Re: "Temporary authentication failure" ? Cant connect with ldap user

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

On Tue, 24 Feb 2015, David Scheele wrote:

*ldapsearch -x cn=admin* gives me:

| # A bunch of information not really interesting | # search result | search: 2 | result: 32 No such object | | numResponses: 1

*ldapsearch -x cn=admin* gives the same. Did i configure the ldap wrong?

ldapsearch -x -h localhost cn=admin ?

2015-02-24 10:42 GMT+01:00 Steffen Kaiser skdovecot@smail.inf.fh-brs.de:

...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

On Tue, 24 Feb 2015, David Scheele wrote:

...

The ldap-utils were already installed. I did the ldapsearch you gave me, but after inputting my admin password it gives me *ldap_bind: Invalid credentials (49)* I logged into the ldap server with my admin credentials (which worked fine) and changed my password to '12345', Trying that, still *Invalid credentials* .

Oh forgot:

ldapsearch -x ..

Also try:

ldapsearch -x cn=admin

to get the full DN of the admin

1.) I tried that already. The error switches to syntax error then.

...

2.) Not really. An upper case letter and a number + various lowercase letters. Not very exotic.

Is the pass_filter neccessary? I just wanted to make the installation as basic as possible, to not get any unwanted errors.

Best, David

2015-02-24 10:02 GMT+01:00 Steffen Kaiser

...

:

-----BEGIN PGP SIGNED MESSAGE-----

...

Hash: SHA1

On Tue, 24 Feb 2015, David Scheele wrote:

2015-02-24 8:05 GMT+01:00 Steffen Kaiser

...

...

:

On Mon, 23 Feb 2015, David Scheele wrote:

...

So, I set up the Server, installed and configured postfix, ldap and

dovecot > (in that order) and now simply try to log into the mail account with a > used > from the LDAP over telnet. > > The test looks like this: > > *|> telnet localhost 143* > *| a bunch of stuff ending with:* > *| OK [**] Dovecot ready.* > *|> a login username userpassword* > *| a NO [UNAVAILABLE] Temporary authentication failure. [host and date > here]* > > In the logs it says > > *|[date] mailserver dovecot: auth: Error: LDAP: binding failed (dn > cn=admin): Invalid credentials* > > But I KNOW the admin password I entered into the dovecot-lda.conf.ext > is > correct as I use it to log into the LDAP directory over jxplorer > > I also know the password for the user i try to log in with is correct > as i > set it myself over and over just to be sure there are no typos. > I'm at a loss, I've been at this end for a few days now and can't find > good > tutorials online because its either always an old dovecot, postfix, > ldap > or > debian version and somewhere in the middle it just stops because some > file > is completely missing. I get the impression I'm just not able-brained > for > linux useage. > > Anyway, here are a few more informations about the system: > > *Dovecot version 2.1.7* > > Output of grep -v '^ *\(#.*\)\?$' dovecot-ldap.conf.ext: > *hosts = localhost* > *dn = cn=admin* > *dnpass = [password]* > > install the ldap-utils package - that one containing ldapsearch - and

execute:

ldapsearch -W -D cn=admin -b 'dc=[domainname],dc=de'
'(&(objectClass=posixAccount)(uid=<<uid>>))'

then enter your password.

1. I suppose, cn=admin is missing a domain name, e.g. dc=[domainname],dc=de .

2. does your dnpass contain "funny" characters?

*sasl_bind = no*

...

*tls = no*

...

> *auth_bind = yes* > *ldap_version = 3* > *base = dc=[domainname],dc=de* > *user_attrs = uidNumber=uid,gidNumber=gid* > *user_filter = (&(objectClass=posixAccount)(uid=%u))* > *pass_attrs = uid=user,userPassword=password* > > BTW: You do not habe no pass_filter or I deleted it last time.

Output of dovecot -n:

...

...

> > *disable_plaintest_auth = no* > *mail_location = mbox:~/mail:INBOX=/var/mail/%u* > *[namespace config here]* > > *passdb {* > *args = /etc/dovecot/dovecot-ldap.conf.ext* > > ^^^^^^^^^^^^^^^^^^^^ >

filename mismatch

*driver = ldap*

*}* > *plugin {* > *sieve = ~/.dovecot.sieve* > *sieve_dir = ~/sieve* > *}* > > *protocols = " imap pop3"* > *ssl_cert = > *ssl_key = > *userdb {* > *args = /etc/dovecot/dovecot-ldap.conf.ext* > *driver =ldap* > *}* > *protocol pop3 {* > *pop3_client_workarounds = outlook-no-nuls oe-ns-eoh* > *pop3_uidl_format = %08Xu%08Xv* > *}* > > Any help would be greatly apprechiated.... I'm going crazy over here. > > Thanks in advance, > David > > > - -- Steffen Kaiser > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQEVAwUBVOwixXz1H7kL/d9rAQJxAgf/dNt0dBGANbIGvm6B0Oeuna/+uY5/7MR8 9EpFwss94eu4PyFgAfOm2Al+IOT98LP1N9OHs3Za2r/2W7LKaesgjCa3vBfH9IjZ okUj7fsQXsTAM+UqtF+ne3f5Vp6Ng36Irabr5HLptlbIu3lq8ALMm/E/72TabVLl Lln7bB/YFftnrTlI2HheRLnAwSOMHu4rNE7G9zLqiPEipD5XsqgDBPpAM6PwPmbi k/irSUgq8h4b66LCzo6Ekv6lvKzWxQpzJo0MC99HT0syAP/qpyLbPARhQvDXCH7J wvf/T19EAt+OC4zzfIPgL2YxRP5ZN5efr82NLYdiMVfAcBaDHaFWTA== =8upy -----END PGP SIGNATURE-----

• -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQEVAwUBVOw+O3z1H7kL/d9rAQIaZAf+MTnOlpm92TbjdWLCNp3THyjUHMaHDmHt /EuAXa7P0r16tuBHXNuWAohSzG80ZF6ALxg1EhtFkFdH/VtrnyqZ0L6imahcXbhe QnwMA1R4PK1+K7ckUisg8Pkv+3hXPrMyjvOyqMUwOTmlwG6PjHNaX7LxthDQNTu4 0PjXVZ0IBGlBPTyra/9l81K5j/vw0qfvVF4ycWAFV7An/dqM3nYBnqkBTziqozNs wdhYWFQqApE/pGOe6TbFGeDEiE9PXVTue4G/H9VGe8GKu/ctlp0mtaRN7x84h5dO bqshRfVouSIOhK5jynJMH/T142URGKYGGaS7evCVfwNsRkOcdWJm+g== =W7kX -----END PGP SIGNATURE-----

• -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQEVAwUBVOxHeXz1H7kL/d9rAQLm6ggAg0Aqx0d6zWxvPf7jIJ+fG9omXlLGrnHU DoqcLFR+PslKJcB6jsGNNzwrN2Xlfqh2ZljreOEyvgYZmD0G0U6z+WI1siGTu/Li Qx8qcHUbKv/fLSuwx5uV0QL4RtgHNX69/DABtHiffd4ecAeuiTL2Vgdxu5DLzgZE zm1ZPpdrqEFDLb28qu0jxWvfhZT8tVJ+4NH2zvgxEIZ0/O7xozIBCcp/BwRiy/JH iGK+J039UfBX03qGTpezEiL8AWIwnouVMx+f0Xh9R+Fah7scG2iF3AEcgpFsoLpS d9b/cMgKufK6qtxQvb4IIahZuxt15EBRLdYLqW7L1QaLNwVZYtK0fw== =pJnh -----END PGP SIGNATURE-----