Dovecot 2 LDAP "unknown user"
Hi All I am using Dovecot dovecot2-2.2.25_6 on FreeBSD 11. I am trying to set up LDAP authentication to Active Director as I had it in version 1 of Dovecot. My settings are at bottom. When I run doveadm auth test username, I get back root@BSD-11:/usr/local/etc/dovecot # doveadm auth test username Password: passdb: user auth succeeded extra fields: user=username root@BSD-11:/usr/local/etc/dovecot #
But when I run telnet 127.0.0.1 110 and try to log in it says unknown user. Error below in maillog. BSD-11 dovecot: pop3: Error: Authenticated user not found from userdb, auth lookup id=2262958081 (client-pid=2273 client-id=1) Nov 1 15:15:41 BSD-11 dovecot: pop3-login: Internal login failure (pid=2273 id=1) (internal failure, 1 successful auths): user=
root@BSD-11:/usr/local/etc/dovecot # doveconf -n # 2.2.25 (7be1766): /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 11.0-RELEASE-p1 i386 auth_debug = yes auth_verbose = yes listen = * login_greeting = Mail Server ready. mail_location = maildir:~/Maildir namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /usr/local/etc/dovecot/dovecot-ldap.conf.ext driver = ldap } ssl_cert =
#Contents of dovecot-ldap.conf.ext hosts = 192.168.153.143 dn = user@domain.com dnpass = password auth_bind = yes auth_bind_userdn = domain\%u ldap_version = 3 base = dc=domain,dc=com pass_filter = (&(objectclass=person)(uid=%u)) user_attrs = homeDirectory=/home/vmail/%u,uid=1002,gid=1002
Amy help would be appreciated.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Tue, 1 Nov 2016, Peter Fraser wrote:
root@BSD-11:/usr/local/etc/dovecot # doveadm auth test username Password: passdb: user auth succeeded extra fields: user=username root@BSD-11:/usr/local/etc/dovecot #
But when I run telnet 127.0.0.1 110 and try to log in it says unknown user. Error below in maillog. BSD-11 dovecot: pop3: Error: Authenticated user not found from userdb, auth lookup id=2262958081 (client-pid=2273 client-id=1) Nov 1 15:15:41 BSD-11 dovecot: pop3-login: Internal login failure (pid=2273 id=1) (internal failure, 1 successful auths): user=
passdb { args = /usr/local/etc/dovecot/dovecot-ldap.conf.ext driver = ldap }
userdb { args = /usr/local/etc/dovecot/dovecot-ldap.conf.ext driver = ldap }
#Contents of dovecot-ldap.conf.ext hosts = 192.168.153.143 dn = user@domain.com dnpass = password auth_bind = yes auth_bind_userdn = domain\%u ldap_version = 3 base = dc=domain,dc=com pass_filter = (&(objectclass=person)(uid=%u)) user_attrs = homeDirectory=/home/vmail/%u,uid=1002,gid=1002
duplicate pass_filter to user_filter.
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBWBm0Onz1H7kL/d9rAQJWhQf+PRD5yd29UyL1drjlTOWD/s4qUffg8OBh inb8L3eCKDuSad8s9INUJSa6WxGEVdatL4PKjTcbL5IsPIob87W5jOduWFMtPlt0 FXxWtfc1bAjRyNLzkGe1mUT1z0EDVO22UkQSd9J3bZQ9wR+FzgeGqdcyzl+WSyzB Eaiea23ieCjhZRAZF/pl1gDjkap+tPQ8gZLdt4p1QQrY5Jllifu5jYEyjqPkwUXf YMfEiCJSInyMQ8CCuL1Aj8iM/7qLLi8pyC9KSA6NntK4mpHAaInYln6SZY+ZGJCY KV60nGuwwv3qQFeKchhhr+GpGDQYXJ5eBq+Ji+cKgvbypFa13NNS8A== =l02F -----END PGP SIGNATURE-----
I updated dovecot-ldap.conf.ext so that it now reads as below:
#Custom Settings hosts = 192.168.153.143 dn = user@domain.com dnpass = password auth_bind = yes auth_bind_userdn = %u@domain.com ldap_version = 3 base = dc=rpservices,dc=com #user_filter = (&(objectclass=person)(mail=%u)) user_filter = (&(objectclass=person)(uid=%u)) pass_filter = (&(objectclass=person)(uid=%u)) user_attrs = homeDirectory=/home/vmail/%u,uid=1002,gid=1002
When I tried to log in again using telnet 127.0.0.1 110, the error shows up in maillog. I first tried logging in with just the username, then I tried using username@domain.com. Using doveadm still works though.
BSD-11 dovecot: auth: ldap(peter,127.0.0.1,
On Wed, Nov 2, 2016 at 4:39 AM, Steffen Kaiser < skdovecot@smail.inf.fh-brs.de> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Tue, 1 Nov 2016, Peter Fraser wrote:
root@BSD-11:/usr/local/etc/dovecot # doveadm auth test username
Password: passdb: user auth succeeded extra fields: user=username root@BSD-11:/usr/local/etc/dovecot #
But when I run telnet 127.0.0.1 110 and try to log in it says unknown user. Error below in maillog. BSD-11 dovecot: pop3: Error: Authenticated user not found from userdb, auth lookup id=2262958081 (client-pid=2273 client-id=1) Nov 1 15:15:41 BSD-11 dovecot: pop3-login: Internal login failure (pid=2273 id=1) (internal failure, 1 successful auths): user=
passdb {
args = /usr/local/etc/dovecot/dovecot-ldap.conf.ext driver = ldap }
userdb {
args = /usr/local/etc/dovecot/dovecot-ldap.conf.ext driver = ldap }
#Contents of dovecot-ldap.conf.ext
hosts = 192.168.153.143 dn = user@domain.com dnpass = password auth_bind = yes auth_bind_userdn = domain\%u ldap_version = 3 base = dc=domain,dc=com pass_filter = (&(objectclass=person)(uid=%u)) user_attrs = homeDirectory=/home/vmail/%u,uid=1002,gid=1002
duplicate pass_filter to user_filter.
- -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBWBm0Onz1H7kL/d9rAQJWhQf+PRD5yd29UyL1drjlTOWD/s4qUffg8OBh inb8L3eCKDuSad8s9INUJSa6WxGEVdatL4PKjTcbL5IsPIob87W5jOduWFMtPlt0 FXxWtfc1bAjRyNLzkGe1mUT1z0EDVO22UkQSd9J3bZQ9wR+FzgeGqdcyzl+WSyzB Eaiea23ieCjhZRAZF/pl1gDjkap+tPQ8gZLdt4p1QQrY5Jllifu5jYEyjqPkwUXf YMfEiCJSInyMQ8CCuL1Aj8iM/7qLLi8pyC9KSA6NntK4mpHAaInYln6SZY+ZGJCY KV60nGuwwv3qQFeKchhhr+GpGDQYXJ5eBq+Ji+cKgvbypFa13NNS8A== =l02F -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wed, 2 Nov 2016, Peter Fraser wrote:
#Custom Settings hosts = 192.168.153.143 dn = user@domain.com dnpass = password auth_bind = yes auth_bind_userdn = %u@domain.com ldap_version = 3 base = dc=rpservices,dc=com #user_filter = (&(objectclass=person)(mail=%u)) user_filter = (&(objectclass=person)(uid=%u)) pass_filter = (&(objectclass=person)(uid=%u)) user_attrs = homeDirectory=/home/vmail/%u,uid=1002,gid=1002
you wrote:
root@BSD-11:/usr/local/etc/dovecot # doveadm auth test username
extra fields: user=username
is successful. Is user=username ^^^^^^^ that same as the username in doveadm?
What about:
doveadm user -u username
?
When I tried to log in again using telnet 127.0.0.1 110, the error shows up in maillog. I first tried logging in with just the username, then I tried using username@domain.com. Using doveadm still works though.
BSD-11 dovecot: auth: ldap(peter,127.0.0.1,
): unknown user Nov 2 11:29:23 BSD-11 dovecot: auth: Error: ldap(user,127.0.0.1, ): user not found from userdb Nov 2 11:29:23 BSD-11 dovecot: pop3: Error: Authenticated user not found from userdb, auth lookup id=226492417 (client-pid=874 client-id=1) Nov 2 11:29:23 BSD-11 dovecot: pop3-login: Internal login failure (pid=874 id=1) (internal failure, 1 successful auths): user=<peter>, method=PLAIN Nov 2 11:30:42 BSD-11 dovecot: auth: ldap(user@domain.com): invalid credentials Nov 2 14:08:17 BSD-11 dovecot: auth: ldap(user,127.0.0.1,<4uLkKVZAvY9/AAAB>): invalid credentials Nov 2 14:09:38 BSD-11 dovecot: auth: ldap(user@domain.com,127.0.0.1,<4uLkKVZAvY9/AAAB>): invalid credentials Nov 2 14:11:00 BSD-11 dovecot: pop3-login: Disconnected: Inactivity (auth failed, 2 attempts in 163 secs): user=user@domain.com On Wed, Nov 2, 2016 at 4:39 AM, Steffen Kaiser < skdovecot@smail.inf.fh-brs.de> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Tue, 1 Nov 2016, Peter Fraser wrote:
root@BSD-11:/usr/local/etc/dovecot # doveadm auth test username
Password: passdb: user auth succeeded extra fields: user=username root@BSD-11:/usr/local/etc/dovecot #
But when I run telnet 127.0.0.1 110 and try to log in it says unknown user. Error below in maillog. BSD-11 dovecot: pop3: Error: Authenticated user not found from userdb, auth lookup id=2262958081 (client-pid=2273 client-id=1) Nov 1 15:15:41 BSD-11 dovecot: pop3-login: Internal login failure (pid=2273 id=1) (internal failure, 1 successful auths): user=
passdb {
args = /usr/local/etc/dovecot/dovecot-ldap.conf.ext driver = ldap }
userdb {
args = /usr/local/etc/dovecot/dovecot-ldap.conf.ext driver = ldap }
#Contents of dovecot-ldap.conf.ext
hosts = 192.168.153.143 dn = user@domain.com dnpass = password auth_bind = yes auth_bind_userdn = domain\%u ldap_version = 3 base = dc=domain,dc=com pass_filter = (&(objectclass=person)(uid=%u)) user_attrs = homeDirectory=/home/vmail/%u,uid=1002,gid=1002
duplicate pass_filter to user_filter.
- -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBWBm0Onz1H7kL/d9rAQJWhQf+PRD5yd29UyL1drjlTOWD/s4qUffg8OBh inb8L3eCKDuSad8s9INUJSa6WxGEVdatL4PKjTcbL5IsPIob87W5jOduWFMtPlt0 FXxWtfc1bAjRyNLzkGe1mUT1z0EDVO22UkQSd9J3bZQ9wR+FzgeGqdcyzl+WSyzB Eaiea23ieCjhZRAZF/pl1gDjkap+tPQ8gZLdt4p1QQrY5Jllifu5jYEyjqPkwUXf YMfEiCJSInyMQ8CCuL1Aj8iM/7qLLi8pyC9KSA6NntK4mpHAaInYln6SZY+ZGJCY KV60nGuwwv3qQFeKchhhr+GpGDQYXJ5eBq+Ji+cKgvbypFa13NNS8A== =l02F -----END PGP SIGNATURE-----
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBWBrpDnz1H7kL/d9rAQKwzggAnJz4LR0SXVWSFdSDrKYs40IEN/ko/4el D7/4q4lVBo9dntf+NeGS1JxttebiN7ng4F5pm841Z0l7acj6z8HzMCr11Voqbuy7 4WJirG2DnwmzxZRi1M86QGqXWU00jhFplSvZfWhX8uQasmp1FqV3hhUMmcTFfXTX DqtFali5ymUPV87XU2hZEtpe3jkBdjWmmHW8gVfSXVXBcRBa96+12FEOwONLVVcQ VGZRb6XxWexRcwAo4NY+NfqcM3OEGC4AZgfqBsWnZOUhijnw+ffbu4YL8aZBIGlB P78R0N0DtpRAToRJYvr00OMk27dkHU+0Ock/cFUr6H1cYXHBsfvO2A== =lz82 -----END PGP SIGNATURE-----
Thanks for your reply again Steffen. The command doveadm user -u username successfully returns the username and any information it can for the user in AD. As a matter of fact, I entered some home directory information in AD and this command returned the User's Home Directory as well. Is it a problem though that the telnet test won't work?
On Thu, Nov 3, 2016 at 2:36 AM, Steffen Kaiser < skdovecot@smail.inf.fh-brs.de> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wed, 2 Nov 2016, Peter Fraser wrote:
#Custom Settings
hosts = 192.168.153.143 dn = user@domain.com dnpass = password auth_bind = yes auth_bind_userdn = %u@domain.com ldap_version = 3 base = dc=rpservices,dc=com #user_filter = (&(objectclass=person)(mail=%u)) user_filter = (&(objectclass=person)(uid=%u)) pass_filter = (&(objectclass=person)(uid=%u)) user_attrs = homeDirectory=/home/vmail/%u,uid=1002,gid=1002
you wrote:
root@BSD-11:/usr/local/etc/dovecot # doveadm auth test username
extra fields: user=username
is successful. Is user=username ^^^^^^^ that same as the username in doveadm?
What about:
doveadm user -u username
?
When I tried to log in again using telnet 127.0.0.1 110, the error shows up
in maillog. I first tried logging in with just the username, then I tried using username@domain.com. Using doveadm still works though.
BSD-11 dovecot: auth: ldap(peter,127.0.0.1,
): unknown user Nov 2 11:29:23 BSD-11 dovecot: auth: Error: ldap(user,127.0.0.1, ): user not found from userdb Nov 2 11:29:23 BSD-11 dovecot: pop3: Error: Authenticated user not found from userdb, auth lookup id=226492417 (client-pid=874 client-id=1) Nov 2 11:29:23 BSD-11 dovecot: pop3-login: Internal login failure (pid=874 id=1) (internal failure, 1 successful auths): user=<peter>, method=PLAIN Nov 2 11:30:42 BSD-11 dovecot: auth: ldap(user@domain.com): invalid credentials Nov 2 14:08:17 BSD-11 dovecot: auth: ldap(user,127.0.0.1,<4uLkKVZAvY9/AAAB>): invalid credentials Nov 2 14:09:38 BSD-11 dovecot: auth: ldap(user@domain.com,127.0.0.1,<4uLkKVZAvY9/AAAB>): invalid credentials Nov 2 14:11:00 BSD-11 dovecot: pop3-login: Disconnected: Inactivity (auth failed, 2 attempts in 163 secs): user=user@domain.com On Wed, Nov 2, 2016 at 4:39 AM, Steffen Kaiser < skdovecot@smail.inf.fh-brs.de> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, 1 Nov 2016, Peter Fraser wrote:
root@BSD-11:/usr/local/etc/dovecot # doveadm auth test username
Password: passdb: user auth succeeded extra fields: user=username root@BSD-11:/usr/local/etc/dovecot #
But when I run telnet 127.0.0.1 110 and try to log in it says unknown user. Error below in maillog. BSD-11 dovecot: pop3: Error: Authenticated user not found from userdb, auth lookup id=2262958081 (client-pid=2273 client-id=1) Nov 1 15:15:41 BSD-11 dovecot: pop3-login: Internal login failure (pid=2273 id=1) (internal failure, 1 successful auths): user=
passdb {
args = /usr/local/etc/dovecot/dovecot-ldap.conf.ext driver = ldap }
userdb {
args = /usr/local/etc/dovecot/dovecot-ldap.conf.ext driver = ldap }
#Contents of dovecot-ldap.conf.ext
hosts = 192.168.153.143 dn = user@domain.com dnpass = password auth_bind = yes auth_bind_userdn = domain\%u ldap_version = 3 base = dc=domain,dc=com pass_filter = (&(objectclass=person)(uid=%u)) user_attrs = homeDirectory=/home/vmail/%u,uid=1002,gid=1002
duplicate pass_filter to user_filter.
- -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBWBm0Onz1H7kL/d9rAQJWhQf+PRD5yd29UyL1drjlTOWD/s4qUffg8OBh inb8L3eCKDuSad8s9INUJSa6WxGEVdatL4PKjTcbL5IsPIob87W5jOduWFMtPlt0 FXxWtfc1bAjRyNLzkGe1mUT1z0EDVO22UkQSd9J3bZQ9wR+FzgeGqdcyzl+WSyzB Eaiea23ieCjhZRAZF/pl1gDjkap+tPQ8gZLdt4p1QQrY5Jllifu5jYEyjqPkwUXf YMfEiCJSInyMQ8CCuL1Aj8iM/7qLLi8pyC9KSA6NntK4mpHAaInYln6SZY+ZGJCY KV60nGuwwv3qQFeKchhhr+GpGDQYXJ5eBq+Ji+cKgvbypFa13NNS8A== =l02F -----END PGP SIGNATURE-----
- -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBWBrpDnz1H7kL/d9rAQKwzggAnJz4LR0SXVWSFdSDrKYs40IEN/ko/4el D7/4q4lVBo9dntf+NeGS1JxttebiN7ng4F5pm841Z0l7acj6z8HzMCr11Voqbuy7 4WJirG2DnwmzxZRi1M86QGqXWU00jhFplSvZfWhX8uQasmp1FqV3hhUMmcTFfXTX DqtFali5ymUPV87XU2hZEtpe3jkBdjWmmHW8gVfSXVXBcRBa96+12FEOwONLVVcQ VGZRb6XxWexRcwAo4NY+NfqcM3OEGC4AZgfqBsWnZOUhijnw+ffbu4YL8aZBIGlB P78R0N0DtpRAToRJYvr00OMk27dkHU+0Ock/cFUr6H1cYXHBsfvO2A== =lz82 -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Thu, 3 Nov 2016, Peter Fraser wrote:
The command doveadm user -u username successfully returns the username and any information it can for the user in AD. As a matter of fact, I entered some home directory information in AD and this command returned the User's Home Directory as well. Is it a problem though that the telnet test won't work?
Hmm, I don't understand the question,
telnet xyz 143 1 login username password
must work in order to login via IMAP.
But you didn't answered the other question, see below
On Thu, Nov 3, 2016 at 2:36 AM, Steffen Kaiser < skdovecot@smail.inf.fh-brs.de> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wed, 2 Nov 2016, Peter Fraser wrote:
#Custom Settings
hosts = 192.168.153.143 dn = user@domain.com dnpass = password auth_bind = yes auth_bind_userdn = %u@domain.com ldap_version = 3 base = dc=rpservices,dc=com #user_filter = (&(objectclass=person)(mail=%u)) user_filter = (&(objectclass=person)(uid=%u)) pass_filter = (&(objectclass=person)(uid=%u)) user_attrs = homeDirectory=/home/vmail/%u,uid=1002,gid=1002
you wrote:
root@BSD-11:/usr/local/etc/dovecot # doveadm auth test username
extra fields: user=username
is successful. Is user=username ^^^^^^^ that same as the username in doveadm?
Here. You've posted mangled information only, so if the extra fields return another username, other tests are different.
What about:
doveadm user -u username
?
When I tried to log in again using telnet 127.0.0.1 110, the error shows up
in maillog. I first tried logging in with just the username, then I tried using username@domain.com. Using doveadm still works though.
BSD-11 dovecot: auth: ldap(peter,127.0.0.1,
): unknown user Nov 2 11:29:23 BSD-11 dovecot: auth: Error: ldap(user,127.0.0.1, ): user not found from userdb
what about here, is peter, appearing in the first line, the unmangled "user" here?
Nov 2 11:29:23 BSD-11 dovecot: pop3: Error: Authenticated user not found from userdb, auth lookup id=226492417 (client-pid=874 client-id=1) Nov 2 11:29:23 BSD-11 dovecot: pop3-login: Internal login failure (pid=874 id=1) (internal failure, 1 successful auths): user=<peter>, method=PLAIN Nov 2 11:30:42 BSD-11 dovecot: auth: ldap(user@domain.com): invalid credentials Nov 2 14:08:17 BSD-11 dovecot: auth: ldap(user,127.0.0.1,<4uLkKVZAvY9/AAAB>): invalid credentials Nov 2 14:09:38 BSD-11 dovecot: auth: ldap(user@domain.com,127.0.0.1,<4uLkKVZAvY9/AAAB>): invalid credentials Nov 2 14:11:00 BSD-11 dovecot: pop3-login: Disconnected: Inactivity (auth failed, 2 attempts in 163 secs): user=user@domain.com
On Wed, Nov 2, 2016 at 4:39 AM, Steffen Kaiser < skdovecot@smail.inf.fh-brs.de> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, 1 Nov 2016, Peter Fraser wrote:
root@BSD-11:/usr/local/etc/dovecot # doveadm auth test username
Password: passdb: user auth succeeded extra fields: user=username root@BSD-11:/usr/local/etc/dovecot #
But when I run telnet 127.0.0.1 110 and try to log in it says unknown user. Error below in maillog. BSD-11 dovecot: pop3: Error: Authenticated user not found from userdb, auth lookup id=2262958081 (client-pid=2273 client-id=1) Nov 1 15:15:41 BSD-11 dovecot: pop3-login: Internal login failure (pid=2273 id=1) (internal failure, 1 successful auths): user=
passdb {
args = /usr/local/etc/dovecot/dovecot-ldap.conf.ext driver = ldap }
userdb {
args = /usr/local/etc/dovecot/dovecot-ldap.conf.ext driver = ldap }
#Contents of dovecot-ldap.conf.ext
hosts = 192.168.153.143 dn = user@domain.com dnpass = password auth_bind = yes auth_bind_userdn = domain\%u ldap_version = 3 base = dc=domain,dc=com pass_filter = (&(objectclass=person)(uid=%u)) user_attrs = homeDirectory=/home/vmail/%u,uid=1002,gid=1002
duplicate pass_filter to user_filter.
- -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBWBm0Onz1H7kL/d9rAQJWhQf+PRD5yd29UyL1drjlTOWD/s4qUffg8OBh inb8L3eCKDuSad8s9INUJSa6WxGEVdatL4PKjTcbL5IsPIob87W5jOduWFMtPlt0 FXxWtfc1bAjRyNLzkGe1mUT1z0EDVO22UkQSd9J3bZQ9wR+FzgeGqdcyzl+WSyzB Eaiea23ieCjhZRAZF/pl1gDjkap+tPQ8gZLdt4p1QQrY5Jllifu5jYEyjqPkwUXf YMfEiCJSInyMQ8CCuL1Aj8iM/7qLLi8pyC9KSA6NntK4mpHAaInYln6SZY+ZGJCY KV60nGuwwv3qQFeKchhhr+GpGDQYXJ5eBq+Ji+cKgvbypFa13NNS8A== =l02F -----END PGP SIGNATURE-----
- -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBWBrpDnz1H7kL/d9rAQKwzggAnJz4LR0SXVWSFdSDrKYs40IEN/ko/4el D7/4q4lVBo9dntf+NeGS1JxttebiN7ng4F5pm841Z0l7acj6z8HzMCr11Voqbuy7 4WJirG2DnwmzxZRi1M86QGqXWU00jhFplSvZfWhX8uQasmp1FqV3hhUMmcTFfXTX DqtFali5ymUPV87XU2hZEtpe3jkBdjWmmHW8gVfSXVXBcRBa96+12FEOwONLVVcQ VGZRb6XxWexRcwAo4NY+NfqcM3OEGC4AZgfqBsWnZOUhijnw+ffbu4YL8aZBIGlB P78R0N0DtpRAToRJYvr00OMk27dkHU+0Ock/cFUr6H1cYXHBsfvO2A== =lz82 -----END PGP SIGNATURE-----
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBWBw2Mnz1H7kL/d9rAQKpQwf/YQnMaR+j3qyQBxrMi239bgmWksieVkCb seScL3JN7pWE4PYQ9qduQW2vEmzHKplCpkmNd0Q8xLee4KR8J4aaZy45Mhbjbk4a RMSGAS1+Z11WZM/ipCiKqyaCo12zSK0/8Q+ozZ7KUR1hajDjTEZ5hoR3icUrWV8Q BQXzdGhs7DLfjDWxtnmvW2LVR640h3n855TDmDMpeFpj8BNuVh5vu4JJWxSysaYN FYj0RGuIFvUb134f1YACEF97zXGdV09hSqJw8qcVNQgtvO85/gBZwlPJfF3WNHvw CV3KcZVxk8E2wKoz6b7j6cT5nohJD1bvVgT+autGGcsgVMWWoo3WWQ== =6ZWZ -----END PGP SIGNATURE-----
Sorry yes, peter is the unmangled user name.
On Fri, Nov 4, 2016 at 2:18 AM, Steffen Kaiser < skdovecot@smail.inf.fh-brs.de> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Thu, 3 Nov 2016, Peter Fraser wrote:
The command doveadm user -u username successfully returns the username and
any information it can for the user in AD. As a matter of fact, I entered some home directory information in AD and this command returned the User's Home Directory as well. Is it a problem though that the telnet test won't work?
Hmm, I don't understand the question,
telnet xyz 143 1 login username password
must work in order to login via IMAP.
But you didn't answered the other question, see below
On Thu, Nov 3, 2016 at 2:36 AM, Steffen Kaiser <
skdovecot@smail.inf.fh-brs.de> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, 2 Nov 2016, Peter Fraser wrote:
#Custom Settings
hosts = 192.168.153.143 dn = user@domain.com dnpass = password auth_bind = yes auth_bind_userdn = %u@domain.com ldap_version = 3 base = dc=rpservices,dc=com #user_filter = (&(objectclass=person)(mail=%u)) user_filter = (&(objectclass=person)(uid=%u)) pass_filter = (&(objectclass=person)(uid=%u)) user_attrs = homeDirectory=/home/vmail/%u,uid=1002,gid=1002
you wrote:
root@BSD-11:/usr/local/etc/dovecot # doveadm auth test username
extra fields:
user=username
is successful. Is user=username
^^^^^^^ that same as the username in doveadm?Here. You've posted mangled information only, so if the extra fields return another username, other tests are different.
What about:
doveadm user -u username
?
When I tried to log in again using telnet 127.0.0.1 110, the error shows up
in maillog. I first tried logging in with just the username, then I tried using username@domain.com. Using doveadm still works though.
BSD-11 dovecot: auth: ldap(peter,127.0.0.1,
): unknown user Nov 2 11:29:23 BSD-11 dovecot: auth: Error: ldap(user,127.0.0.1,
): user not found from userdb what about here, is peter, appearing in the first line, the unmangled "user" here?
Nov 2 11:29:23 BSD-11 dovecot: pop3: Error: Authenticated user not found
from userdb, auth lookup id=226492417 (client-pid=874 client-id=1) Nov 2 11:29:23 BSD-11 dovecot: pop3-login: Internal login failure (pid=874 id=1) (internal failure, 1 successful auths): user=<peter>, method=PLAIN Nov 2 11:30:42 BSD-11 dovecot: auth: ldap(user@domain.com): invalid credentials Nov 2 14:08:17 BSD-11 dovecot: auth: ldap(user,127.0.0.1,<4uLkKVZAvY9/AAAB>): invalid credentials Nov 2 14:09:38 BSD-11 dovecot: auth: ldap(user@domain.com,127.0.0.1,<4uLkKVZAvY9/AAAB>): invalid credentials Nov 2 14:11:00 BSD-11 dovecot: pop3-login: Disconnected: Inactivity (auth failed, 2 attempts in 163 secs): user=user@domain.com
On Wed, Nov 2, 2016 at 4:39 AM, Steffen Kaiser < skdovecot@smail.inf.fh-brs.de> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, 1 Nov 2016, Peter Fraser wrote:
root@BSD-11:/usr/local/etc/dovecot # doveadm auth test username
Password:
passdb: user auth succeeded extra fields: user=username root@BSD-11:/usr/local/etc/dovecot #
But when I run telnet 127.0.0.1 110 and try to log in it says unknown user. Error below in maillog. BSD-11 dovecot: pop3: Error: Authenticated user not found from userdb, auth lookup id=2262958081 (client-pid=2273 client-id=1) Nov 1 15:15:41 BSD-11 dovecot: pop3-login: Internal login failure (pid=2273 id=1) (internal failure, 1 successful auths): user=
passdb {
args = /usr/local/etc/dovecot/dovecot-ldap.conf.ext
driver = ldap }
userdb {
args = /usr/local/etc/dovecot/dovecot-ldap.conf.ext
driver = ldap }
#Contents of dovecot-ldap.conf.ext
hosts = 192.168.153.143
dn = user@domain.com dnpass = password auth_bind = yes auth_bind_userdn = domain\%u ldap_version = 3 base = dc=domain,dc=com pass_filter = (&(objectclass=person)(uid=%u)) user_attrs = homeDirectory=/home/vmail/%u,uid=1002,gid=1002
duplicate pass_filter to user_filter.
- -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBWBm0Onz1H7kL/d9rAQJWhQf+PRD5yd29UyL1drjlTOWD/s4qUffg8OBh inb8L3eCKDuSad8s9INUJSa6WxGEVdatL4PKjTcbL5IsPIob87W5jOduWFMtPlt0 FXxWtfc1bAjRyNLzkGe1mUT1z0EDVO22UkQSd9J3bZQ9wR+FzgeGqdcyzl+WSyzB Eaiea23ieCjhZRAZF/pl1gDjkap+tPQ8gZLdt4p1QQrY5Jllifu5jYEyjqPkwUXf YMfEiCJSInyMQ8CCuL1Aj8iM/7qLLi8pyC9KSA6NntK4mpHAaInYln6SZY+ZGJCY KV60nGuwwv3qQFeKchhhr+GpGDQYXJ5eBq+Ji+cKgvbypFa13NNS8A== =l02F -----END PGP SIGNATURE-----
- -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBWBrpDnz1H7kL/d9rAQKwzggAnJz4LR0SXVWSFdSDrKYs40IEN/ko/4el D7/4q4lVBo9dntf+NeGS1JxttebiN7ng4F5pm841Z0l7acj6z8HzMCr11Voqbuy7 4WJirG2DnwmzxZRi1M86QGqXWU00jhFplSvZfWhX8uQasmp1FqV3hhUMmcTFfXTX DqtFali5ymUPV87XU2hZEtpe3jkBdjWmmHW8gVfSXVXBcRBa96+12FEOwONLVVcQ VGZRb6XxWexRcwAo4NY+NfqcM3OEGC4AZgfqBsWnZOUhijnw+ffbu4YL8aZBIGlB P78R0N0DtpRAToRJYvr00OMk27dkHU+0Ock/cFUr6H1cYXHBsfvO2A== =lz82 -----END PGP SIGNATURE-----
- -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBWBw2Mnz1H7kL/d9rAQKpQwf/YQnMaR+j3qyQBxrMi239bgmWksieVkCb seScL3JN7pWE4PYQ9qduQW2vEmzHKplCpkmNd0Q8xLee4KR8J4aaZy45Mhbjbk4a RMSGAS1+Z11WZM/ipCiKqyaCo12zSK0/8Q+ozZ7KUR1hajDjTEZ5hoR3icUrWV8Q BQXzdGhs7DLfjDWxtnmvW2LVR640h3n855TDmDMpeFpj8BNuVh5vu4JJWxSysaYN FYj0RGuIFvUb134f1YACEF97zXGdV09hSqJw8qcVNQgtvO85/gBZwlPJfF3WNHvw CV3KcZVxk8E2wKoz6b7j6cT5nohJD1bvVgT+autGGcsgVMWWoo3WWQ== =6ZWZ -----END PGP SIGNATURE-----
I finally managed to get this going but I have noticed in my case that:
- I need to make sure the user logon name in AD and the samAccountname are exactly the same, case and all. It seems postfix uses the samAccountname and Dovecot the User logon name.
- I also noticed that if the Display name for a user in AD is blank, that user cannot log in using telnet <server ip> 110.
I am quite willing to work with it as it is but if anyone knows if this is normal behavior or not, I would be glad to know. Not sure if some could be configured better.
Just for information, I am including my current configs. Thanks for your assistance Steffen.
listen = * login_greeting = Mail Server ready. mail_gid = 1002 mail_home = /home/vmail/%u mail_location = maildir:~/Maildir mail_uid = 1002 namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /usr/local/etc/dovecot/dovecot-ldap.conf.ext driver = ldap } service lmtp { unix_listener lmtp { user = vmail } } ssl_cert =
dovecot-ldap-udb.conf.ext is a symlink to dovecot-ldap.conf.ext
and dovecot-ldap.conf.ext reads as follows
#Custom Settings hosts = ip address ldap_version = 3 scope = subtree deref = never base = cn=users,dc=domain,dc=com dn = cn=administrator,cn=users,dc=domain,dc=com dnpass = password auth_bind = yes auth_bind_userdn = %n ldap_version = 3 scope = subtree user_attrs = home=/home/vmail/%u,=uid=vmail,=gid=vmail pass_attrs = uid=%n,userPassword=password #pass_attrs=uid=user, userpassword=password user_filter = (&(objectclass=person)(samaccountname=%n)) pass_filter = (&(objectclass=inetorgperson)(mail=%u))
On Fri, Nov 4, 2016 at 2:21 PM, Peter Fraser petros.fraser@gmail.com wrote:
Sorry yes, peter is the unmangled user name.
On Fri, Nov 4, 2016 at 2:18 AM, Steffen Kaiser < skdovecot@smail.inf.fh-brs.de> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Thu, 3 Nov 2016, Peter Fraser wrote:
The command doveadm user -u username successfully returns the username and
any information it can for the user in AD. As a matter of fact, I entered some home directory information in AD and this command returned the User's Home Directory as well. Is it a problem though that the telnet test won't work?
Hmm, I don't understand the question,
telnet xyz 143 1 login username password
must work in order to login via IMAP.
But you didn't answered the other question, see below
On Thu, Nov 3, 2016 at 2:36 AM, Steffen Kaiser <
skdovecot@smail.inf.fh-brs.de> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, 2 Nov 2016, Peter Fraser wrote:
#Custom Settings
hosts = 192.168.153.143 dn = user@domain.com dnpass = password auth_bind = yes auth_bind_userdn = %u@domain.com ldap_version = 3 base = dc=rpservices,dc=com #user_filter = (&(objectclass=person)(mail=%u)) user_filter = (&(objectclass=person)(uid=%u)) pass_filter = (&(objectclass=person)(uid=%u)) user_attrs = homeDirectory=/home/vmail/%u,uid=1002,gid=1002
you wrote:
root@BSD-11:/usr/local/etc/dovecot # doveadm auth test username
extra fields: > user=username > > is successful. Is user=username
^^^^^^^ that same as the username in doveadm?Here. You've posted mangled information only, so if the extra fields return another username, other tests are different.
What about:
doveadm user -u username
?
When I tried to log in again using telnet 127.0.0.1 110, the error shows up
in maillog. I first tried logging in with just the username, then I tried using username@domain.com. Using doveadm still works though.
BSD-11 dovecot: auth: ldap(peter,127.0.0.1,
): unknown user Nov 2 11:29:23 BSD-11 dovecot: auth: Error: ldap(user,127.0.0.1,
): user not found from userdb what about here, is peter, appearing in the first line, the unmangled "user" here?
Nov 2 11:29:23 BSD-11 dovecot: pop3: Error: Authenticated user not found
from userdb, auth lookup id=226492417 (client-pid=874 client-id=1) Nov 2 11:29:23 BSD-11 dovecot: pop3-login: Internal login failure (pid=874 id=1) (internal failure, 1 successful auths): user=<peter>, method=PLAIN Nov 2 11:30:42 BSD-11 dovecot: auth: ldap(user@domain.com): invalid credentials Nov 2 14:08:17 BSD-11 dovecot: auth: ldap(user,127.0.0.1,<4uLkKVZAvY9/AAAB>): invalid credentials Nov 2 14:09:38 BSD-11 dovecot: auth: ldap(user@domain.com,127.0.0.1,<4uLkKVZAvY9/AAAB>): invalid credentials Nov 2 14:11:00 BSD-11 dovecot: pop3-login: Disconnected: Inactivity (auth failed, 2 attempts in 163 secs): user=user@domain.com
On Wed, Nov 2, 2016 at 4:39 AM, Steffen Kaiser < skdovecot@smail.inf.fh-brs.de> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, 1 Nov 2016, Peter Fraser wrote:
root@BSD-11:/usr/local/etc/dovecot # doveadm auth test username
Password: > passdb: user auth succeeded > extra fields: > user=username > root@BSD-11:/usr/local/etc/dovecot # > > But when I run telnet 127.0.0.1 110 and try to log in it says unknown > user. > Error below in maillog. > BSD-11 dovecot: pop3: Error: Authenticated user not found from > userdb, > auth > lookup id=2262958081 (client-pid=2273 client-id=1) > Nov 1 15:15:41 BSD-11 dovecot: pop3-login: Internal login failure > (pid=2273 id=1) (internal failure, 1 successful auths): user= > > > passdb {
args = /usr/local/etc/dovecot/dovecot-ldap.conf.ext > driver = ldap > } > > > userdb {
args = /usr/local/etc/dovecot/dovecot-ldap.conf.ext > driver = ldap > } > > > #Contents of dovecot-ldap.conf.ext
hosts = 192.168.153.143 > dn = user@domain.com > dnpass = password > auth_bind = yes > auth_bind_userdn = domain\%u > ldap_version = 3 > base = dc=domain,dc=com > pass_filter = (&(objectclass=person)(uid=%u)) > user_attrs = homeDirectory=/home/vmail/%u,uid=1002,gid=1002 > > > duplicate pass_filter to user_filter.
- -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBWBm0Onz1H7kL/d9rAQJWhQf+PRD5yd29UyL1drjlTOWD/s4qUffg8OBh inb8L3eCKDuSad8s9INUJSa6WxGEVdatL4PKjTcbL5IsPIob87W5jOduWFMtPlt0 FXxWtfc1bAjRyNLzkGe1mUT1z0EDVO22UkQSd9J3bZQ9wR+FzgeGqdcyzl+WSyzB Eaiea23ieCjhZRAZF/pl1gDjkap+tPQ8gZLdt4p1QQrY5Jllifu5jYEyjqPkwUXf YMfEiCJSInyMQ8CCuL1Aj8iM/7qLLi8pyC9KSA6NntK4mpHAaInYln6SZY+ZGJCY KV60nGuwwv3qQFeKchhhr+GpGDQYXJ5eBq+Ji+cKgvbypFa13NNS8A== =l02F -----END PGP SIGNATURE-----
- -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBWBrpDnz1H7kL/d9rAQKwzggAnJz4LR0SXVWSFdSDrKYs40IEN/ko/4el D7/4q4lVBo9dntf+NeGS1JxttebiN7ng4F5pm841Z0l7acj6z8HzMCr11Voqbuy7 4WJirG2DnwmzxZRi1M86QGqXWU00jhFplSvZfWhX8uQasmp1FqV3hhUMmcTFfXTX DqtFali5ymUPV87XU2hZEtpe3jkBdjWmmHW8gVfSXVXBcRBa96+12FEOwONLVVcQ VGZRb6XxWexRcwAo4NY+NfqcM3OEGC4AZgfqBsWnZOUhijnw+ffbu4YL8aZBIGlB P78R0N0DtpRAToRJYvr00OMk27dkHU+0Ock/cFUr6H1cYXHBsfvO2A== =lz82 -----END PGP SIGNATURE-----
- -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBWBw2Mnz1H7kL/d9rAQKpQwf/YQnMaR+j3qyQBxrMi239bgmWksieVkCb seScL3JN7pWE4PYQ9qduQW2vEmzHKplCpkmNd0Q8xLee4KR8J4aaZy45Mhbjbk4a RMSGAS1+Z11WZM/ipCiKqyaCo12zSK0/8Q+ozZ7KUR1hajDjTEZ5hoR3icUrWV8Q BQXzdGhs7DLfjDWxtnmvW2LVR640h3n855TDmDMpeFpj8BNuVh5vu4JJWxSysaYN FYj0RGuIFvUb134f1YACEF97zXGdV09hSqJw8qcVNQgtvO85/gBZwlPJfF3WNHvw CV3KcZVxk8E2wKoz6b7j6cT5nohJD1bvVgT+autGGcsgVMWWoo3WWQ== =6ZWZ -----END PGP SIGNATURE-----
You can relax case sensitivity requirements by using %Ln and %Lu instead of %u and %n.
Aki
On November 6, 2016 at 6:53 AM Peter Fraser petros.fraser@gmail.com wrote:
I finally managed to get this going but I have noticed in my case that:
- I need to make sure the user logon name in AD and the samAccountname are exactly the same, case and all. It seems postfix uses the samAccountname and Dovecot the User logon name.
- I also noticed that if the Display name for a user in AD is blank, that user cannot log in using telnet <server ip> 110.
I am quite willing to work with it as it is but if anyone knows if this is normal behavior or not, I would be glad to know. Not sure if some could be configured better.
Just for information, I am including my current configs. Thanks for your assistance Steffen.
listen = * login_greeting = Mail Server ready. mail_gid = 1002 mail_home = /home/vmail/%u mail_location = maildir:~/Maildir mail_uid = 1002 namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /usr/local/etc/dovecot/dovecot-ldap.conf.ext driver = ldap } service lmtp { unix_listener lmtp { user = vmail } } ssl_cert =
dovecot-ldap-udb.conf.ext is a symlink to dovecot-ldap.conf.ext
and dovecot-ldap.conf.ext reads as follows
#Custom Settings hosts = ip address ldap_version = 3 scope = subtree deref = never base = cn=users,dc=domain,dc=com dn = cn=administrator,cn=users,dc=domain,dc=com dnpass = password auth_bind = yes auth_bind_userdn = %n ldap_version = 3 scope = subtree user_attrs = home=/home/vmail/%u,=uid=vmail,=gid=vmail pass_attrs = uid=%n,userPassword=password #pass_attrs=uid=user, userpassword=password user_filter = (&(objectclass=person)(samaccountname=%n)) pass_filter = (&(objectclass=inetorgperson)(mail=%u))
On Fri, Nov 4, 2016 at 2:21 PM, Peter Fraser petros.fraser@gmail.com wrote:
Sorry yes, peter is the unmangled user name.
On Fri, Nov 4, 2016 at 2:18 AM, Steffen Kaiser < skdovecot@smail.inf.fh-brs.de> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Thu, 3 Nov 2016, Peter Fraser wrote:
The command doveadm user -u username successfully returns the username and
any information it can for the user in AD. As a matter of fact, I entered some home directory information in AD and this command returned the User's Home Directory as well. Is it a problem though that the telnet test won't work?
Hmm, I don't understand the question,
telnet xyz 143 1 login username password
must work in order to login via IMAP.
But you didn't answered the other question, see below
On Thu, Nov 3, 2016 at 2:36 AM, Steffen Kaiser <
skdovecot@smail.inf.fh-brs.de> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, 2 Nov 2016, Peter Fraser wrote:
#Custom Settings
hosts = 192.168.153.143 dn = user@domain.com dnpass = password auth_bind = yes auth_bind_userdn = %u@domain.com ldap_version = 3 base = dc=rpservices,dc=com #user_filter = (&(objectclass=person)(mail=%u)) user_filter = (&(objectclass=person)(uid=%u)) pass_filter = (&(objectclass=person)(uid=%u)) user_attrs = homeDirectory=/home/vmail/%u,uid=1002,gid=1002
you wrote:
root@BSD-11:/usr/local/etc/dovecot # doveadm auth test username
> > extra fields: >> user=username >> >> > is successful. Is user=username
^^^^^^^ that same as the username in doveadm?Here. You've posted mangled information only, so if the extra fields return another username, other tests are different.
What about:
doveadm user -u username
?
When I tried to log in again using telnet 127.0.0.1 110, the error shows up
in maillog. I first tried logging in with just the username, then I tried using username@domain.com. Using doveadm still works though.
BSD-11 dovecot: auth: ldap(peter,127.0.0.1,
): unknown user Nov 2 11:29:23 BSD-11 dovecot: auth: Error: ldap(user,127.0.0.1,
): user not found from userdb what about here, is peter, appearing in the first line, the unmangled "user" here?
Nov 2 11:29:23 BSD-11 dovecot: pop3: Error: Authenticated user not found
from userdb, auth lookup id=226492417 (client-pid=874 client-id=1) Nov 2 11:29:23 BSD-11 dovecot: pop3-login: Internal login failure (pid=874 id=1) (internal failure, 1 successful auths): user=<peter>, method=PLAIN Nov 2 11:30:42 BSD-11 dovecot: auth: ldap(user@domain.com): invalid credentials Nov 2 14:08:17 BSD-11 dovecot: auth: ldap(user,127.0.0.1,<4uLkKVZAvY9/AAAB>): invalid credentials Nov 2 14:09:38 BSD-11 dovecot: auth: ldap(user@domain.com,127.0.0.1,<4uLkKVZAvY9/AAAB>): invalid credentials Nov 2 14:11:00 BSD-11 dovecot: pop3-login: Disconnected: Inactivity (auth failed, 2 attempts in 163 secs): user=user@domain.com
On Wed, Nov 2, 2016 at 4:39 AM, Steffen Kaiser < skdovecot@smail.inf.fh-brs.de> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1 > > On Tue, 1 Nov 2016, Peter Fraser wrote: > > root@BSD-11:/usr/local/etc/dovecot # doveadm auth test username > > Password: >> passdb: user auth succeeded >> extra fields: >> user=username >> root@BSD-11:/usr/local/etc/dovecot # >> >> But when I run telnet 127.0.0.1 110 and try to log in it says unknown >> user. >> Error below in maillog. >> BSD-11 dovecot: pop3: Error: Authenticated user not found from >> userdb, >> auth >> lookup id=2262958081 (client-pid=2273 client-id=1) >> Nov 1 15:15:41 BSD-11 dovecot: pop3-login: Internal login failure >> (pid=2273 id=1) (internal failure, 1 successful auths): user= >> >> >> passdb { > > args = /usr/local/etc/dovecot/dovecot-ldap.conf.ext >> driver = ldap >> } >> >> >> userdb { > > args = /usr/local/etc/dovecot/dovecot-ldap.conf.ext >> driver = ldap >> } >> >> >> #Contents of dovecot-ldap.conf.ext > > hosts = 192.168.153.143 >> dn = user@domain.com >> dnpass = password >> auth_bind = yes >> auth_bind_userdn = domain\%u >> ldap_version = 3 >> base = dc=domain,dc=com >> pass_filter = (&(objectclass=person)(uid=%u)) >> user_attrs = homeDirectory=/home/vmail/%u,uid=1002,gid=1002 >> >> >> duplicate pass_filter to user_filter. > > - -- Steffen Kaiser > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > > iQEVAwUBWBm0Onz1H7kL/d9rAQJWhQf+PRD5yd29UyL1drjlTOWD/s4qUffg8OBh > inb8L3eCKDuSad8s9INUJSa6WxGEVdatL4PKjTcbL5IsPIob87W5jOduWFMtPlt0 > FXxWtfc1bAjRyNLzkGe1mUT1z0EDVO22UkQSd9J3bZQ9wR+FzgeGqdcyzl+WSyzB > Eaiea23ieCjhZRAZF/pl1gDjkap+tPQ8gZLdt4p1QQrY5Jllifu5jYEyjqPkwUXf > YMfEiCJSInyMQ8CCuL1Aj8iM/7qLLi8pyC9KSA6NntK4mpHAaInYln6SZY+ZGJCY > KV60nGuwwv3qQFeKchhhr+GpGDQYXJ5eBq+Ji+cKgvbypFa13NNS8A== > =l02F > -----END PGP SIGNATURE----- > > >
- -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBWBrpDnz1H7kL/d9rAQKwzggAnJz4LR0SXVWSFdSDrKYs40IEN/ko/4el D7/4q4lVBo9dntf+NeGS1JxttebiN7ng4F5pm841Z0l7acj6z8HzMCr11Voqbuy7 4WJirG2DnwmzxZRi1M86QGqXWU00jhFplSvZfWhX8uQasmp1FqV3hhUMmcTFfXTX DqtFali5ymUPV87XU2hZEtpe3jkBdjWmmHW8gVfSXVXBcRBa96+12FEOwONLVVcQ VGZRb6XxWexRcwAo4NY+NfqcM3OEGC4AZgfqBsWnZOUhijnw+ffbu4YL8aZBIGlB P78R0N0DtpRAToRJYvr00OMk27dkHU+0Ock/cFUr6H1cYXHBsfvO2A== =lz82 -----END PGP SIGNATURE-----
- -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBWBw2Mnz1H7kL/d9rAQKpQwf/YQnMaR+j3qyQBxrMi239bgmWksieVkCb seScL3JN7pWE4PYQ9qduQW2vEmzHKplCpkmNd0Q8xLee4KR8J4aaZy45Mhbjbk4a RMSGAS1+Z11WZM/ipCiKqyaCo12zSK0/8Q+ozZ7KUR1hajDjTEZ5hoR3icUrWV8Q BQXzdGhs7DLfjDWxtnmvW2LVR640h3n855TDmDMpeFpj8BNuVh5vu4JJWxSysaYN FYj0RGuIFvUb134f1YACEF97zXGdV09hSqJw8qcVNQgtvO85/gBZwlPJfF3WNHvw CV3KcZVxk8E2wKoz6b7j6cT5nohJD1bvVgT+autGGcsgVMWWoo3WWQ== =6ZWZ -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Sat, 5 Nov 2016, Peter Fraser wrote:
- I need to make sure the user logon name in AD and the samAccountname are exactly the same, case and all. It seems postfix uses the samAccountname and Dovecot the User logon name.
- I also noticed that if the Display name for a user in AD is blank, that user cannot log in using telnet <server ip> 110.
OK, this is something interesting
and dovecot-ldap.conf.ext reads as follows
#Custom Settings hosts = ip address ldap_version = 3 scope = subtree deref = never base = cn=users,dc=domain,dc=com dn = cn=administrator,cn=users,dc=domain,dc=com dnpass = password auth_bind = yes auth_bind_userdn = %n ldap_version = 3 scope = subtree user_attrs = home=/home/vmail/%u,=uid=vmail,=gid=vmail pass_attrs = uid=%n,userPassword=password #pass_attrs=uid=user, userpassword=password user_filter = (&(objectclass=person)(samaccountname=%n)) pass_filter = (&(objectclass=inetorgperson)(mail=%u))
Check out your 1. and pass_filter "postfix uses samAccountname" <-> pass_filter uses "mail" to identify an user.
So I suggest you use:
pass_filter = (&(objectclass=inetorgperson)(|(mail=%u)(samaccountname=%n)(cn=%n)))
Note: add all LDAP attributes to the LDAP query, that identify exactly one user (never more than one). If cn is not unique, use something you think is appropriate. Some examples in the net use userPrincipalName, ... Also, search the net for "dovecot active directory" and you'll find that some exclude entries with certain userAccountControl strings. That way Dovecot finds the user regardless of what s/he enters as username. You could even use something like (mail=%n@example.com)
pass_attrs=samaccountname=user, userpassword=password
This will return samaccountname as new username for userdb queries.
user_filter = (&(objectclass=person)(samaccountname=%n))
Finally, this query must find the user's data. Because pass_attrs mangle the "user" information of Dovecot to be samaccountname, this attribute must be present. If postfix delivers to this user, too, you are done. Otherwise use a similiar approach as with pass_filter. Dovecot LDA and LMTP do not use pass_filter, but only user_filter.
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBWCSKXnz1H7kL/d9rAQI2Wgf+OIFn5vssn1giLEocVSpZDvirLHLe4c1m br+PBzklJ2OtM4gYjVdcSkgOmuDGOoeIOcxZQIZwmz7413oCjmA8jloUzzYhj6Q6 6CSLHlBWMqtsnQC8+bITuEWBO+ygXT4A5HdEiJANT/oq+Jq1PXq6gN4W3CVwaq+4 f0b+H+Ejk9Xf8jjnpsvhL4SeS71fc7QwmcDZ3syxutQhWgu/urkAUqu3B0R9PD2r FOxJS+q4lF4JTni4vlWrqtuUeK9Mv675vLq1Uw8c+jLdlBgD5QKKsFNy3LTokMEm qU1g7uSISl16AmZ6arIk2ZEtBMpYlFYhxct/EMbjfgeKZ75zG9g6Fw== =S+La -----END PGP SIGNATURE-----
participants (3)
-
Aki Tuomi
-
Peter Fraser
-
Steffen Kaiser