Hi,
Maybe I am missing something simple, but I can't get users authenticated using password lookups, as opposed to auth_bind. This is how the log looks like when using password lookup:
dovecot: auth(default): new auth connection: pid=2449 dovecot: auth(default): client in: AUTH#0111#011PLAIN#011service=imap#011secured#011lip=127.0.0.1#011rip=127.0.0.1#011lport=143#011rport=43458#011resp=<hidden> dovecot: auth(default): ldap(foo,127.0.0.1): pass search: base=uid=foo,ou=people,dc=djb,dc=hell,dc=qua scope=base filter=(accountStatus=noaccess) fields=(none) slapd[1834]: conn=1083 op=1 SRCH base="uid=foo,ou=people,dc=djb,dc=hell,dc=qua" scope=0 deref=0 filter="(accountStatus=noaccess)" slapd[1834]: conn=1083 op=1 SRCH attr=(none) slapd[1834]: conn=1083 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text= dovecot: auth(default): ldap(foo,127.0.0.1): unknown user dovecot: auth(default): ldap(foo,127.0.0.1): pass search: base=ou=people,dc=djb,dc=hell,dc=qua scope=subtree filter=(accountStatus=active) fields=uid,userPassword,homeDirectory,uidNumber,gidNumber,mailQuotaSize slapd[1834]: conn=1084 op=1 SRCH base="ou=people,dc=djb,dc=hell,dc=qua" scope=2 deref=0 filter="(accountStatus=active)" slapd[1834]: conn=1084 op=1 SRCH attr=uid userPassword homeDirectory uidNumber gidNumber mailQuotaSize dovecot: auth(default): ldap(foo,127.0.0.1): result: uid(user)=foo uidNumber(userdb_uid)=1008 gidNumber(userdb_gid)=1008 homeDirectory(userdb_home)=/home/foo mailQuotaSize(userdb_quota_rule=*:bytes=%$)=*:bytes=10000000 dovecot: auth(default): ldap(foo,127.0.0.1): No password returned (and no nopassword) slapd[1834]: conn=1084 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= dovecot: auth(default): client out: FAIL#0111#011user=foo
*dovecot-ldap.pass*
uris = ldap://10.5.3.101
dn = uid=dove,ou=people,dc=djb,dc=hell,dc=qua
dnpass = debian
auth_bind = no
ldap_version = 3
base = ou=people,dc=djb,dc=hell,dc=qua
scope = subtree
pass_filter = (accountStatus=active)
pass_attrs = uid=user,userPassword=password,
homeDirectory=userdb_home,uidNumber=userdb_uid,gidNumber=userdb_gid,mailQuotaSize=userdb_quota_rule=*:bytes=%$
*dovecot-ldap.deny* uris = ldap://10.5.3.101 ldap_version = 3 base = uid=%u,ou=people,dc=djb,dc=hell,dc=qua scope = base auth_bind = no pass_filter = (accountStatus=noaccess) pass_attrs = (none)
*dovecot.conf* # 1.2.15: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-3-686 i686 Debian squeeze/sid log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap managesieve listen(default): * listen(imap): * listen(managesieve): *:2000 ssl: no disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(managesieve): /usr/lib/dovecot/managesieve-login mail_privileged_group: mail mail_location: maildir:~/Maildir mbox_write_locks: fcntl dotlock mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(managesieve): /usr/lib/dovecot/managesieve mail_plugins(default): quota mail_plugins(imap): quota mail_plugins(managesieve): mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve managesieve_logout_format(default): bytes=%i/%o managesieve_logout_format(imap): bytes=%i/%o managesieve_logout_format(managesieve): bytes=%i%o lda: postmaster_address: bar@djb.hell.qua mail_plugins: quota sieve deliver_log_format: msgid=%m: %$ sendmail_path: /usr/lib/sendmail log_path: /var/log/ldaone info_log_path: /var/log/ldatwo debug: yes auth default: debug: yes passdb: driver: ldap args: /etc/dovecot/dovecot-ldap.deny deny: yes passdb: driver: ldap args: /etc/dovecot/dovecot-ldap.pass userdb: driver: prefetch userdb: driver: ldap args: /etc/dovecot/dovecot-ldap.user socket: type: listen master: path: /var/run/dovecot/auth-master mode: 438 plugin: quota: maildir sieve: ~/.dovecot.sieve sieve_dir: ~/sieve