[Dovecot] Problems to put dovecot-ldap.conf working
Hi Folks,
I'm having a little trouble to put dovecot authenticating in ldap.
My postfix and saslauthd are authenticating fine.
Here is what I have in my main.cf:
# Accounts
accounts_server_host = $ldap_server_host
accounts_search_base = $ldap_search_base
accounts_query_filter = (&(&(objectClass=VirtualMailAccount)(mail=%s))(forwardActive=FALSE)(acco untActive=TRUE)(delete=FALSE))
accounts_result_attribute = mailbox
accounts_cache = no
# aliases
aliases_server_host = $ldap_server_host
aliases_search_base = $ldap_search_base
aliases_query_filter = (&(&(objectClass=VirtualMailAlias)(mail=%s))(accountActive=TRUE))
aliases_result_attribute = maildrop
aliases_cache = no
accountsmap_server_host = $ldap_server_host
accountsmap_search_base = $ldap_search_base
accountsmap_query_filter = (&(&(objectClass=VirtualMailAccount)(mail=%s))(forwardActive=FALSE)(acco untActive=TRUE)(delete=FALSE))
accountsmap_result_attribute = mail
accountsmap_cache = no
# VirtualForward
virtualforward_server_host = $ldap_server_host
virtualforward_search_base = $ldap_search_base
virtualforward_query_filter = (&(&(objectClass=VirtualMailAccount)(mail=%s))(forwardActive=TRUE)(accou ntActive=TRUE)(delete=FALSE))
virtualforward_result_attribute = maildrop
virtualforward_cache = no
My saslauthd.conf follows as:
ldap_servers: ldap://myldapserver/
ldap_version: 3
ldap_auth_method: bind
ldap_bind_dn: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot
ldap_bind_pw: xxxx
ldap_search_base: dc=domain,dc=com
#ldap_filter: (|(mail=%u)(cn=%U))
ldap_filter: (&(|(mail=%u)(cn=%U)(mail=%U@%d))(accountActive=TRUE)(delete=FALSE))
PS: Removed my real server and search_base.
Here is the test with saslauthd configuration:
testsaslauthd -u novoemail01 -p teste123
0: OK "Success."
And here is my dovecot-ldap.conf:
hosts = myldapserver
dn = uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot
dnpass = xxxx
ldap_version = 3
base = dc=domain,dc=com
user_attrs = mail,,,,,
user_filter = (&(objectClass=VirtualMailAccount)(mail=%u)(accountActive=TRUE)(delete=F ALSE))
pass_attrs = mail,userPassword
pass_filter = (&(objectClass=VirtualMailAccount)(mail=%u)(accountActive=TRUE)(delete=F ALSE))
default_pass_scheme = SSHA
When I try to authenticate, my mail.info get this:
dovecot: auth(default): client in: AUTH 1 PLAIN service=POP3 lip=200.155.34.10 rip=200.155.63.82 resp=AG5vdm9lbWFpbDAxAHRlc3RlMTIz
dovecot: auth(default): ldap(novoemail01,200.155.63.82): pass search: base=dc=sercomtel,dc=com,dc=br scope=subtree filter=(&(objectClass=VirtualMailAccount)(mail=novoemail01)(accountActiv e=TRUE)(delete=FALSE)) fields=mail,userPassword
dovecot: auth(default): ldap(novoemail01,200.155.63.82): unknown user
dovecot: auth(default): client out: FAIL 1 user=novoemail01
Does anyone have an idea where I'm failing to configure this or find a misconfiguration?
Tnx for any help.
Best Regards,
Venilton C. Junior
On Tue, 2007-02-13 at 09:48 -0300, Venilton Junior wrote:
ldap_auth_method: bind
So here you are using auth binds.
ldap_bind_dn: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot
in which case this DN is never used at all, I think.
And here is my dovecot-ldap.conf:
Here you aren't using auth binds. You can enable that with auth_bind=yes. But it should work even without it.
Your sasalauthd filter is:
ldap_filter: (&(|(mail=%u)(cn=%U)(mail=%U@% d))(accountActive=TRUE)(delete=FALSE))
And Dovecot filter:
pass_filter = (&(objectClass=VirtualMailAccount)(mail=% u)(accountActive=TRUE)(delete=FALSE))
dovecot: auth(default): ldap(novoemail01,200.155.63.82): unknown user
This means that the user wasn't found with the query. Perhaps because saslauthd found it from cn=%U and not from mail=%u? You can do the same query with ldapsearch and see if it's found..
participants (2)
-
Timo Sirainen
-
Venilton Junior