I reported this a month or two back as well but got no responses. It happens for us when the user enters an incorrect password.

I am using "auth_bind = yes" in my config and summized that the ldap code in dovecot may be caching the previous user's credentials for use in subsequent bind lookups instead of using the credentials specified by dn / dnpass. That would explain why a failed authentication might result in all subsequent ldap_search() calls failing.

Our production server is currently running dovecot-1.0-0.beta8.2.fc5 from the Fedora 5 distribution, but I have tested that the problem still exists up to the rc9 release. I have not tried it with rc10 yet.

These are the typical messages I get in the logs:

Oct 22 09:50:35 gm-ho-lin-06 dovecot: auth(default): client in: AUTH    1       PLAIN   service=POP3    lip=::ffff:10.1.101.10  rip=::ffff:10.0.25.193  resp=
Oct 22 09:50:35 gm-ho-lin-06 dovecot: auth(default): client out: CONT   1
Oct 22 09:50:35 gm-ho-lin-06 dovecot: auth(default): client in: CONT    1       ADAyMDdAc3RvcmVzLmdhbWUuY28udWsAMDcwMg==
Oct 22 09:50:35 gm-ho-lin-06 dovecot: auth(default): ldap(0207@stores.game.co.uk,::ffff:10.0.25.193): bind search: base=OU=Stores,OU=UK,DC=group,DC=game,DC=net filter=(&(objectClass=user)(mail=0207@stores.game.co.uk))
Oct 22 09:50:36 gm-ho-lin-06 dovecot: auth(default): client out: FAIL   1       user=0207@stores.game.co.uk
Oct 22 09:50:36 gm-ho-lin-06 dovecot: auth(default): client in: AUTH    2       PLAIN   service=POP3    lip=::ffff:10.1.101.10  rip=::ffff:10.0.25.193  resp=ADAyMDdAc3RvcmVzLmdhbWUuY28udWsAMDcwMg==
Oct 22 09:50:36 gm-ho-lin-06 dovecot: auth(default): ldap(0207@stores.game.co.uk,::ffff:10.0.25.193): bind search: base=OU=Stores,OU=UK,DC=group,DC=game,DC=net filter=(&(objectClass=user)(mail=0207@stores.game.co.uk))
Oct 22 09:50:36 gm-ho-lin-06 dovecot: auth(default): ldap(0207@stores.game.co.uk,::ffff:10.0.25.193): ldap_search() failed: Operations error
Oct 22 09:50:38 gm-ho-lin-06 dovecot: auth(default): client in: AUTH    1       PLAIN   service=POP3    lip=::ffff:10.1.101.10  rip=::ffff:10.0.70.193  resp=
Oct 22 09:50:38 gm-ho-lin-06 dovecot: auth(default): client out: CONT   1
Oct 22 09:50:38 gm-ho-lin-06 dovecot: auth(default): client in: CONT    1       ADA1NjdAc3RvcmVzLmdhbWUuY28udWsANzY1MA==
Oct 22 09:50:38 gm-ho-lin-06 dovecot: auth(default): ldap(0567@stores.game.co.uk,::ffff:10.0.70.193): bind search: base=OU=Stores,OU=UK,DC=group,DC=game,DC=net filter=(&(objectClass=user)(mail=0567@stores.game.co.uk))
Oct 22 09:50:38 gm-ho-lin-06 dovecot: auth(default): ldap(0567@stores.game.co.uk,::ffff:10.0.70.193): ldap_search() failed: Operations error
Oct 22 09:50:38 gm-ho-lin-06 dovecot: auth(default): client out: FAIL   2       user=0207@stores.game.co.uk     temp
Oct 22 09:50:38 gm-ho-lin-06 dovecot: auth(default): client out: FAIL   1       user=0567@stores.game.co.uk     temp
Oct 22 09:50:38 gm-ho-lin-06 dovecot: auth(default): client in: AUTH    2       PLAIN   service=POP3    lip=::ffff:10.1.101.10  rip=::ffff:10.0.70.193  resp=ADA1NjdAc3RvcmVzLmdhbWUuY28udWsANzY1MA==
Oct 22 09:50:38 gm-ho-lin-06 dovecot: auth(default): ldap(0567@stores.game.co.uk,::ffff:10.0.70.193): bind search: base=OU=Stores,OU=UK,DC=group,DC=game,DC=net filter=(&(objectClass=user)(mail=0567@stores.game.co.uk))
Oct 22 09:50:38 gm-ho-lin-06 dovecot: auth(default): ldap(0567@stores.game.co.uk,::ffff:10.0.70.193): ldap_search() failed: Operations error
Oct 22 09:50:40 gm-ho-lin-06 dovecot: auth(default): client out: FAIL   2       user=0567@stores.game.co.uk     temp

Regards,
Rob Coward

On Tue, 2006-10-24 at 14:28 +0300, Timo Sirainen wrote: 
On Mon, 2006-10-23 at 12:07 -0200, Matheus Antonio Oliveira wrote:
> People,
> 
> I have a situation: when use a passwd LDAP module against "microsoft 
> active directory" and one user send a blank password the authentication 
> module returns: "ERR [IN-USE] Internal login failure. Refer to server 
> log for more information."; after this the authentication module never 
> authenticate again "ERR Temporary authentication failure."
..
> -ERR [IN-USE] Internal login failure. Refer to server log for more 
> information.

Could you also show what error message it wrote to the log file?

 

This e-mail and any files transmitted with it are confidential and intended solely  for the use of the individual or entity to whom they are addressed. If you have  received this e-mail in error please notify the system manager at:    
  
        mailto:postmaster@game.net   
 
The recipient acknowledges that the transmissions made via the Internet can be corrupted and therefore THE GAME GROUP PLC and any of its subsidiaries  do not give any warranty as to the quality or accuracy of any information  contained in the message or assume any liability for it or for its transmission,  reception or storage.  

This footnote also confirms that this e-mail message has been swept by anti-virus software for the presence of computer viruses.
 
http://www.game.co.uk
http://www.gamegroup.plc.uk