Hey Achim,
thank you for your help :-) Unfortunately it did not work :-(
I changed the lines in the dovecot config you sent me.. When I try to login into the sogo gui, im getting the following error message:
2013-12-16 16:10:07 auth: Info:
ldap(administrator,127.0.0.1,
When I look in samba4:
samba-tool user list Administrator krbtgt Guest ldap
The user seems to be there..:-(
Cheers,
- Pascal
On 12/16/2013 03:37 PM, Achim Gottinger wrote:
Hi,
Added a few corrections to your config below. Hope it works.
achim~
Am 16.12.2013 11:51, schrieb Pascal den Bekker:
Hello,
I am trying to setup samba4/openchange and dovecot. Does anyone has experiences concering dovecot connecting to samba4 ??
I tried the following:
/etc/dovecot.conf:
protocols = imap sieve mail_location = maildir:/data/mail/%d/%n/Maildir mail_access_groups = vmail mail_privileged_group = vmail first_valid_uid = 110 last_valid_uid = 110 last_valid_uid = 5000 first_valid_gid = 115 last_valid_gid = 115 last_valid_gid = 5000
Your vmail user/group seems to have the uid/gid 5000 so it must be in the valid range.
log_path = /var/log/dovecot log_timestamp = "%Y-%m-%d %H:%M:%S " login_greeting = Welcome to domain.local.
service imap { inet_listener { port=143 } }
protocol lda { log_path = /var/log/mail/dovecot-deliver.log auth_socket_path = /var/run/dovecot/auth-master postmaster_address = postmaster@domain.local mail_plugins = sieve }
service managesieve { inet_listener { port=12000 } }
auth_verbose = yes auth_debug = yes
service auth { unix_listener /var/spool/postfix/private/auth { group = vmail mode = 0660 user = postfix } }
#service auth-userdb { # user = vmail # } #user = root #}
passdb { args = /etc/dovecot/dovecot-ldap-passdb.conf driver = ldap }
userdb { args = /etc/dovecot/dovecot-ldap-userdb.conf driver = ldap }
plugin { sieve = /data/mail/%d/%n/sieverc sieve_storage=/data/mail/%d/%n/sieve sieve_max_redirects = 20 }
debug_log_path = /var/log/dovecot-debug.log
dict { }
/etc/dovecot/dovecot-ldap-passdb.conf
hosts = localhost auth_bind = yes auth_bind_userdn = cn=%u,cn=Users,dc=domain,dc=local ldap_version = 3 base = cn=Users,dc=domain,dc=local pass_filter = (&(objectClass=person)(cn=%u)(mail=*))
hosts = localhost auth_bind = yes dn = cn=ldap,cn=Users,DC=domain,DC=local dnpass = password #auth_bind_userdn = cn=%u,cn=Users,dc=domain,dc=local ldap_version = 3 base = cn=Users,dc=domain,dc=local pass_filter = (&(objectClass=person)(sAMAccountName=%u)(mail=*)) user_attrs=uid=5000
This way dovecot connects as user ldap does the user lookup according to pass_filter and uses the resulting dn for authetification. If you create users via the Windows Remote Management tools the dn for an user normaly uses the Full Name as cn and not the user id which is stored as sAMAccountName.
/etc/dovecot/dovecot-ldap-userdb.conf:
hosts = localhost dn = cn=ldap,cn=Users,DC=domain,DC=local dnpass = password ldap_version = 3 base = cn=Users,DC=domain,DC=local
#user_attrs = user_attrs=uid=5000,=gid=5000,=home=/data/mail/%d/%n,mail=/data/mail/%d/%u/Maildir
user_filter = (&(objectClass=person)(cn=%u)(mail=*)) iterate_attrs = cn=user iterate_filter = (objectClass=person) user_filter = (&(objectClass=person)(sAMAccountName=%u)(mail=*)) iterate_attrs = sAMAccountName=user
When I try to login with useraccountadministrator I get the following error messages:
2013-12-16 11:28:29 auth: Info: ldap(ldap,127.0.0.1,
): unknown user 2013-12-16 11:28:29 auth: Error: userdb(ldap,127.0.0.1, ): user not found from userdb ldap 2013-12-16 11:28:29 imap: Error: Authenticated user not found from userdb, auth lookup id=783810561 (client-pid=3809 client-id=1) 2013-12-16 11:28:29 imap-login: Info: Internal login failure (pid=3809 id=1) (internal failure, 1 succesful auths): user=<ldap>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=3810, secured, session= Can someone tell me what I am doing wrong, or is there way to test to dovecot ldap connection string ??
Cheers,
- Pascal
-- Pascal den Bekker
Linux System Administrator
Affinitas GmbH | Kohlfurter Straße 41/43 | 10999 Berlin | Germany email: pascal_den.bekker@affinitas.de | tel: +49 30 868 000 140 www.edarling.de | www.shopaman.de
Geschäftsführer: Lukas Brosseder, David Khalil, Michael Schrezenmaier
Eingetragen beim Amtsgericht Berlin-Charlottenburg, HRB 115958