[Dovecot] help with ldap config
Hi,
I've been using courier with ldap and I'm trying to configure dovecot to do the same. I'm not exactly sure how to setup the ldap binds and filters...
Here's my dovecot info:
# 1.0.10: /etc/dovecot/dovecot.conf log_path: /var/log/dovecot.log log_timestamp: %Y-%m-%d %H:%M:%S login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/imap-login mail_privileged_group: mail mail_debug: yes auth default: verbose: yes debug: yes passdb: driver: pam passdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf userdb: driver: ldap args: /etc/dovecot/dovecot-ldap-userdb.conf plugin: quota: maildir
$ sudo grep -v '^ *\(#.*\)\?$' /etc/dovecot/dovecot-ldap.conf uris = ldap://ldap dn = cn=admin, dc=americasnet, dc=com dnpass = xxxxx auth_bind = yes auth_bind_userdn = uid=%u,ou=%d,dc=americasnet,dc=com ldap_version = 3 base = uid=%u,ou=%d,dc=americasnet,dc=com user_filter = (&(objectClass=posixAccount)(uid=%u,ou=%d))
So I try to login with an LDAP user, say ricardo@domain.com. This is how it exists in the database. It's accessed as: uid=ricardo@domain.com,ou=domain.com,dc=americasnet,dc=com
This is what I get in the error log:
dovecot: 2009-04-11 11:36:07 Info: auth(default): client in: AUTH 1 PLAIN service=IMAP secured lip=127.0.0.1 rip=127.0.0.1 resp=<hidden> dovecot: 2009-04-11 11:36:07 Info: auth(default): pam(ricardo@domain.com,127.0.0.1): lookup service=dovecot dovecot: 2009-04-11 11:36:11 Info: auth(default): pam(ricardo@domain.com,127.0.0.1): pam_authenticate() failed: User not known to the underlying authentication module dovecot: 2009-04-11 11:36:11 Info: auth(default): ldap(ricardo@domain.com,127.0.0.1): bind: dn=uid=ricardo@domain.com,ou=domain.com,dc=americasnet,dc=com dovecot: 2009-04-11 11:36:11 Info: auth(default): client out: OK 1 user=ricardo@domain.com dovecot: 2009-04-11 11:36:11 Info: auth(default): master in: REQUEST 1 5398 1 dovecot: 2009-04-11 11:36:11 Info: auth(default): ldap(ricardo@domain.com,127.0.0.1): user search: base=uid=ricardo@domain.com,ou=domain.com,dc=americasnet,dc=com scope=subtree filter=(&(objectClass=posixAccount)(uid=ricardo@domain.com,ou=domain.com)) fields=uid,homeDirectory,uidNumber,gidNumber dovecot: 2009-04-11 11:36:11 Error: auth(default): ldap(ricardo@domain.com,127.0.0.1): Authenticated user not found dovecot: 2009-04-11 11:36:11 Error: auth(default): userdb(ricardo@domain.com,127.0.0.1): user not found from userdb dovecot: 2009-04-11 11:36:11 Info: auth(default): master out: NOTFOUND 1 dovecot: 2009-04-11 11:36:11 Info: imap-login: Internal login failure: user=<ricardo@domain.com>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
Ricardo Kleemann wrote:
user_filter = (&(objectClass=posixAccount)(uid=%u,ou=%d))
Do you mean '(&(objectClass=posixAccount)(uid=%u)(ou=%d))'? or '(&(objectClass=posixAccount)(uid=%u))'?
Or you can just use '(objectClass=posixAccount)' for test.
-- Best regards.
Zhang Huangbin
- Open Source Mail Server Solution for RHEL/CentOS 5.x: http://code.google.com/p/iredmail/
Thank you.
Ricardo Kleemann wrote:
user_filter = (&(objectClass=posixAccount)(uid=%u,ou=%d))
Do you mean '(&(objectClass=posixAccount)(uid=%u)(ou=%d))'? or '(&(objectClass=posixAccount)(uid=%u))'?
Or you can just use '(objectClass=posixAccount)' for test.
This seems to have worked (using only (objectClass=posixAccount)).
Now I have another question... I'm currently using courier-imap, Maildir files.
Do I need to run conversion, or can I simply let dovecot run and create its own indexing without attempting to convert anything from courier?
Ricardo
Hi,
I'm currently using courier-imap, Maildir files.
Do I need to run conversion, or can I simply let dovecot run and create its own indexing without attempting to convert anything from courier?
Ricardo
On Tue, 2009-04-14 at 08:54 -0700, Ricardo Kleemann wrote:
Hi,
I'm currently using courier-imap, Maildir files.
Do I need to run conversion, or can I simply let dovecot run and create its own indexing without attempting to convert anything from courier?
http://wiki.dovecot.org/Migration#IMAP_migration explains the problems you could run into. 1 isn't a problem, but 2 and 3 are. http://wiki.dovecot.org/Migration/Courier has migration scripts to preserve them.
participants (3)
-
Ricardo Kleemann
-
Timo Sirainen
-
Zhang Huangbin