<quote who="Jack McKinney"> > So why is dovecot searching for uid? I am not asking it to; in fact, my > pass_attrs field is empty.
Im' no tsure, I was hoping someone else would know why. Is it a hard coded default?
Also, I have switched around my setup to not use auth_bind:
hosts = ldap.lrtz dn = cn=varmail,ou=users,dc=lorentz,dc=com dnpass = ******* ldap_version = 3 auth_bind = no pass_attrs = userPassword=password pass_filter = (&(objectClass=inetOrgPerson)(mail=%Lu)) base = ou=users, dc=%Dd scope = onelevel
With this configuration, it becomes inconsistant. Sometimes my client authenticates, and sometimes my client goes through the same timeout as below. I have not had time to run enough trials to prove this, but it seems like this new configuration works for the first connection made to dovecot, and then times out on subsequent connections. If I restart dovecot, then I get one successful connection again, and then the others fail. I am not certain on this, however. I seem to remember the first connection timing out on one run...
On Wed, 2008-04-16 at 23:20 +0100, Gavin Henry wrote:
<quote who="Jack McKinney"> > No, it isn't. I have verified the connection with "openssl s_client". > Besides, the server is receiving the username "jackmc@lorentz.com", so > the connection has already been made by this time. > What is happening every time is that dovecot sends the correct query to > OpenLDAP (as noted in the log below), OpenLDAP receives that query > (according to its log) and responds with one match, but dovecot never > seems to see that response. 180 seconds after the auth fails, dovecot > drops the connection with the IMAP client for inactivity. >
I've gone back to your first post, and you slapd logs show:
Apr 3 08:13:30 fourier slapd[14039]: conn=7 op=3 SRCH base="ou=users,dc=lorentz,dc=com" scope=1 deref=0 filter="(&(objectClass=inetOrgPerson)(mail=jackmc at lorentz.com))" Apr 3 08:13:30 fourier slapd[14039]: conn=7 op=3 SRCH attr=uid Apr 3 08:13:30 fourier slapd[14039]: conn=7 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text=
Which shows the correct filter, but the requested attribute to return is "uid", which is _not_ in your entry:
# Jack McKinney, users, lorentz.com dn: cn=Jack McKinney,ou=users,dc=lorentz,dc=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson cn: Jack McKinney givenName: Jack McKinney sn: McKinney mail: jackmc at lorentz.com
Try the same search again, but using (note uid on end):
ldapsearch -h ldap.lrtz -b 'ou=users, dc=lorentz, dc=com' -D 'cn=varmail,ou=users,dc=lorentz,dc=com' -x -W -s onelevel '(&(objectClass=inetOrgPerson)(mail=jackmc at lorentz.com))' uid
It should be empty, hence why dovecot isn't getting anything.
-- Jack McKinney GPG 1024D/99C6A174 jackmc@lorentz.com YM:lfaatsnat2006 AIM:jackmclorentz Beware geeks bearing diffs