in:
My dnpass (original) is:
dnpass = ************
your example is:
dnpass = top_secret Use the password of whatever user you use.
If meta, what is actually supposed to go there? The password of user_for_bind
With your "this user/passwd filter". Can you tell me why you have "userAccountControl=514"? Is that 514 bit documented somewhere? Your user_filer/pass_filter is *completely* different from my installed original. https://social.msdn.microsoft.com/Forums/vstudio/en-US/77f48af7-bbef-4cd7-9c...
For the rest: my advise is that you *really* need to pay around with this much more. Get yourself a test environment, and play and test.
Plus: read some dovecot/ad howto's, and try things in your own environment.
Quick google returns: https://www.howtoforge.com/postfix-dovecot-authentication-against-active-dir...
Enjoy :-)
MJ