I think you're pointing me in the right direction. I copied the LDAP configuration from version 2.3 to 2.4 and modified it, but perhaps I modified the bind section not correctly. If so, it probably works because an anonymous bind provides the requested data. In that case I need to rethink my access rules in the LDAP.
What if have:
ldap_uris = ldap://localhost ldap_auth_dn = cn=xxxx,ou=xxxx,dc=abc,dc=xy ldap_auth_dn_password = secret ldap_base = ou=xxx,dc=xxx,dc=xx
passdb ldap {...}
userdb ldap {....}
And looking at the documentation now, perhaps it should be:
dict_server { dict ldap { ldap_uris = ldap://localhost ldap_auth_dn = cn=xxxx,ou=xxxx,dc=abc,dc=xy ldap_auth_dn_password = secret ldap_base = ou=xxx,dc=xxx,dc=xx ldap_deref = never ldap_scope = subtree ldap_starttls = no ssl_client_require_valid_cert = no } }
passdb ldap {...}
userdb ldap {....}
Op 5-2-2026 om 06:23 schreef Aki Tuomi via dovecot:
On 04/02/2026 22:29 EET Ruud Baart via dovecot <dovecot@dovecot.org> wrote:
I'm tired. I have been working many hours now. So it may be that I don't quite understand you correctly. The conclusion I draw from these responsen is that there is something strange going on that I can't do anything about. Dovecot seems to be working fine on my server, so I'm not immediately concerned.
I checked the exact spelling of the attributes I use. It is as follows. In the ldif dump: mailBase, mailMessageStore, dovecotQuota, mailDeliveryAddress and userPassword. And indeed, only userPassword gives an error.
You are using ldap_bind, which usually means that the driver attempts to bind with the user's credentials. I wonder if you intended to use this as you are also looking up user's password too.
Aki
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org