-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Thu, 17 Apr 2008, Gavin Henry wrote:
So why is dovecot searching for uid? I am not asking it to; in fact, my pass_attrs field is empty.
Im' no tsure, I was hoping someone else would know why. Is it a hard coded default?
Also, I have switched around my setup to not use auth_bind:
hosts = ldap.lrtz dn = cn=varmail,ou=users,dc=lorentz,dc=com dnpass = ******* ldap_version = 3 auth_bind = no pass_attrs = userPassword=password
I got the impression that this is problem, see the Doc: http://wiki.dovecot.org/AuthDatabase/LDAP
pass_attrs = uid=user,userPassword=password
This is the default, please add "mail=user" to your pass_attrs and re-add auth_bind. Also, kill all dovecot processes (well, you know: make sure it is correct confuig that is used, e.g. add a syntax error, so you see it is even the correct file you're editing)
Rob had this in his conf:
user_attrs = mail=user user_filter = (&(objectClass=user)(mail=%u)) pass_attrs = mail=user,userPassword=password,mail=userdb_user pass_filter = (&(objectClass=user)(mail=%u))
Note the two mail=user settings, I have them, too. Drop the mail=userdb_user, as you use another userdb.
Rob also have
user_global_uid = dovecot user_global_gid = dovecot
"If you're using a single UID and GID for all the users, you can use user_global_uid and user_global_gid settings instead of of returning them from LDAP." Which seems to apply to userdb only, but who knows?
Also, could you please drop the TLS/SSL on the connection, if any, and sniff the connection?
To sniff, use wireshark (ethereal) or tshark (tethereal) "port 389" as capture filter. wireshark understands the LDAP protocol und decodes it. Moreover, you see _what_ is returned in detail.
BTW: Do you use any sort of firewall, iptables or whatsoever on the mail, dns or ldap server? Did you disabled it?
BTW: I didn't know you can use dn/dnbpass for the initial lookup, now I know.
Bye,
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFICFdqVJMDrex4hCIRAsWKAJ9SgI3ldlcd+gTuWIT6v7JZtYqkAwCeKAO7 ciaWVAteW3Lcx3hApX9VZsc= =Sy5f -----END PGP SIGNATURE-----