On 2013-12-16 8:33 AM, Pascal den Bekker <pascal_den.bekker@affinitas.de> wrote:

Hey Marcus,

well.. I am trying to that :-).. But somehow dovecot doesnt connect to samba4 :-)

Oh, ok... so, you've asked on their support forums/email lists, and no help?

I'm surprised...

Hey Achim,

thank you for your help :-) Unfortunately it did not work :-(

I changed the lines in the dovecot config you sent me.. When I try to login into the sogo gui, im getting the following error message:

2013-12-16 16:10:07 auth: Info: ldap(administrator,127.0.0.1,<DBQZNajtqQB/AAAB>): unknown user 2013-12-16 16:10:07 auth: Error: userdb(administrator,127.0.0.1,<DBQZNajtqQB/AAAB>): user not found from userdb ldap 2013-12-16 16:10:07 imap: Error: Authenticated user not found from userdb, auth lookup id=4126670849 (client-pid=5503 client-id=1) 2013-12-16 16:10:07 imap-login: Info: Internal login failure (pid=5503 id=1) (internal failure, 1 succesful auths): user=<administrator>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=5504, secured, session=<DBQZNajtqQB/AAAB>

When I look in samba4:

samba-tool user list Administrator krbtgt Guest ldap

The user seems to be there..:-(

Cheers,

• Pascal

On 12/16/2013 03:37 PM, Achim Gottinger wrote:

Hi,

Added a few corrections to your config below. Hope it works.

achim~

Am 16.12.2013 11:51, schrieb Pascal den Bekker:

...

Hello,

I am trying to setup samba4/openchange and dovecot. Does anyone has experiences concering dovecot connecting to samba4 ??

I tried the following:

/etc/dovecot.conf:

protocols = imap sieve mail_location = maildir:/data/mail/%d/%n/Maildir mail_access_groups = vmail mail_privileged_group = vmail first_valid_uid = 110 last_valid_uid = 110 last_valid_uid = 5000 first_valid_gid = 115 last_valid_gid = 115 last_valid_gid = 5000

Your vmail user/group seems to have the uid/gid 5000 so it must be in the valid range.

...

log_path = /var/log/dovecot log_timestamp = "%Y-%m-%d %H:%M:%S " login_greeting = Welcome to domain.local.

service imap { inet_listener { port=143 } }

protocol lda { log_path = /var/log/mail/dovecot-deliver.log auth_socket_path = /var/run/dovecot/auth-master postmaster_address = postmaster@domain.local mail_plugins = sieve }

service managesieve { inet_listener { port=12000 } }

auth_verbose = yes auth_debug = yes

service auth { unix_listener /var/spool/postfix/private/auth { group = vmail mode = 0660 user = postfix } }

#service auth-userdb {

user = vmail

}

#user = root

#}

passdb { args = /etc/dovecot/dovecot-ldap-passdb.conf driver = ldap }

userdb { args = /etc/dovecot/dovecot-ldap-userdb.conf driver = ldap }

plugin { sieve = /data/mail/%d/%n/sieverc sieve_storage=/data/mail/%d/%n/sieve sieve_max_redirects = 20 }

debug_log_path = /var/log/dovecot-debug.log

dict { }

/etc/dovecot/dovecot-ldap-passdb.conf

hosts = localhost auth_bind = yes auth_bind_userdn = cn=%u,cn=Users,dc=domain,dc=local ldap_version = 3 base = cn=Users,dc=domain,dc=local pass_filter = (&(objectClass=person)(cn=%u)(mail=*))

hosts = localhost auth_bind = yes dn = cn=ldap,cn=Users,DC=domain,DC=local dnpass = password #auth_bind_userdn = cn=%u,cn=Users,dc=domain,dc=local ldap_version = 3 base = cn=Users,dc=domain,dc=local pass_filter = (&(objectClass=person)(sAMAccountName=%u)(mail=*)) user_attrs=uid=5000

This way dovecot connects as user ldap does the user lookup according to pass_filter and uses the resulting dn for authetification. If you create users via the Windows Remote Management tools the dn for an user normaly uses the Full Name as cn and not the user id which is stored as sAMAccountName.

...

/etc/dovecot/dovecot-ldap-userdb.conf:

hosts = localhost dn = cn=ldap,cn=Users,DC=domain,DC=local dnpass = password ldap_version = 3 base = cn=Users,DC=domain,DC=local

#user_attrs = user_attrs=uid=5000,=gid=5000,=home=/data/mail/%d/%n,mail=/data/mail/%d/%u/Maildir

user_filter = (&(objectClass=person)(cn=%u)(mail=*)) iterate_attrs = cn=user iterate_filter = (objectClass=person) user_filter = (&(objectClass=person)(sAMAccountName=%u)(mail=*)) iterate_attrs = sAMAccountName=user

When I try to login with useraccountadministrator I get the following error messages:

2013-12-16 11:28:29 auth: Info: ldap(ldap,127.0.0.1,<N3HjRaTtdAB/AAAB>): unknown user 2013-12-16 11:28:29 auth: Error: userdb(ldap,127.0.0.1,<N3HjRaTtdAB/AAAB>): user not found from userdb ldap 2013-12-16 11:28:29 imap: Error: Authenticated user not found from userdb, auth lookup id=783810561 (client-pid=3809 client-id=1) 2013-12-16 11:28:29 imap-login: Info: Internal login failure (pid=3809 id=1) (internal failure, 1 succesful auths): user=<ldap>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=3810, secured, session=<N3HjRaTtdAB/AAAB>

Can someone tell me what I am doing wrong, or is there way to test to dovecot ldap connection string ??

Cheers,

• Pascal

-- Pascal den Bekker

Linux System Administrator

Affinitas GmbH | Kohlfurter Straße 41/43 | 10999 Berlin | Germany email: pascal_den.bekker@affinitas.de | tel: +49 30 868 000 140 www.edarling.de | www.shopaman.de

Geschäftsführer: Lukas Brosseder, David Khalil, Michael Schrezenmaier

Eingetragen beim Amtsgericht Berlin-Charlottenburg, HRB 115958

Am 16.12.2013 16:14, schrieb Pascal den Bekker:

Hey Achim,

thank you for your help :-) Unfortunately it did not work :-(

I changed the lines in the dovecot config you sent me.. When I try to login into the sogo gui, im getting the following error message:

2013-12-16 16:10:07 auth: Info: ldap(administrator,127.0.0.1,<DBQZNajtqQB/AAAB>): unknown user 2013-12-16 16:10:07 auth: Error: userdb(administrator,127.0.0.1,<DBQZNajtqQB/AAAB>): user not found from userdb ldap 2013-12-16 16:10:07 imap: Error: Authenticated user not found from userdb, auth lookup id=4126670849 (client-pid=5503 client-id=1) 2013-12-16 16:10:07 imap-login: Info: Internal login failure (pid=5503 id=1) (internal failure, 1 succesful auths): user=<administrator>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=5504, secured, session=<DBQZNajtqQB/AAAB>

When I look in samba4:

samba-tool user list Administrator krbtgt Guest ldap

The user seems to be there..:-(

Cheers,

• Pascal

On 12/16/2013 03:37 PM, Achim Gottinger wrote:

...

Hi,

Added a few corrections to your config below. Hope it works.

achim~

Am 16.12.2013 11:51, schrieb Pascal den Bekker:

...

Hello,

I am trying to setup samba4/openchange and dovecot. Does anyone has experiences concering dovecot connecting to samba4 ??

I tried the following:

/etc/dovecot.conf:

protocols = imap sieve mail_location = maildir:/data/mail/%d/%n/Maildir mail_access_groups = vmail mail_privileged_group = vmail first_valid_uid = 110 last_valid_uid = 110 last_valid_uid = 5000 first_valid_gid = 115 last_valid_gid = 115 last_valid_gid = 5000

Your vmail user/group seems to have the uid/gid 5000 so it must be in the valid range.

...

log_path = /var/log/dovecot log_timestamp = "%Y-%m-%d %H:%M:%S " login_greeting = Welcome to domain.local.

service imap { inet_listener { port=143 } }

protocol lda { log_path = /var/log/mail/dovecot-deliver.log auth_socket_path = /var/run/dovecot/auth-master postmaster_address = postmaster@domain.local mail_plugins = sieve }

service managesieve { inet_listener { port=12000 } }

auth_verbose = yes auth_debug = yes

service auth { unix_listener /var/spool/postfix/private/auth { group = vmail mode = 0660 user = postfix } }

#service auth-userdb {

user = vmail

}

#user = root

#}

passdb { args = /etc/dovecot/dovecot-ldap-passdb.conf driver = ldap }

userdb { args = /etc/dovecot/dovecot-ldap-userdb.conf driver = ldap }

plugin { sieve = /data/mail/%d/%n/sieverc sieve_storage=/data/mail/%d/%n/sieve sieve_max_redirects = 20 }

debug_log_path = /var/log/dovecot-debug.log

dict { }

/etc/dovecot/dovecot-ldap-passdb.conf

hosts = localhost auth_bind = yes auth_bind_userdn = cn=%u,cn=Users,dc=domain,dc=local ldap_version = 3 base = cn=Users,dc=domain,dc=local pass_filter = (&(objectClass=person)(cn=%u)(mail=*))

hosts = localhost auth_bind = yes dn = cn=ldap,cn=Users,DC=domain,DC=local dnpass = password #auth_bind_userdn = cn=%u,cn=Users,dc=domain,dc=local ldap_version = 3 base = cn=Users,dc=domain,dc=local pass_filter = (&(objectClass=person)(sAMAccountName=%u)(mail=*)) user_attrs=uid=5000

This way dovecot connects as user ldap does the user lookup according to pass_filter and uses the resulting dn for authetification. If you create users via the Windows Remote Management tools the dn for an user normaly uses the Full Name as cn and not the user id which is stored as sAMAccountName.

...

/etc/dovecot/dovecot-ldap-userdb.conf:

hosts = localhost dn = cn=ldap,cn=Users,DC=domain,DC=local dnpass = password ldap_version = 3 base = cn=Users,DC=domain,DC=local

#user_attrs = user_attrs=uid=5000,=gid=5000,=home=/data/mail/%d/%n,mail=/data/mail/%d/%u/Maildir

user_filter = (&(objectClass=person)(cn=%u)(mail=*)) iterate_attrs = cn=user iterate_filter = (objectClass=person) user_filter = (&(objectClass=person)(sAMAccountName=%u)(mail=*)) iterate_attrs = sAMAccountName=user

When I try to login with useraccountadministrator I get the following error messages:

2013-12-16 11:28:29 auth: Info: ldap(ldap,127.0.0.1,<N3HjRaTtdAB/AAAB>): unknown user 2013-12-16 11:28:29 auth: Error: userdb(ldap,127.0.0.1,<N3HjRaTtdAB/AAAB>): user not found from userdb ldap 2013-12-16 11:28:29 imap: Error: Authenticated user not found from userdb, auth lookup id=783810561 (client-pid=3809 client-id=1) 2013-12-16 11:28:29 imap-login: Info: Internal login failure (pid=3809 id=1) (internal failure, 1 succesful auths): user=<ldap>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=3810, secured, session=<N3HjRaTtdAB/AAAB>

Can someone tell me what I am doing wrong, or is there way to test to dovecot ldap connection string ??

Cheers,

• Pascal

I'd test it with an different user than Administrator, and make sure the user has an E-Mail adress assigned.