Hello,
Sorry, this might be a newbish question, but I really can't get the answer by myself.
I'm trying to setup a mail server using LDAP to authenticate users, and I keep receiving the errors:
passdb doesn't support credential lookups
passdb doesn't support lookups, can't verify user's existencewhen I send test mails to (existing) users.
I'm already using the LDAP server for other purposes, and it's working fine. I can't (or I don't want to) give read access to the userPassword attribute, so I want to use a authentication bind:
http://wiki.dovecot.org/AuthDatabase/LDAP/AuthBindsI've already managed to have postfix working with this LDAP server, the users (and their aliases) are correctly recognized. Postfix then sends the mails to Dovecot (2.2.13, Debian Jessie's version) with dovecot-lmtp.
Here is my /etc/dovecot/conf.d/auth-ldap.conf.ext. I use the static driver for userdb, and the LDAP driver for passdb.
passdb {
driver = ldap
args = /etc/dovecot/dovecot-ldap.conf.ext
}
userdb {
driver = static
args = uid=mail gid=mail home=/var/mail/%u
}Here is my /etc/dovecot/dovecot-ldap.conf.ext file.
hosts = localhost
ldap_version = 3
dn = cn=dovecot,ou=services,dc=niols,dc=fr
dnpass = a-random-password
auth_bind = yes
base = ou=people,dc=niols,dc=fr
pass_filter = (&(objectClass=inetOrgPerson)(mail=%u))I haven't set the user_filter and user_attrs values, since I thought these would only be usefull for userdb. I haven't set the pass_attrs value, since I don't see why it would be needed (I just need to be able to bind my user, right?). I can't auth_bind_userdn since the e-mail address aren't necessarily related in any way to the user dn. I assumed %u was going to be replaced by the user's full e-mail address.
I tried to play a bit with these values to find a working configuration, without success. I tried to search myself on the LDAP server, using the provided dn and dnpass, and I succeeded. I tried to activate debug logs, but that didn't give me much more information (full debug log at the end of this e-mail).
I think the problem is that passdb cannot find the user on the LDAP server, but I don't know why. I believe the problem is lying in my non-comprehension of what userdb and passdb actually do. I tried to find out by myself, and I'm here because I didn't manage to do so.
I'm sorry if this post looks stupid. Any help and any comments of any kind would be greatly appreciated.
Regards, Niols
PS: Here is the full debug log that I get after sending a test message to test@niols.net (.net vs. .fr: this is not a mistake, I use my .net domain for testing purposes while I use my .fr domain for eveyday life) with swaks:
lmtp(3208): Connect from local
auth: Debug: Loading modules from directory:/usr/lib/dovecot/modules/auth auth: Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth auth: Debug: Module loaded: /usr/lib/dovecot/modules/auth/libauthdb_ldap.so auth: Debug: Read auth token secret from /var/run/dovecot/auth-token-secret.dat auth: Debug: LDAP initialization took 0 msecs auth: Debug: master in: USER 1 test@niols.net service=lmtp auth: Debug: ldap(test@niols.net): passdb doesn't support credential lookups auth: Error: static(test@niols.net): passdb doesn't support lookups, can't verify user's existence auth: Debug: userdb out: FAIL 1 lmtp(3208): Error: user test@niols.net: Auth USER lookup failed lmtp(3208): Disconnect from local: Successful quit