Connecting to multiple ldaps AD from Dovecot 2.4.1
Hello List! I am testing auth-ldap.conf.ext on Dovecot 2.4.1 Debian 13 (trixie) Postfix 3.10.4 Dovecot 2.4.1-4 (7d8c0e5759)
Everything works fine when I use only one ldap AD for authentication. I need to connect multiple ADs of our organizations which have separate ADs.
The problem is that it always takes the last ldap_uris as working even if I put them in separate files.
*configuration - auth-ldap.conf.ext*
*### AD - ORG_ONE*
ldap_uris = ldap://XX.YY.ZZ.CZ ldap_auth_dn = CN=ReaderAD,CN=Users,DC=domain1,DC=local ldap_auth_dn_password = secret_password_1 ldap_base = OU=ALFA,dc=domain1,dc=local ldap_version = 3
*### domena subdomain1.domain1.cz* passdb ldap { ldap_filter = (&(objectClass=user)(mail=%{user|username}@%{user|domain})) ldap_bind = yes result_internalfail = return-fail }
userdb ldap { driver = ldap ldap_filter = (&(objectClass=user)(mail=%{user|username}@%{user|domain})) fields { mail_path=/home/vmail/%{user|domain}/%{ldap:mail}/Maildir mail_inbox_path=/home/vmail/%{user|domain}/%{ldap:mail}/Maildir/ } }
*### AD - ORG_SECOND * ldap_uris = ldap://AXX.AYY.AZZ.ACZ ldap://BXX.BYY.BZZ.BCZ ldap_auth_dn = CN=ReaderAD,OU=ServiceAccount,OU=DELTA,OU=GAMA,OU=ALFA,OU=BETA,DC=domain2,DC=cz ldap_auth_dn_password = secret_password_2 ldap_base = OU=BETA,dc=domain2,dc=cz ldap_version = 3
*### domena subdomain2.domain1.cz* passdb ldap { ldap_filter = (&(objectClass=user)(mail=%{user|username}@%{user|domain})) ldap_bind = yes result_internalfail = return-fail }
userdb ldap { driver = ldap ldap_filter = (&(objectClass=user)(mail=%{user|username}@%{user|domain})) fields { mail_path=/home/vmail/%{user|domain}/%{ldap:mail}/Maildir mail_inbox_path=/home/vmail/%{user|domain}/%{ldap:mail}/Maildir/ } }
*--- doveadm auth test ---* root@SERVER:/etc/dovecot/conf.d# doveadm auth test name.surname@subdomain2.domain2.cz Password: passdb: name.surname@subdomain2.domain1.cz*auth succeeded* extra fields: user=name.surname@subdomain2.domain1.cz
root@SERVER:/etc/dovecot/conf.d# doveadm auth test name.surname@subdomain1.domain1.cz Password: passdb: name.surname@subdomain2.domain2.cz*auth failed* extra fields: user=name.surname@subdomain2.domain2.cz
I couldn't find any solution in the 2.4.1 documentation or on the Internet. AI didn't help.
Thank you for your time and reply.
Kind regards, Zbynek Grepl
Hello List! I am testing auth-ldap.conf.ext on Dovecot 2.4.1 Debian 13 (trixie) Postfix 3.10.4 Dovecot 2.4.1-4 (7d8c0e5759)
Everything works fine when I use only one ldap AD for authentication. I need to connect multiple ADs of our organizations which have separate ADs.
The problem is that it always takes the last ldap_uris as working even if I put them in separate files.
configuration - auth-ldap.conf.ext
AD - ORG_ONE
ldap_uris = [1]ldap://XX.YY.ZZ.CZ ldap_auth_dn = CN=ReaderAD,CN=Users,DC=domain1,DC=local ldap_auth_dn_password = secret_password_1 ldap_base = OU=ALFA,dc=domain1,dc=local ldap_version = 3
domena subdomain1.domain1.cz
passdb ldap { ldap_filter = (&(objectClass=user)(mail=%{user|username}@%{user|domain})) ldap_bind = yes result_internalfail = return-fail }
userdb ldap { driver = ldap ldap_filter = (&(objectClass=user)(mail=%{user|username}@%{user|domain})) fields {
mail_path=/home/vmail/%{user|domain}/%{[2]ldap:mail}/Maildir
mail_inbox_path=/home/vmail/%{user|domain}/%{[3]ldap:mail}/Maildir/ } }
AD - ORG_SECOND
ldap_uris = [4]ldap://AXX.AYY.AZZ.ACZ [5]ldap://BXX.BYY.BZZ.BCZ ldap_auth_dn = CN=ReaderAD,OU=ServiceAccount,OU=DELTA,OU=GAMA,OU=ALFA,OU=BETA,DC=domain2,DC=cz ldap_auth_dn_password = secret_password_2 ldap_base = OU=BETA,dc=domain2,dc=cz ldap_version = 3
domena subdomain2.domain1.cz
passdb ldap { ldap_filter = (&(objectClass=user)(mail=%{user|username}@%{user|domain})) ldap_bind = yes result_internalfail = return-fail }
userdb ldap { driver = ldap ldap_filter = (&(objectClass=user)(mail=%{user|username}@%{user|domain})) fields {
mail_path=/home/vmail/%{user|domain}/%{[6]ldap:mail}/Maildir
mail_inbox_path=/home/vmail/%{user|domain}/%{[7]ldap:mail}/Maildir/ } }
--- doveadm auth test --- [8]root@SERVER:/etc/dovecot/conf.d# doveadm auth test [9]name.surname@subdomain2.domain2.cz Password: passdb: [10]name.surname@subdomain2.domain1.cz auth succeeded extra fields: [11]user=name.surname@subdomain2.domain1.cz
[12]root@SERVER:/etc/dovecot/conf.d# doveadm auth test [13]name.surname@subdomain1.domain1.cz Password: passdb: [14]name.surname@subdomain2.domain2.cz auth failed extra fields: [15]user=name.surname@subdomain2.domain2.cz
I couldn't find any solution in the 2.4.1 documentation or on the Internet. AI didn't help.
Thank you for your time and reply.
Kind regards, Zbynek Grepl
References
Visible links
- file:///tmp/tmpy9tgc9z4/ldap:/XX.YY.ZZ.CZ
- file:///tmp/tmpy9tgc9z4/ldap:mail
- file:///tmp/tmpy9tgc9z4/ldap:mail
- file:///tmp/tmpy9tgc9z4/ldap:/AXX.AYY.AZZ.ACZ
- file:///tmp/tmpy9tgc9z4/ldap:/BXX.BYY.BZZ.BCZ
- file:///tmp/tmpy9tgc9z4/ldap:mail
- file:///tmp/tmpy9tgc9z4/ldap:mail
- mailto:root@server/etc/dovecot/conf.d#
- mailto:name.surname@subdomain2.domain2.cz
- mailto:name.surname@subdomain2.domain1.cz
- mailto:user=name.surname@subdomain2.domain1.cz
- mailto:root@server/etc/dovecot/conf.d#
- mailto:name.surname@subdomain1.domain1.cz
- mailto:name.surname@subdomain2.domain2.cz
- mailto:user=name.surname@subdomain2.domain2.cz
participants (1)
-
Grepl Zbynek