I reported this a month or two back as well but got no responses. It happens for us when the user enters an incorrect password.

I am using "auth_bind = yes" in my config and summized that the ldap code in dovecot may be caching the previous user's credentials for use in subsequent bind lookups instead of using the credentials specified by dn / dnpass. That would explain why a failed authentication might result in all subsequent ldap_search() calls failing.

Our production server is currently running dovecot-1.0-0.beta8.2.fc5 from the Fedora 5 distribution, but I have tested that the problem still exists up to the rc9 release. I have not tried it with rc10 yet.

These are the typical messages I get in the logs:

Oct 22 09:50:35 gm-ho-lin-06 dovecot: auth(default): client in: AUTH 1 PLAIN service=POP3 lip=::ffff:10.1.101.10 rip=::ffff:10.0.25.193 resp= Oct 22 09:50:35 gm-ho-lin-06 dovecot: auth(default): client out: CONT 1 Oct 22 09:50:35 gm-ho-lin-06 dovecot: auth(default): client in: CONT 1 ADAyMDdAc3RvcmVzLmdhbWUuY28udWsAMDcwMg== Oct 22 09:50:35 gm-ho-lin-06 dovecot: auth(default): ldap(0207@stores.game.co.uk,::ffff:10.0.25.193): bind search: base=OU=Stores,OU=UK,DC=group,DC=game,DC=net filter=(&(objectClass=user)(mail=0207@stores.game.co.uk)) Oct 22 09:50:36 gm-ho-lin-06 dovecot: auth(default): client out: FAIL 1 user=0207@stores.game.co.uk Oct 22 09:50:36 gm-ho-lin-06 dovecot: auth(default): client in: AUTH 2 PLAIN service=POP3 lip=::ffff:10.1.101.10 rip=::ffff:10.0.25.193 resp=ADAyMDdAc3RvcmVzLmdhbWUuY28udWsAMDcwMg== Oct 22 09:50:36 gm-ho-lin-06 dovecot: auth(default): ldap(0207@stores.game.co.uk,::ffff:10.0.25.193): bind search: base=OU=Stores,OU=UK,DC=group,DC=game,DC=net filter=(&(objectClass=user)(mail=0207@stores.game.co.uk)) Oct 22 09:50:36 gm-ho-lin-06 dovecot: auth(default): ldap(0207@stores.game.co.uk,::ffff:10.0.25.193): ldap_search() failed: Operations error Oct 22 09:50:38 gm-ho-lin-06 dovecot: auth(default): client in: AUTH 1 PLAIN service=POP3 lip=::ffff:10.1.101.10 rip=::ffff:10.0.70.193 resp= Oct 22 09:50:38 gm-ho-lin-06 dovecot: auth(default): client out: CONT 1 Oct 22 09:50:38 gm-ho-lin-06 dovecot: auth(default): client in: CONT 1 ADA1NjdAc3RvcmVzLmdhbWUuY28udWsANzY1MA== Oct 22 09:50:38 gm-ho-lin-06 dovecot: auth(default): ldap(0567@stores.game.co.uk,::ffff:10.0.70.193): bind search: base=OU=Stores,OU=UK,DC=group,DC=game,DC=net filter=(&(objectClass=user)(mail=0567@stores.game.co.uk)) Oct 22 09:50:38 gm-ho-lin-06 dovecot: auth(default): ldap(0567@stores.game.co.uk,::ffff:10.0.70.193): ldap_search() failed: Operations error Oct 22 09:50:38 gm-ho-lin-06 dovecot: auth(default): client out: FAIL 2 user=0207@stores.game.co.uk temp Oct 22 09:50:38 gm-ho-lin-06 dovecot: auth(default): client out: FAIL 1 user=0567@stores.game.co.uk temp Oct 22 09:50:38 gm-ho-lin-06 dovecot: auth(default): client in: AUTH 2 PLAIN service=POP3 lip=::ffff:10.1.101.10 rip=::ffff:10.0.70.193 resp=ADA1NjdAc3RvcmVzLmdhbWUuY28udWsANzY1MA== Oct 22 09:50:38 gm-ho-lin-06 dovecot: auth(default): ldap(0567@stores.game.co.uk,::ffff:10.0.70.193): bind search: base=OU=Stores,OU=UK,DC=group,DC=game,DC=net filter=(&(objectClass=user)(mail=0567@stores.game.co.uk)) Oct 22 09:50:38 gm-ho-lin-06 dovecot: auth(default): ldap(0567@stores.game.co.uk,::ffff:10.0.70.193): ldap_search() failed: Operations error Oct 22 09:50:40 gm-ho-lin-06 dovecot: auth(default): client out: FAIL 2 user=0567@stores.game.co.uk temp

Regards, Rob Coward

On Tue, 2006-10-24 at 14:28 +0300, Timo Sirainen wrote:

On Mon, 2006-10-23 at 12:07 -0200, Matheus Antonio Oliveira wrote:

...

People,

I have a situation: when use a passwd LDAP module against "microsoft active directory" and one user send a blank password the authentication module returns: "ERR [IN-USE] Internal login failure. Refer to server log for more information."; after this the authentication module never authenticate again "ERR Temporary authentication failure." .. -ERR [IN-USE] Internal login failure. Refer to server log for more information.

Could you also show what error message it wrote to the log file?

This e-mail and any files transmitted with it are confidential and intended solely
for the use of the individual or entity to whom they are addressed. If you have
received this e-mail in error please notify the system manager at:

    mailto:postmaster@game.net

The recipient acknowledges that the transmissions made via the Internet
can be corrupted and therefore THE GAME GROUP PLC and any of its subsidiaries
do not give any warranty as to the quality or accuracy of any information
contained in the message or assume any liability for it or for its transmission,
reception or storage.

This footnote also confirms that this e-mail message has been swept by
anti-virus software for the presence of computer viruses.

http://www.game.co.uk http://www.gamegroup.plc.uk