Hi Alex, thanks for your input. As you might have surmised from my doveconf output, I had things horribly misconfigured. :) Everything is dandy now, I just had to RTFM and understand userdb/passdb and the ldap settings better. My new configuration follows:
BEGIN DOVECONF: # 2.0.19: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-45-generic x86_64 Ubuntu 12.04.2 LTS auth_debug = yes auth_debug_passwords = yes auth_verbose = yes log_path = /var/log/dovecot.log mail_location = maildir:~/.maildir passdb { driver = pam } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } protocols = " imap pop3" ssl_cert =
END DOVECONF
BEGIN DOVECOT-LDAP.CONF.EXT
uris = ldap://localhost:389 dn = uid=dovecot,ou=Services,dc=tohuw,dc=net dnpass = [redacted] debug_level = -1 auth_bind = yes auth_bind_userdn = uid=%u,ou=Users,dc=tohuw,dc=net base = dc=tohuw,dc=net user_filter = (uid=%u) pass_filter = (uid=%u) iterate_attrs = uid=user default_pass_scheme = SSHA
END DOVECOT-LDAP.CONF.EXT
The dovecot-ldap-userdb.conf.ext is a symlink, as the documentation suggests I do.
On Tue, Jun 4, 2013 at 1:43 PM, Alex Crow acrow@integrafin.co.uk wrote:
Forgot to say that the lines below would be part of a file included thusly:
passdb { driver = ldap
# Path for LDAP configuration file, see example-config/dovecot-ldap.** conf.ext args = /etc/dovecot/dovecot-ldap.**conf.ext }
userdb { driver = prefetch }
userdb { driver = ldap args = /etc/dovecot/dovecot-ldap.**conf.ext }
And in the /ettc/dovecot-ldap.conf.ext as well as the examples I gave you'll also need a line like:
uris = ldap://myldapserver1 ldap://myldapserver2
(I use 2 servers with referrals to the master)
Also look up iterate_attrs and iterate_filter to let doveadm and other things iterate over accounts.
Cheers
Alex
On 04/06/13 18:34, Alex Crow wrote:
Hi,
That can't be the full output of doveconf -n can it?
You need to define (examples from my configs using qmail schema; your values will probably be different if you are using AD or openLDAP with a different mail schema)
user_attrs = homeDirectory=home,**mailMessageStore=mail user_filter = (&(objectClass=qmailUser)(**mail=%u)) pass_attrs = userPassword=password,**homeDirectory=userdb_home,** mailMessageStore=userdb_mail pass_filter = (&(objectClass=qmailUser)(**mail=%u))
Also look at the auth_bind parameter. Mine is "yes" because I'm using userdb prefetch as you can see from the pass_attrs param.
And you probably need to set up virtual users as well!
Cheers
Alex
On 04/06/13 17:44, Christian Wiese wrote:
Hello Christian, I tried what you suggested by adding "REFERALS off" to /etc/ldap/ldap.conf and restarting slapd and dovecot, but the error persists.
On Tue, Jun 4, 2013 at 7:56 AM, Christian Wiese < christian.wiese@securepoint.de**> wrote:
Hi Ron,
I didn't had the time to check all logs but the error log. First thing you should check if there are LDAP REFFERALS enabled in the systems ldap.conf. I had a similar looking issue and it took me a good amount of time to figure out that I had to disable LDAP REFFERALS globally. This happened when using an AD as LDAP backend, but also applies to Samba4 as you can see in the following mailing list thread:
http://dovecot.markmail.org/**message/mjurv4fp4w65u2ib?q=** Dovecot+LDA+LDAP+lookups+on+**samba4+server+ends+very+often+** in+timeoutshttp://dovecot.markmail.org/message/mjurv4fp4w65u2ib?q=Dovecot+LDA+LDAP+look...
The settings within the systems ldap.conf might influence dovecot, because libldap (openldap) functions might read the global ldap.conf settings.
Hope that helps.
Cheers, Chris
Am Tue, 4 Jun 2013 05:50:16 -0400 schrieb Ron Scott-Adams ron@tohuw.net:
a login tohuw [myPassword] returns "NO [AUTHENTICATIONFAILED]
Authentication failed." I believe I'm missing a configuration detail, but what?
info.log: http://pastebin.ca/2388873
debug.log: http://pastebin.ca/2388872
error.log: http://pastebin.ca/2388871
dovecot -n: http://pastebin.ca/2388870
dovecot-ldap.conf.ext summary: http://pastebin.ca/2388867