Re: LDAP auth problems "unknown user"

22 Nov 2016 · *\(#.*


      -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sun, 20 Nov 2016, Nikolai Lusan wrote:
...
# grep -v '^ *\(#.*\)\?$' /etc/dovecot/ldap/maliuta.org-ldap.conf.ext
uris = ldap://localhost
dn = cn=admin,dc=maliuta,dc=org
dnpass = <secret>
tls = yes
tls_ca_cert_dir = /etc/ssl/certs
auth_bind = no
ldap_version = 3
base = ou=mail,dc=mailuta,dc=org
scope = subtree
default_pass_scheme = SSHA
deref = never
user_attrs = postfixDeliveryAddress=user
user_filter =
(&(postfixDeliveryEnabled=TRUE)(objectClass=postfixMailPerson))
pass_attrs = postfixDeliveryAddress=user,userPassword=password
pass_filter =
(&(postfixDeliveryEnabled=TRUE)(objectClass=postfixMailPerson)(postfixD
eliveryAddress=%u))
Your userdb and passdb filter differ, user_filter is missing the (a /
some) %u part
...
iterate_attrs = uid=user
iterate_filter = (objectClass=postfixMailPerson)
# ldapsearch -H ldap://localhost:389 -x -D 'cn=admin,dc=maliuta,dc=org' -W -b "ou=mail,dc=maliuta,dc=org" -s sub -LLL -ZZ  '(&(postfixDeliveryEnabled=TRUE)(objectClass=postfixMailPerson)(postfixDeliveryAddress=nikolai@test.maliuta.org))' uid userPassword
Enter LDAP Password:
dn: mail=nikolai@test.maliuta.org,ou=mail,dc=maliuta,dc=org
uid: nikolai
userPassword:: e1NTSEF9QVBZMTlaeGw1cWd0a25XeGxURXdqM2g5Yk5YL3BxOGY=
## From /var/log/mail.log
Nov 20 07:24:20 kiliya dovecot: auth: Debug: auth client connected (pid=27086)
Nov 20 07:24:20 kiliya dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=imap#011secured#011session=1kW2C65BFI2WZbl8#011lip=#011rip=#011lport=143#011rport=36116#011local_name=<hostname>#011resp=AG5pa29sYWlAdGVzdC5tYWxpdXRhLm9yZwBmb29iYXIzMzQ0 (previous base64 data may contain sensitive data)
Nov 20 07:24:20 kiliya dovecot: auth: Debug: ldap(nikolai@test.maliuta.org,,<1kW2C65BFI2WZbl8>): cache miss
Nov 20 07:24:20 kiliya dovecot: auth: Debug: ldap(nikolai@test.maliuta.org,): pass search: base=ou=mail,dc=mailuta,dc=org scope=subtree filter=(&(postfixDeliveryEnabled=TRUE)(objectClass=postfixMailPerson)(postfixDeliveryAddress=nikolai@test.maliuta.org)) fields=postfixDeliveryAddress,userPassword
Nov 20 07:24:20 kiliya dovecot: auth: ldap(nikolai@test.maliuta.org,,<1kW2C65BFI2WZbl8>): unknown user (given password: )
Nov 20 07:24:22 kiliya dovecot: auth: Debug: client passdb out: FAIL#0111#011user=nikolai@test.maliuta.org

Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEVAwUBWDROvHz1H7kL/d9rAQIujAgAumoghZV5Wo7ONK/Uncoa6iVB30NP0D5m
SdU/a++El5bLeiyKcdKoLkIqD74ZcFGjwImhRtd2Y8jroaGA15lK8HRRgJCERBKf
Nr/ZQ5B4Nhbig8ETwYYrJi2KOGkKMGQyXaSHxxlXmVKNFBrWmxo8SRqa0V39KYUB
pH9hVSNheHCkqpV6iS6JXnOmjXvguVtyB8ezA1zdrVfytMLL04oRKmK3Zn5s5JrO
M3mfArDdVitTad5r7stf9QOBR6xMG6rNBs+2WaEuJZV7/Dlln6fcd5IbhO/X0poN
pJIJ42VLirIMqAMLCRA7OWDjQcxbBFEAPAbaDh3O/pPRL/IXPJxjyw==
=AxPt
-----END PGP SIGNATURE-----