On Fri, 2010-10-15 at 07:17 -0600, Trever L. Adams wrote:
Fantastic. I am not. Postfix, is validating user existence. I read somewhere I can turn off Dovecot LDA validation, but now I am unable to find the page.
http://wiki2.dovecot.org/UserDatabase/Static / allow_all_users
Oct 15 05:48:06 TeaSet dovecot: master: Error: service(auth-worker): child 16375 killed with signal 11 (core dumps disabled) Can you get a gdb backtrace? First enable core dumps with "ulimit -c unlimited" and once you have core file see http://dovecot.org/bugreport.html I am not sure this is necessary.
A crash is a bug in any case that I'd like to fix. A good backtrace would make it easier for me to do that.
The problem seems to be in this dovecot: auth: Debug: ldap(?): result: sAMAccountName(?unknown?)=
I get that for all fields in the AD. It looks like I am going to have to do a bind of some kind.
You mean the "?unknown?" part? I think the problem here is that I hadn't thought that LDAP attributes are case-insensitive. You should have used sAMAccountName, not samaccountname in the iterate_attrs. But I suppose I'll need to fix this myself too.
auth: Error: LDAP: binding failed (dn CN=SMTP-SERVICE-PRINCIPAL-USER,CN=Users,DC=example,DC=org): Local error, SASL(-1): generic failure: GSSAPI Error: An invalid name was supplied (Cannot determine realm for numeric host address)
No idea.
I am thinking I should add gss-spnego to the mech, but haven't done so.
No, anything outside dovecot-ldap.conf doesn't affect LDAP. OpenLDAP uses Cyrus SASL for doing the GSSAPI stuff, so you should try to look into that.