-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wed, 26 Nov 2014, Aaron Jenkins wrote:
I’ve attempted the user Mail with the same password with the same result (binding as my own user was a last-ditch attempt).
OK, what about the:
As I understand auth_bind_userdn, you do not need
dn/dnpass anyway, because auth_bind_userdn prevents searching for the user's DN
Did you removed the dn/dnpass settings?
What about the:
I wonder if the log shows the error from this setting or from the user's login attempt. Could you try another user?
If you login with another user (not aaron.jenkins) to IMAP, which username is listed in the logs then.
aaron@aaron-Parallels-Virtual-Platform:/etc/sssd$ ldapsearch -x -H ldap://dc1.ad.automaton.uk -D CN=aaron.jenkins,CN=users,DC=ad,DC=automaton,DC=uk -W - -b CN=aaron.jenkins,CN=users,DC=ad,DC=automaton,DC=uk Enter LDAP Password: # extended LDIF # # LDAPv3 # base <CN=aaron.jenkins,CN=users,DC=ad,DC=automaton,DC=uk> with scope subtree # filter: (objectclass=*) # requesting: - #
# aaron.jenkins, Users, ad.automaton.uk dn: CN=aaron.jenkins,CN=Users,DC=ad,DC=automaton,DC=uk
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1
Same with the user Mail
On November 25, 2014 at 2:18:26 AM, Steffen Kaiser (skdovecot@smail.inf.fh-brs.de<mailto:skdovecot@smail.inf.fh-brs.de>) wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Tue, 25 Nov 2014, Aaron Jenkins wrote:
I’m having issues getting Dovecot to work with AD on 2012 R2 in a test environment. … Nov 19 09:22:23 auth: Debug: auth client connected (pid=10345) Nov 19 09:22:23 auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=pkJxdDkISwAK0zcd lip=10.211.55.33 rip=10.211.55.29lport=993 rport=56395 Nov 19 09:22:23 auth: Debug: client passdb out: CONT 1 Nov 19 09:22:23 auth: Debug: client in: CONT 1 (previous base64 data may contain sensitive data) Nov 19 09:22:29 auth: Debug: client passdb out: FAIL 1 user=aaron.jenkins temp
Your conf: auth_bind = yes dn = aaron.jenkins dnpass = dummypass1 auth_bind_userdn = CN=%u,CN=users,DC=ad,DC=automaton,DC=uk
Can you really succeed a simple auth with the dn aaron.jenkins ? This ought to be a full DN. As I understand auth_bind_userdn, you do not need dn/dnpass anyway, because auth_bind_userdn prevents searching for the user's DN, in which case Dovecot requires a connection before any user bind takes place.
I wonder if the log shows the error from this setting or from the user's login attempt. Could you try another user?
Can you auth from command line via
ldapsearch -x -H ldap://dc1.ad.automaton.uk -D
CN=aaron.jenkins,CN=users,DC=ad,DC=automaton,DC=uk -W \
- -b CN=aaron.jenkins,CN=users,DC=ad,DC=automaton,DC=uk
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBVHRYQ3z1H7kL/d9rAQLlKgf9GB2o0/T84E9KykVU/IkoCuLQLfaNeTzg tI26Puwl1+tHXY+WkJs8uHTsKWaI5Qyh0Fv/6bR3ZSB5QhEkAQSE87WKfSJCe6FX i1261C5oLSqA8mWYoyPnkeHuHDFKp9YULnfqgBbLzz/7Y63i0dDgaql5stELZSwa XCzUwrEWdxdzgt8h7mnfG6fHn4xxfLeKCiA5e62afjXux4eCGclcytXOpIgl8z7u bULhGmxqyYDvjkGXCex/LYtKx+S6zSIMg/8Ior6SrPBy+IK0qUtwPoOssCY4cycd 4ZRVdvxjmjbHrzQdV/ZJn+jLqSI016l/lzASP7SUptHb8CjwxZxeCw== =6Zsw -----END PGP SIGNATURE----- ---------------Output of GPG------------------ Decryption of block failed gpg: Signature made Tue 25 Nov 2014 11:21:55 AM CET using RSA key ID 0BFDDF6B gpg: BAD signature from "Steffen Kaiser <skdovecot@smail.inf.fh-brs.de>"
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBVHWNNXz1H7kL/d9rAQLnnAf7B2u8IlAG8ayWgsGSOF6JQCYE071r8fvd 3QS5d8kLw59wDocUaRgDDZKflk3AJkpQVb4SNsrTKaESHk9W6vpG9U9LMoQH9Kcg w2R9nr/m5AH7GKx/aZSYpuJYCHZ9uMIv2lMorgUQb8iZdFcSdTa3p/aiDQf/yvjv yEB4W/tXugLZXsP43sEUjjM4yqaYRDM0D1d9GtohaxuZS+VxuZBEPRLD5Wlkh8cj 4NMrvdgPsAAu3jnhpkOkfRnx6mQ6wyPdd7tU0U8QRFtJcae24c7l8jlK785oEREM wCPRfp+HejnQWUzZ2XRjevv58LWa2teQ+U36zutN5Aj2/VTo+U7H+g== =P2I4 -----END PGP SIGNATURE-----