[Dovecot] Problem with Dovecot and AD LDAP auth
Hi.
Seems it's a bug in dovecot auth. I have FreeBSD 8.1-RELEASE-p1 and I tried 1.2.17 and 2.1.7 versions of Dovecot, and still no luck.
The problem: when I set in dovecot-ldap.conf: base = CN=Users,DC=domain,DC=local
everything works fine. But if I set: base = DC=domain,DC=local
mail client can't authorize. /var/log/dovecot.log says:
===============================================
Jun 07 18:07:17 auth: Debug: auth client connected (pid=14611)
Jun 07 18:08:11 auth: Debug: client in: AUTH 1 PLAIN service=imap session=G1//aeLB6wAKAABu lip=10.0.0.3 rip=10.0.0.110 lport=143 rport=55787 resp=AGdhdGV3YXkAVU82eUpuUXQ=
Jun 07 18:08:11 auth: Debug: ldap(gateway,10.0.0.110,): bind search: base=DC=domain,DC=local filter=(&(objectClass=person)(sAMAccountName=gateway))
Jun 07 18:08:11 auth: Debug: ldap(gateway,10.0.0.110,): result: uid missing
Jun 07 18:10:18 imap-login: Info: Disconnected: Inactivity during authentication (disconnected while authenticating, waited 127 secs): user=<>, method=PLAIN, rip=10.0.0.110, lip=10.0.0.3, session=
Jun 07 18:10:18 auth: Debug: client in: CANCEL 1
Jun 07 18:10:18 auth: Debug: auth client connected (pid=14706)
Jun 07 18:10:26 auth: Debug: client in: AUTH 1 PLAIN service=imap session=n6IBcuLB7AAKAABu lip=10.0.0.3 rip=10.0.0.110 lport=143 rport=55788 resp=AGdhdGV3YXkAVU82eUpuUXQ=
Jun 07 18:10:26 auth: Debug: ldap(gateway,10.0.0.110,<n6IBcuLB7AAKAABu>): bind search: base=DC=domain,DC=local filter=(&(objectClass=person)(sAMAccountName=gateway))
Jun 07 18:10:26 auth: Error: ldap(gateway,10.0.0.110,<n6IBcuLB7AAKAABu>): Connection appears to be hanging, reconnecting
Jun 07 18:10:26 auth: Debug: ldap(gateway,10.0.0.110,<n6IBcuLB7AAKAABu>): result: uid missing
Jun 07 18:10:26 auth: Error: ldap(gateway,10.0.0.110,): Request lost
Jun 07 18:10:26 auth: Error: ldap(gateway,10.0.0.110,<n6IBcuLB7AAKAABu>): ldap_search(base=DC=domain,DC=local filter=(&(objectClass=person)(sAMAccountName=gateway))) failed: Operations error
Jun 07 18:10:26 auth: Error: LDAP: Reply with unknown msgid 2
Jun 07 18:10:26 auth: Error: LDAP: Reply with unknown msgid 2
Jun 07 18:10:26 auth: Error: LDAP: Reply with unknown msgid 2
Jun 07 18:10:26 auth: Error: LDAP: Reply with unknown msgid 2
Jun 07 18:10:28 auth: Debug: client out: FAIL 1 user=gateway temp
Jun 07 18:10:28 auth: Debug: client out: FAIL 1 user=gateway temp
Jun 07 18:13:18 imap-login: Info: Disconnected: Inactivity (auth failed, 1 attempts in 172 secs): user=<gateway>, method=PLAIN, rip=10.0.0.110, lip=10.0.0.3, session=<n6IBcuLB7AAKAABu>
My dovecot-ldap.conf:
=============================== ldap_version = 3 hosts = ad.domain.local base = DC=hrom,DC=local scope = subtree
dn = CN=mailserver,CN=Users,DC=domain,DC=local dnpass = here_is_pass auth_bind = yes pass_attrs = uid=user pass_filter = "(&(objectClass=person)(sAMAccountName=%u))" user_attrs = name=mail=maildir:/var/mail/virtual/hrom.local/%n user_filter = "(&(objectClass=person)(sAMAccountName=%u))" =================================================== I need base = DC=domain,DC=local for searching for user's accounts in different OU of my AD. If I set base = CN=Users,DC=domain,DC=local, Dovecot can't authorize user accounts from OU.
P.S.: Postfix with base = DC=domain,DC=local works perfectly, so the problem is not with our domain controller (LDAP server as well) .
participants (1)
-
Алексей Переклад