[Dovecot] Postfix+Dovecot SASL+LDAP(AD)
I have tried configure Postfix with Dovecot SASL to authenticate remote users in LDAP (Active Directory).
Below my dovecot.conf:
protocols = none
ssl = none
auth default {
mechanisms = plain login
passdb ldap {
args = /usr/local/etc/dovecot-ldap.conf
}
userdb ldap {
args = /usr/local/etc/dovecot-ldap-userdb.conf
}
}
dovecot-ldap.conf
hosts = 10.55.0.2:389
debug_level = 1
auth_bind = yes
auth_bind_userdn = cn=%n,dc=example,dc=gov,dc=ua
ldap_version = 3
base = dc=example, dc=gov, dc=ua
scope = subtree
## 10.55.0.2 - Domain Controller
##
But it does not work:-(
Where is mistake?
Below log:
Nov 18 13:02:59 mx postfix/smtpd[12985]: connect from unknown[190.10.190.3]
Nov 18 13:02:59 mx postfix/smtpd[12985]: setting up TLS connection from unknown[190.10.190.3]
Nov 18 13:02:59 mx postfix/smtpd[12985]: Anonymous TLS connection established from unknown[190.10.190.3]: TLSv1 with cipher RC4-MD5 (128/128 bits)
Nov 18 13:02:59 mx dovecot: auth(default): ldap_bind
Nov 18 13:02:59 mx dovecot: auth(default): ldap_simple_bind
Nov 18 13:02:59 mx dovecot: auth(default): ldap_sasl_bind
Nov 18 13:02:59 mx dovecot: auth(default): ldap_send_initial_request
Nov 18 13:02:59 mx dovecot: auth(default): ldap_send_server_request
Nov 18 13:02:59 mx dovecot: auth(default): ldap_result ld 0x11847020 msgid -1
Nov 18 13:02:59 mx dovecot: auth(default): wait4msg ld 0x11847020 msgid -1 (timeout 0 usec)
Nov 18 13:02:59 mx dovecot: auth(default): wait4msg continue ld 0x11847020 msgid -1 all 1
Nov 18 13:02:59 mx dovecot: auth(default): ** ld 0x11847020 Connections:
Nov 18 13:02:59 mx dovecot: auth(default): * host: 10.55.0.2 port: 389 (default)
Nov 18 13:02:59 mx dovecot: auth(default): refcnt: 2 status: Connected
Nov 18 13:02:59 mx dovecot: auth(default): last used: Wed Nov 18 13:02:59 2009
Nov 18 13:02:59 mx dovecot: auth(default):
Nov 18 13:02:59 mx dovecot: auth(default):
Nov 18 13:02:59 mx dovecot: auth(default): ** ld 0x11847020 Outstanding Requests:
Nov 18 13:02:59 mx dovecot: auth(default): * msgid 3, origid 3, status InProgress
Nov 18 13:02:59 mx dovecot: auth(default): outstanding referrals 0, parent count 0
Nov 18 13:02:59 mx dovecot: auth(default): ld 0x11847020 request count 1 (abandoned 0)
Nov 18 13:02:59 mx dovecot: auth(default): ** ld 0x11847020 Response Queue:
Nov 18 13:02:59 mx dovecot: auth(default): Empty
Nov 18 13:02:59 mx dovecot: auth(default): ld 0x11847020 response count 0
Nov 18 13:02:59 mx dovecot: auth(default): ldap_chkResponseList ld 0x11847020 msgid -1 all 1
Nov 18 13:02:59 mx dovecot: auth(default): ldap_chkResponseList returns ld 0x11847020 NULL
Nov 18 13:02:59 mx dovecot: auth(default): ldap_int_select
Nov 18 13:02:59 mx dovecot: auth(default): read1msg: ld 0x11847020 msgid -1 all 1
Nov 18 13:02:59 mx dovecot: auth(default): read1msg: ld 0x11847020 msgid 3 message type bind
Nov 18 13:02:59 mx dovecot: auth(default): ldap_chase_referrals
Nov 18 13:02:59 mx dovecot: auth(default): read1msg: V2 referral chased, mark request completed, id = 3
Nov 18 13:02:59 mx dovecot: auth(default): read1msg: ld 0x11847020 0 new referrals
Nov 18 13:02:59 mx dovecot: auth(default): read1msg: mark request completed, ld 0x11847020 msgid 3
Nov 18 13:02:59 mx dovecot: auth(default): request done: ld 0x11847020 msgid 3
Nov 18 13:02:59 mx dovecot: auth(default): res_errno: 49, res_error: <80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece>, res_matched: <>
Nov 18 13:02:59 mx dovecot: auth(default): ldap_free_request (origid 3, msgid 3)
Nov 18 13:02:59 mx dovecot: auth(default): ldap_parse_result
Nov 18 13:02:59 mx dovecot: auth(default): ldap_parse_result
Nov 18 13:02:59 mx dovecot: auth(default): ldap(test_user@example.org.ua,190.10.190.3): invalid credentials
Nov 18 13:02:59 mx dovecot: auth(default): ldap_msgfree
Nov 18 13:02:59 mx dovecot: auth(default): ldap_result ld 0x11847020 msgid -1
Nov 18 13:02:59 mx dovecot: auth(default): wait4msg ld 0x11847020 msgid -1 (timeout 0 usec)
Nov 18 13:02:59 mx dovecot: auth(default): wait4msg continue ld 0x11847020 msgid -1 all 1
Nov 18 13:02:59 mx dovecot: auth(default): ** ld 0x11847020 Connections:
Nov 18 13:02:59 mx dovecot: auth(default): * host: 10.55.0.2 port: 389 (default)
Nov 18 13:02:59 mx dovecot: auth(default): refcnt: 1 status: Connected
Nov 18 13:02:59 mx dovecot: auth(default): last used: Wed Nov 18 13:02:59 2009
Nov 18 13:02:59 mx dovecot: auth(default):
Nov 18 13:02:59 mx dovecot: auth(default):
Nov 18 13:02:59 mx dovecot: auth(default): ** ld 0x11847020 Outstanding Requests:
Nov 18 13:02:59 mx dovecot: auth(default): Empty
Nov 18 13:02:59 mx dovecot: auth(default): ld 0x11847020 request count 0 (abandoned 0)
Nov 18 13:02:59 mx dovecot: auth(default): ** ld 0x11847020 Response Queue:
Nov 18 13:02:59 mx dovecot: auth(default): Empty
Nov 18 13:02:59 mx dovecot: auth(default): ld 0x11847020 response count 0
Nov 18 13:02:59 mx dovecot: auth(default): ldap_chkResponseList ld 0x11847020 msgid -1 all 1
Nov 18 13:02:59 mx dovecot: auth(default): ldap_chkResponseList returns ld 0x11847020 NULL
Nov 18 13:02:59 mx dovecot: auth(default): ldap_int_select
Nov 18 13:03:01 mx postfix/smtpd[12985]: warning: unknown[190.10.190.3]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Nov 18 13:03:01 mx postfix/smtpd[12985]: lost connection after AUTH from unknown[190.10.190.3]
Hi Vitaliy
The AD configs I know need an administrative authentication before "normal" login checks can be done.
Use the dn and dnpass configs. dn should contain the administrative user's DN and dnpass the corresponding password.
Another thing you can have a second look at is the type and format the AD stores the user informations. Normally the CN field contains the user's full name not the mail address. The UID is stored in the "sAMAccountName" field. So you should also map Dovecot's UID field to the AD UID field with
user_attrs = sAMAccountName=uidHope this helps..
Greets, Holger
Vitaliy Vladimirovich schrieb:
I have tried configure Postfix with Dovecot SASL to authenticate remote users in LDAP (Active Directory).
Below my dovecot.conf:protocols = none
ssl = noneauth default {
mechanisms = plain login
passdb ldap {
args = /usr/local/etc/dovecot-ldap.conf
}
userdb ldap {
args = /usr/local/etc/dovecot-ldap-userdb.conf
}}
dovecot-ldap.conf
hosts = 10.55.0.2:389
debug_level = 1
auth_bind = yes
auth_bind_userdn = cn=%n,dc=example,dc=gov,dc=ua
ldap_version = 3
base = dc=example, dc=gov, dc=ua
scope = subtree
## 10.55.0.2 - Domain Controller
##But it does not work:-(
Where is mistake?Below log:
Nov 18 13:02:59 mx postfix/smtpd[12985]: connect from unknown[190.10.190.3]
Nov 18 13:02:59 mx postfix/smtpd[12985]: setting up TLS connection from unknown[190.10.190.3]
Nov 18 13:02:59 mx postfix/smtpd[12985]: Anonymous TLS connection established from unknown[190.10.190.3]: TLSv1 with cipher RC4-MD5 (128/128 bits)
Nov 18 13:02:59 mx dovecot: auth(default): ldap_bind
Nov 18 13:02:59 mx dovecot: auth(default): ldap_simple_bind
Nov 18 13:02:59 mx dovecot: auth(default): ldap_sasl_bind
Nov 18 13:02:59 mx dovecot: auth(default): ldap_send_initial_request
Nov 18 13:02:59 mx dovecot: auth(default): ldap_send_server_request
Nov 18 13:02:59 mx dovecot: auth(default): ldap_result ld 0x11847020 msgid -1
Nov 18 13:02:59 mx dovecot: auth(default): wait4msg ld 0x11847020 msgid -1 (timeout 0 usec)
Nov 18 13:02:59 mx dovecot: auth(default): wait4msg continue ld 0x11847020 msgid -1 all 1
Nov 18 13:02:59 mx dovecot: auth(default): ** ld 0x11847020 Connections:
Nov 18 13:02:59 mx dovecot: auth(default): * host: 10.55.0.2 port: 389 (default)
Nov 18 13:02:59 mx dovecot: auth(default): refcnt: 2 status: Connected
Nov 18 13:02:59 mx dovecot: auth(default): last used: Wed Nov 18 13:02:59 2009
Nov 18 13:02:59 mx dovecot: auth(default):
Nov 18 13:02:59 mx dovecot: auth(default):
Nov 18 13:02:59 mx dovecot: auth(default): ** ld 0x11847020 Outstanding Requests:
Nov 18 13:02:59 mx dovecot: auth(default): * msgid 3, origid 3, status InProgress
Nov 18 13:02:59 mx dovecot: auth(default): outstanding referrals 0, parent count 0
Nov 18 13:02:59 mx dovecot: auth(default): ld 0x11847020 request count 1 (abandoned 0)
Nov 18 13:02:59 mx dovecot: auth(default): ** ld 0x11847020 Response Queue:
Nov 18 13:02:59 mx dovecot: auth(default): Empty
Nov 18 13:02:59 mx dovecot: auth(default): ld 0x11847020 response count 0
Nov 18 13:02:59 mx dovecot: auth(default): ldap_chkResponseList ld 0x11847020 msgid -1 all 1
Nov 18 13:02:59 mx dovecot: auth(default): ldap_chkResponseList returns ld 0x11847020 NULL
Nov 18 13:02:59 mx dovecot: auth(default): ldap_int_select
Nov 18 13:02:59 mx dovecot: auth(default): read1msg: ld 0x11847020 msgid -1 all 1
Nov 18 13:02:59 mx dovecot: auth(default): read1msg: ld 0x11847020 msgid 3 message type bind
Nov 18 13:02:59 mx dovecot: auth(default): ldap_chase_referrals
Nov 18 13:02:59 mx dovecot: auth(default): read1msg: V2 referral chased, mark request completed, id = 3
Nov 18 13:02:59 mx dovecot: auth(default): read1msg: ld 0x11847020 0 new referrals
Nov 18 13:02:59 mx dovecot: auth(default): read1msg: mark request completed, ld 0x11847020 msgid 3
Nov 18 13:02:59 mx dovecot: auth(default): request done: ld 0x11847020 msgid 3
Nov 18 13:02:59 mx dovecot: auth(default): res_errno: 49, res_error: <80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece>, res_matched: <>
Nov 18 13:02:59 mx dovecot: auth(default): ldap_free_request (origid 3, msgid 3)
Nov 18 13:02:59 mx dovecot: auth(default): ldap_parse_result
Nov 18 13:02:59 mx dovecot: auth(default): ldap_parse_result
Nov 18 13:02:59 mx dovecot: auth(default): ldap(test_user@example.org.ua,190.10.190.3): invalid credentials
Nov 18 13:02:59 mx dovecot: auth(default): ldap_msgfree
Nov 18 13:02:59 mx dovecot: auth(default): ldap_result ld 0x11847020 msgid -1
Nov 18 13:02:59 mx dovecot: auth(default): wait4msg ld 0x11847020 msgid -1 (timeout 0 usec)
Nov 18 13:02:59 mx dovecot: auth(default): wait4msg continue ld 0x11847020 msgid -1 all 1
Nov 18 13:02:59 mx dovecot: auth(default): ** ld 0x11847020 Connections:
Nov 18 13:02:59 mx dovecot: auth(default): * host: 10.55.0.2 port: 389 (default)
Nov 18 13:02:59 mx dovecot: auth(default): refcnt: 1 status: Connected
Nov 18 13:02:59 mx dovecot: auth(default): last used: Wed Nov 18 13:02:59 2009
Nov 18 13:02:59 mx dovecot: auth(default):
Nov 18 13:02:59 mx dovecot: auth(default):
Nov 18 13:02:59 mx dovecot: auth(default): ** ld 0x11847020 Outstanding Requests:
Nov 18 13:02:59 mx dovecot: auth(default): Empty
Nov 18 13:02:59 mx dovecot: auth(default): ld 0x11847020 request count 0 (abandoned 0)
Nov 18 13:02:59 mx dovecot: auth(default): ** ld 0x11847020 Response Queue:
Nov 18 13:02:59 mx dovecot: auth(default): Empty
Nov 18 13:02:59 mx dovecot: auth(default): ld 0x11847020 response count 0
Nov 18 13:02:59 mx dovecot: auth(default): ldap_chkResponseList ld 0x11847020 msgid -1 all 1
Nov 18 13:02:59 mx dovecot: auth(default): ldap_chkResponseList returns ld 0x11847020 NULL
Nov 18 13:02:59 mx dovecot: auth(default): ldap_int_select
Nov 18 13:03:01 mx postfix/smtpd[12985]: warning: unknown[190.10.190.3]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Nov 18 13:03:01 mx postfix/smtpd[12985]: lost connection after AUTH from unknown[190.10.190.3]
Thanks you very much for help. But I have successfully configured Dovecot SASL+AD via PAM.
Thanks linuxmail.info :-)
http://www.linuxmail.info/active-directory-dovecot-pam-authentication/
--- Original Message ---
From: Holger Librenz <lists+dovecot@librenz.com>
To: dovecot@dovecot.org
Date: 19 november, 20:06:09
Subject: Re: [Dovecot] Postfix+Dovecot SASL+LDAP(AD)
Hi Vitaliy
The AD configs I know need an administrative authentication before
"normal" login checks can be done.
Use the dn and dnpass configs. dn should contain the administrative
user's DN and dnpass the corresponding password.
Another thing you can have a second look at is the type and format the
AD stores the user informations. Normally the CN field contains the
user's full name not the mail address. The UID is stored in the
"sAMAccountName" field. So you should also map Dovecot's UID field to
the AD UID field with
user_attrs = sAMAccountName=uid
Hope this helps..
Greets,
Holger
Vitaliy Vladimirovich schrieb:
I have tried configure Postfix with Dovecot SASL to authenticate remote users in LDAP (Active Directory).
Below my dovecot.conf:protocols = none
ssl = noneauth default {
mechanisms = plain login
passdb ldap {
args = /usr/local/etc/dovecot-ldap.conf
}
userdb ldap {
args = /usr/local/etc/dovecot-ldap-userdb.conf
}}
dovecot-ldap.conf
hosts = 10.55.0.2:389
debug_level = 1
auth_bind = yes
auth_bind_userdn = cn=%n,dc=example,dc=gov,dc=ua
ldap_version = 3
base = dc=example, dc=gov, dc=ua
scope = subtree
## 10.55.0.2 - Domain Controller
##But it does not work:-(
Where is mistake?Below log:
Nov 18 13:02:59 mx postfix/smtpd[12985]: connect from unknown[190.10.190.3]
Nov 18 13:02:59 mx postfix/smtpd[12985]: setting up TLS connection from unknown[190.10.190.3]
Nov 18 13:02:59 mx postfix/smtpd[12985]: Anonymous TLS connection established from unknown[190.10.190.3]: TLSv1 with cipher RC4-MD5 (128/128 bits)
Nov 18 13:02:59 mx dovecot: auth(default): ldap_bind
Nov 18 13:02:59 mx dovecot: auth(default): ldap_simple_bind
Nov 18 13:02:59 mx dovecot: auth(default): ldap_sasl_bind
Nov 18 13:02:59 mx dovecot: auth(default): ldap_send_initial_request
Nov 18 13:02:59 mx dovecot: auth(default): ldap_send_server_request
Nov 18 13:02:59 mx dovecot: auth(default): ldap_result ld 0x11847020 msgid -1
Nov 18 13:02:59 mx dovecot: auth(default): wait4msg ld 0x11847020 msgid -1 (timeout 0 usec)
Nov 18 13:02:59 mx dovecot: auth(default): wait4msg continue ld 0x11847020 msgid -1 all 1
Nov 18 13:02:59 mx dovecot: auth(default): ** ld 0x11847020 Connections:
Nov 18 13:02:59 mx dovecot: auth(default): * host: 10.55.0.2 port: 389 (default)
Nov 18 13:02:59 mx dovecot: auth(default): refcnt: 2 status: Connected
Nov 18 13:02:59 mx dovecot: auth(default): last used: Wed Nov 18 13:02:59 2009
Nov 18 13:02:59 mx dovecot: auth(default):
Nov 18 13:02:59 mx dovecot: auth(default):
Nov 18 13:02:59 mx dovecot: auth(default): ** ld 0x11847020 Outstanding Requests:
Nov 18 13:02:59 mx dovecot: auth(default): * msgid 3, origid 3, status InProgress
Nov 18 13:02:59 mx dovecot: auth(default): outstanding referrals 0, parent count 0
Nov 18 13:02:59 mx dovecot: auth(default): ld 0x11847020 request count 1 (abandoned 0)
Nov 18 13:02:59 mx dovecot: auth(default): ** ld 0x11847020 Response Queue:
Nov 18 13:02:59 mx dovecot: auth(default): Empty
Nov 18 13:02:59 mx dovecot: auth(default): ld 0x11847020 response count 0
Nov 18 13:02:59 mx dovecot: auth(default): ldap_chkResponseList ld 0x11847020 msgid -1 all 1
Nov 18 13:02:59 mx dovecot: auth(default): ldap_chkResponseList returns ld 0x11847020 NULL
Nov 18 13:02:59 mx dovecot: auth(default): ldap_int_select
Nov 18 13:02:59 mx dovecot: auth(default): read1msg: ld 0x11847020 msgid -1 all 1
Nov 18 13:02:59 mx dovecot: auth(default): read1msg: ld 0x11847020 msgid 3 message type bind
Nov 18 13:02:59 mx dovecot: auth(default): ldap_chase_referrals
Nov 18 13:02:59 mx dovecot: auth(default): read1msg: V2 referral chased, mark request completed, id = 3
Nov 18 13:02:59 mx dovecot: auth(default): read1msg: ld 0x11847020 0 new referrals
Nov 18 13:02:59 mx dovecot: auth(default): read1msg: mark request completed, ld 0x11847020 msgid 3
Nov 18 13:02:59 mx dovecot: auth(default): request done: ld 0x11847020 msgid 3
Nov 18 13:02:59 mx dovecot: auth(default): res_errno: 49, res_error: <80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece>, res_matched: <>
Nov 18 13:02:59 mx dovecot: auth(default): ldap_free_request (origid 3, msgid 3)
Nov 18 13:02:59 mx dovecot: auth(default): ldap_parse_result
Nov 18 13:02:59 mx dovecot: auth(default): ldap_parse_result
Nov 18 13:02:59 mx dovecot: auth(default): ldap(test_user@example.org.ua,190.10.190.3): invalid credentials
Nov 18 13:02:59 mx dovecot: auth(default): ldap_msgfree
Nov 18 13:02:59 mx dovecot: auth(default): ldap_result ld 0x11847020 msgid -1
Nov 18 13:02:59 mx dovecot: auth(default): wait4msg ld 0x11847020 msgid -1 (timeout 0 usec)
Nov 18 13:02:59 mx dovecot: auth(default): wait4msg continue ld 0x11847020 msgid -1 all 1
Nov 18 13:02:59 mx dovecot: auth(default): ** ld 0x11847020 Connections:
Nov 18 13:02:59 mx dovecot: auth(default): * host: 10.55.0.2 port: 389 (default)
Nov 18 13:02:59 mx dovecot: auth(default): refcnt: 1 status: Connected
Nov 18 13:02:59 mx dovecot: auth(default): last used: Wed Nov 18 13:02:59 2009
Nov 18 13:02:59 mx dovecot: auth(default):
Nov 18 13:02:59 mx dovecot: auth(default):
Nov 18 13:02:59 mx dovecot: auth(default): ** ld 0x11847020 Outstanding Requests:
Nov 18 13:02:59 mx dovecot: auth(default): Empty
Nov 18 13:02:59 mx dovecot: auth(default): ld 0x11847020 request count 0 (abandoned 0)
Nov 18 13:02:59 mx dovecot: auth(default): ** ld 0x11847020 Response Queue:
Nov 18 13:02:59 mx dovecot: auth(default): Empty
Nov 18 13:02:59 mx dovecot: auth(default): ld 0x11847020 response count 0
Nov 18 13:02:59 mx dovecot: auth(default): ldap_chkResponseList ld 0x11847020 msgid -1 all 1
Nov 18 13:02:59 mx dovecot: auth(default): ldap_chkResponseList returns ld 0x11847020 NULL
Nov 18 13:02:59 mx dovecot: auth(default): ldap_int_select
Nov 18 13:03:01 mx postfix/smtpd[12985]: warning: unknown[190.10.190.3]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Nov 18 13:03:01 mx postfix/smtpd[12985]: lost connection after AUTH from unknown[190.10.190.3]
participants (2)
-
Holger Librenz
-
Vitaliy Vladimirovich