Hello,

I am using dovecot-2.0.6 with NetBSD amd64. Active Directory is used as an authentication server. (Windows Server 2008 R2)

However, the message of "Operations error" was displayed first and it did not move. It solved it by understanding that this is because the authority of the user who used it for bind was insufficient, and adding to "Account Operators" group. # Though it is not the best.

The error "Error: re_encode_request new request is" occurs, and it doesn't operate still as follows.

Postfix operates though connects with LDAP. The following are samples.

# Active Directory Server settings domain = example.com server_host = ldap://xxx.xxx.xxx.xxx:389 search_base = dc=example, dc=com version = 3 timeout = 30

# Active Directory Searcher settings bind = yes bind_dn = cn=Mail Administrator, cn=Users, dc=example, dc=com bind_pw = *********

# Filter Query query_filter = (&(&(objectCategory=person)(|(mail=%s)(userPrincipalName=%s)))(!(userAccountControl:1.2.840.113556.1.4.803:=2))) result_attribute = userPrincipalName result_filter = %s/ chase_referrals = no

The packet was done with wireshark by using this definition and a capture doing and a similar test were done to dovecot.

It is a setting of dovecot.

hosts = xxx.xxx.xxx.xxx:389 dn = cn=Mail Administrator, cn=Users, dc=example, dc=com dnpass = *********

auth_bind = no ldap_version = 3 base = dc=example, dc=com user_attrs = unixHomeDirectory=home,uidNumber=uid,gidNumber=gid user_filter = (&(&(objectCategory=person)(userPrincipalName=%u))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))

pass_attrs = userPrincipalName=user,unixUserPassword=password pass_filter = (&(&(objectCategory=person)(userPrincipalName=%u))(!(userAccountControl:1.2.840.113556.1.4.803:=2))) iterate_attrs = userPrincipalName=user iterate_filter = (&(objectCategory=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2))) default_pass_scheme = MD5

# Schema of LDAP is matched to Windows Services for UNIX, # and the password is made a hush with MD5.

Both dovecot and postfix the first "bindRequest" was quite the same demand and the results.

Next, dovecot demanded query of "userPrincipalName" and "unixUserPassword". It seems to be ok for the result. # This fails if it doesn't add to "Account Operators" group.

However, "name" and "simple" were issued by the blank (anonymously?) as for the following next demand (bindRequest). In addition, query of "userPrincipalName" and "unixUserPassword" is issued to "cn=Configuration, dc=example, dc=com" afterwards. And, "Operations Error" is returned because of this.

Error description in LDAP packet:

errorMessage: 000004DC: LdapErr: DSID-0C0906DC, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db0

Because LDAP is unprofessional, it has not understood though the source code was seen.

Do you serve as a reference?

Thanks powerful codes.