On Tue, 2011-11-01 at 09:55 -0600, David Varela wrote:
I am running a Dovecot server (version 1.2.17) on FreeBSD 8.2, using LDAP to authenticate Active Directory users. I can successfully bind and authenticate using PLAIN and LDAP without SASL, but obviously passwords for the bind user and the user being authenticated are being passed in plain text. I've attempted to configure my server to us SASL however when I attempt to authenticate a user I see authentication failures. I reviewed the security log on my domain controller and see that the bind user is binding properly, so the issue appears to be orginating from the user authentication, however I cannot determine what the issue is. Here is all the information regarding my configuration, along with the logs from the server:
SASL binding currently works only for the initial "ldap admin user" authentication. It doesn't work for individual user authentication requests (auth_bind=yes).
#auth_bind = yes
Here you're not even attempting to use auth binds.
pass_attrs = mail=user
And you're also not returning a password for user.
Nov 01 09:13:26 auth(default): Info: ldap(davidv@smallmountain.net,127.0.0.1): No password returned (and no nopassword)
So Dovecot has no way of authenticating user.
I'd suggest forgetting about SASL and enabling TLS instead.