-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Thu, 27 Feb 2014, Jeroen Scheerder wrote:
passdb { args = /usr/local/etc/dovecot/on2it-ldap-users.cfg driver = ldap }
userdb { args = /usr/local/etc/dovecot/on2it-ldap-users-userdb.cfg driver = ldap }
$ cat /usr/local/etc/dovecot/on2it-ldap-users.cfg hosts = dc2.office.on2it.net ldap_version = 3 base = dc=office,dc=on2it,dc=net scope=subtree auth_bind = yes dn = [suppressed] dnpass = [suppressed]
pass_attrs = sAMAccountName=user user_attrs =
=home=/var/mail/on2it/%{ldap:sAMAccountName},
=mail=maildir:/var/mail/on2it/%{ldap:sAMAccountName}
you must not use home dir == mail dir, search list about what wired things can happen, if you do. But this has nothing to do with your auth problem.
user_filter = (&(ObjectClass=person)(sAMAccountName=%u)) pass_filter = (&(ObjectClass=person)(sAMAccountName=%u))
iterate_attrs = sAMAccountName=user iterate_filter = (objectClass=person)
$ ls -l /usr/local/etc/dovecot/on2it-ldap-users-userdb.cfg lrwxr-xr-x 1 root wheel 20 Feb 27 12:07 /usr/local/etc/dovecot/on2it-ldap-users-userdb.cfg -> on2it-ldap-users.cfg
Feb 27 12:49:16 auth: Debug: ldap(js,127.0.0.1,<9QHH22HzYgB/AAAB>): result: sAMAccountName=js; sAMAccountName unused Feb 27 12:49:16 auth: Debug: ldap(js,127.0.0.1,<9QHH22HzYgB/AAAB>): result: sAMAccountName=js
This puzzles me, "sAMAccountName unused" should mean that Dovecot does not use the attribute, which contradicts the definition of pass_attrs. Do you have wiered characters in/around the line "pass_attrs = sAMAccountName=user"? Maybe a Windows linebreak ^M / \r or something? A Unicode non-breakable space? Did you stopped, killed any remaining Dovecot processes and restarted Dovecot - just to be sure?
Maybe, add sAMAccountName=user to user_attrs, too.
Steffen Kaiser
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBUxA7WXD1/YhP6VMHAQKX4ggA1Zn7M3ADyVmqxtYT3aiNW429RiFLnKrX ql8YZUS+ZPAKP7aBzEFZqUFKc3UkP9yR6QfZPoJC/x3DJqnKZZTW6dJl2vDkXVth KUA1OotQVE21E85mbZR8zUYwKGl05saYwJb/4HpfP56xX8PbaItAUPISwPa5LAYK aShfHZ/dD0Qq49eEMqa/ErG/3ntUQfD162UCiKMspUh91i4enEt1WQ2j4cSRN3BV iSwx3U337uFYyUCqAhiUG7dtHU8CH2GD6RNFM/m3JXYZWg91zgKveBNJ4pGzV8mU bb5pJ2KAhUQIjXnCgZrSSVIkgUr6KOMr0gkztACNvwhm78TF45WAbg== =Y/0n -----END PGP SIGNATURE-----