I would recommend configuring a service user to AD and using LDAP userdb, but if you do not, for whatever reason want to do this, change
userdb static { allow_all_users = yes fields { gid = vmail uid = vmail } }
to skip passdb check.
See https://doc.dovecot.org/2.4.2/core/config/auth/userdb.html#userdb_static_all...
Aki
On 25/01/2026 12:30 EET Esteban Heschung via dovecot <dovecot@dovecot.org> wrote:
Hello Dovecot Team,
I am currently using *Dovecot 2.4.1* with *Windows Active Directory* via LDAPS (self-signed certificate).
I have configured a *bind DN template* for authentication.
Authentication works perfectly. However, when Dovecot tries to perform the *userdb lookup*, it seems to *ignore the DN template*. Instead, it attempts to perform a search using the *ldap_base and filter* I configured...
According to the documentation, the *bind DN template should be sufficient*, and Dovecot should not need to perform this search.
Additionally, if I *remove the ldap_base or filter fields*, Dovecot fails with an error and cannot perform the lookup at all.
This results in doveadm user failing, even though authentication succeeds.
Could this be a bug in the way Dovecot handles bind_userdn for LDAP userdb lookups?
I would appreciate any guidance or confirmation on this behavior.
Thank you for your help. Hello Dovecot Team,
I am currently using Dovecot 2.4.1 with Windows Active Directory via LDAPS (self-signed certificate).
I have configured a bind DN template for authentication.
Authentication works perfectly. However, when Dovecot tries to perform the userdb lookup, it seems to ignore the DN template. Instead, it attempts to perform a search using the ldap_base and filter I configured...
According to the documentation, the bind DN template should be sufficient, and Dovecot should not need to perform this search.
Additionally, if I remove the ldap_base or filter fields, Dovecot fails with an error and cannot perform the lookup at all.
This results in doveadm user failing, even though authentication succeeds.
Could this be a bug in the way Dovecot handles bind_userdn for LDAP userdb lookups?
I would appreciate any guidance or confirmation on this behavior.
Thank you for your help.
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org