On 2026-06-02 09:36, Aki Tuomi via dovecot wrote:
I can't seem to find documentation that shows how to set up 2 LDAP passdb blocks. I can get each of them working properly, but only the second of the two works at any given time. I can't figure out the syntax needed to get both to work, even though I've been all over the Dovecot 2.4x official documentation. The docs seem to suggest settings that the server rejects.
Anyone have any experience doing this, or know the correct syntax? Thanks in advance!
you can share settings like this
ldap_auth_dn = cn=dovecot,ou=apps,dc=example,dc=com ldap_auth_dn_password = D0vec0t ldap_uris = ldapi://%2Frun%2Fldapi ldap_version = 3 ldap_bind = yes
passdb ldab-1 { driver = ldap ldap_bind_userdn = cn=%{user},ou=apps,dc=example,dc=com ldap_filter = (&(objectClass=applicationProcess)(cn=%{user})) }
passdb ldap-2 { driver = ldap ldap_bind_userdn = cn=%{user},ou=apps,dc=example,dc=com ldap_filter = (&(objectClass=posixAccount)(uid=%{user|username})(memberOf=cn=mail,ou=%{user|domain},ou=groups,dc=example,dc=com)) }
Aki
Sorry, small mistake
ldap_bind = yes => passdb_ldap_bind = yes
Thanks for your replies.
2026.06.02 13:52:40 auth(example@example.net,10.0.0.99,sasl:plain)<qgg2+khTlLgKAABj>: Debug: sasl(plain): Set authid 'example@example.net' 2026.06.02 13:52:40 auth(example@example.net,10.0.0.99,sasl:plain)<qgg2+khTlLgKAABj>: Debug: sasl(plain): Performing plain passdb verification 2026.06.02 13:52:40 auth(example@example.net,10.0.0.99,sasl:plain)<qgg2+khTlLgKAABj>: Debug: ldap-1: Performing passdb lookup 2026.06.02 13:52:40 auth(example@example.net,10.0.0.99,sasl:plain)<qgg2+khTlLgKAABj>: Debug: ldap-1: Finished passdb lookup 2026.06.02 13:52:40 auth(example@example.net,10.0.0.99,sasl:plain)<qgg2+khTlLgKAABj>: Debug: ldap-2: Performing passdb lookup 2026.06.02 13:52:40 auth(example@example.net,10.0.0.99,sasl:plain)<qgg2+khTlLgKAABj>: Debug: ldap-2: Finished passdb lookup 2026.06.02 13:52:43 auth(example@example.net,10.0.0.99,sasl:plain)<qgg2+khTlLgKAABj>: Debug: sasl(plain): Finished plain passdb verification (status=internal-failure) 2026.06.02 13:52:43 auth(example@example.net,10.0.0.99,sasl:plain)<qgg2+khTlLgKAABj>: Debug: sasl(plain): Interaction failed (internal failure) 2026.06.02 13:52:43 auth(example@example.net,10.0.0.99,sasl:plain)<qgg2+khTlLgKAABj>: Debug: Auth request finished 2026.06.02 13:52:43 auth(example@example.net,10.0.0.99,sasl:plain)<qgg2+khTlLgKAABj>: Debug: immediate auth failure due to internal failure
Not getting either one to work. This is with full debugging on. It looks like the internal error happens instantly, no attempt to contact the directory.