Re: [Dovecot] Dovecot deliver with AD LDAP userdb [SOLVED]
Then there's something different what Dovecot and ldapsearch does. They have the same dn, dnpass, neither uses tls, same base, deref, scope?
I figured it out, there certainly is something different! The AuthDatabase/LDAP documentation on the Dovecot Wiki says "When connecting to AD, use port 3268". Port 3268 is used for Global Catalog searching. By default the Active Directory Global Catalog wouldn't include attributes like otherMailbox, but would include mail and sn. The solution here would be to either use port 389 and search the domain like ldapsearch or to add the otherMailbox attribute (or any others I want to search on) to the global catalog.
It might be worth updating the wiki to mention the reasoning behind using port 3268 and the implications it can cause.
Thanks for the help!
On Fri, 2009-10-16 at 15:28 -0400, Mark Schaub wrote:
It might be worth updating the wiki to mention the reasoning behind using port 3268 and the implications it can cause.
Well, does the port 389 work then? It's mentioned there only because someone complained that 389 didn't work.. Perhaps because it required TLS? Or something, I don't know.
Well, does the port 389 work then? It's mentioned there only because someone complained that 389 didn't work.. Perhaps because it required TLS? Or something, I don't know.
I will have to play with it some. Just switching to port 389 really slowed everything down and may have caused some other problems, but that could also be due to my configuration. It may be possible to use the GC port for the pass_filter queries and 389 on the user_filter queries. The more I think about it the more it makes sense in this case to add the otherMailbox field to the global catalog and index it, as this will be a very common ldap search.
participants (2)
-
Mark Schaub
-
Timo Sirainen