Dear Dovecot mailing list people -

What I'm trying to do is use Postfix (with virtual users) and a POP3 server (we don't want IMAP - don't ask) to work against our new Active Directory servers that will be coming soon. Before we roll anything out we're testing it in the lab. Here's what we've got: x86 server running Red Hat Enterprise Linux 3 Postfix 2.0.16 Dovecot-1.0 Beta7 Windows 2003 server running Active Directory Windows XP client running Outlook

Eventually, we'd like the clients to be joined to the AD domain and that's where we'll store ALL the user information. The email will come in on our postfix server (which uses virtual users) and the clients will check it passing their email username and domain password. The catch is that USERS CAN BE ANYWHERE IN THE DIRECTORY. (I apologize for the caps, I wanted to make sure that phrase wasn't glossed over.) So, for instance:

DC=local | DC=domain | OU=group1 | | | > CN=user1 | > CN=user2 | OU=group2 | | | > CN=user3 | > CN=user4 | OU=group3 | >CN=user5

The path to user1 is therefore CN=user1,OU=group1,DC=domain,DC=local (at least in the AD world.) The path to user3 is CN=user3,OU=group2,DC=domain,DC=local. So to search for users I would think (because this is how Postfix does it) that I could have the search base as DC=domain,DC=local and then have scope = subtree. IT DOESN'T WORK. (Again, caps used for emphasis only.)

Here's the meat of the dovecot-ldap.conf file I'm using: hosts = 192.168.x.x dn = cn=Administrator,cn=Users,DC=domain,DC=local dnpass = xxxxx auth_bind = yes ldap_version = 3 base = DC=domain,DC=local scope = subtree user_attrs = sAMAccountName,mail,,,, user_filter = (&(objectClass=organizationalPerson)(sAMAccountName=%u)) pass_filter = (&(objectClass=organizationalPerson)(sAMAccountName=%u)) user_global_uid = 44 user_global_gid = 44

--- Interestingly, if I simply point the base to the actual user's container, it works just fine. The idea works from Postfix, but from dovecot it doesn't actually seem to search the tree. ---

Here's some of the output from the log files. dovecot: May 17 15:35:52 Info: auth(default): client in: AUTH 1 PLAIN service=POP3 lip= 192.168.0.199 rip=192.168.0.195 resp=AGp1c2VyAHBhc3N3b3Jk dovecot: May 17 15:35:52 Info: auth(default): ldap(user1, 192.168.0.195): bind search: base=DC=LAB,DC=local filter=(&(objectClass=organizationalPerson)(sAMAccountName=user1)) dovecot: May 17 15:36:52 Info: pop3-login: Disconnected: Inactivity: method=PLAIN, rip= 192.168.90.195, lip=192.168.90.199 dovecot: May 17 15:37:52 Info: auth(default): client in: AUTH 1 PLAIN service=POP3 lip=192.168.0.199 rip=192.168.0.195 resp=AGp1c2VyAHBhc3N3b3Jk dovecot: May 17 15:37:52 Info: auth(default): ldap(user1,192.168.0.195): bind search: base=DC=domain,DC=local filter=(&(objectClass=organizationalPerson)(sAMAccountName=user1)) dovecot: May 17 15:37:54 Info: auth(default): client out: OK 1 user=user1 dovecot: May 17 15:37:54 Info: auth(default): client out: OK 1 user=user1 dovecot: May 17 15:37:54 Info: auth(default): master in: REQUEST 1 25233 1 dovecot: May 17 15:37:54 Info: auth(default): ldap(user1,192.168.0.195): base=DC=LAB,DC=local scope=subtree filter=(&(objectClass=organizationalPerson)(sAMAccountName=user1)) fields=sAMAccountName,mail,,,, dovecot: May 17 15:38:52 Info: pop3-login: Disconnected: Inactivity: user=<user1>, method=PLAIN, rip=192.168.0.195, lip=192.168.0.199

Can anybody offer any insight? Pretty please?

• Burton