Has anyone ever managed to link their AD to Dovecot?
Are there any Dovecot configuration examples for linking an Active Directory? The documentation doesn't mention it, and my configuration only works for IMAP authentication; for some unknown reason, the user is then not found...
Some FYIs
I dont use ldap/active dir as this is more of a microsoft thing
microsoft AD was designed more for users accessing network resources (ie drive mappings etc)
also yes it can apparently be used via ldap ?
Active Directory
When connecting to AD, you may need to use port 3268. Then again, not all LDAP fields are available in port 3268. Use whatever works. https://technet.microsoft.com/en-us/library/cc978012.aspx
A director proxy doesn’t need userdb configuration (unlike backends).
passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap }
The included dovecot-ldap-director.conf.ext can be used as template for the /etc/dovecot/dovecot-ldap.conf.ext. Its most important settings are:
hosts = ldap.example.com dn = cn=admin,dc=example,dc=com dnpass = secret base = dc=example,dc=com
Configure how the LDAP server is reached. Active directory allows binding with username@domain.
auth_bind_userdn = %u auth_bind = yes
Use LDAP authentication binding for verifying users’ passwords.
pass_attrs = =proxy=y, =proxy_timeout=10, =user=%{ldap:mailRoutingAddress}, =password=%{ldap:userPassword}
Normalize the username to exactly the mailRoutingAddress field’s value regardless of how the pass_filter found the user.
pass_filter = (mailRoutingAddress=%u) iterate_attrs = mailRoutingAddress=user iterate_filter = (objectClass= messageStoreRecipient)
from :
https://doc.dovecot.org/2.3/configuration_manual/authentication/ldap/
dovecot is more of a unix style programming allowing for postgresql (what i use), mysql, passwd etc
hope this points you in the right direction.
Thanks - Paul Kudla (Manager SCOM.CA Internet Services Inc.)
Have A Happy Sunday AND Happy Sucessful 2026 !
Scom.ca Internet Services <http://www.scom.ca> 104-1009 Byron Street South Whitby, Ontario - Canada L1N 4S3
Toronto 416.642.7266 Main 1.866.411.7266 Fax 1.888.892.7266 Email paul@scom.ca
On 2026-01-25 3:50 AM, ByteWave via dovecot wrote:
Are there any Dovecot configuration examples for linking an Active Directory? The documentation doesn't mention it, and my configuration only works for IMAP authentication; for some unknown reason, the user is then not found...
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
Hello Paul,
Thank you very much for your detailed information and advice.
I'm currently using Dovecot 2.4.1. On Windows, it's not possible to grant a user access to all the necessary information, so I rely on user logins to validate passwords.
This method works correctly for IMAP authentication, but, for some unknown reason, it doesn't work for writing emails: Dovecot can't find the user or the static user database it should use in this case.
I'm continuing to investigate to understand this difference in behavior.
I also wish you a very happy 2026, full of success!
Sincerely,
thanks for the reply (how i learn)
question :
it doesn't work for writing emails ???
what are you trying to do (ie pls better explain writing emails?)
ie are you using AD for the address book etc ???
are you trying to use the MAPI interface(s) in windows ?
also what client are you using (outlook, thunderbird etc)
it also needs to be noted that if you are running ssl via an outlook client it only supports the master ssl certificate of the main server.
for example : mail.scom.ca is the master cert for scom.ca
but being an isp i have multiple certs running (using SNR) for other domains in which outlook refuses to pickup on.
If this is not an issue keep it in mind for the future.
When i send my customer the setup info for ssl connects they have to use the master cert (mail.scom.ca) in stead of the mail.xxx.com domain name. This to can cause auth errors (found that out the hard way)
not trying to get off track just something to look at.
email on windows is really an exchange thing which carries its own issue(s)
Thanks - Paul Kudla (Manager SCOM.CA Internet Services Inc.)
Have A Happy Sunday AND Happy Sucessful 2026 !
Scom.ca Internet Services <http://www.scom.ca> 104-1009 Byron Street South Whitby, Ontario - Canada L1N 4S3
Toronto 416.642.7266 Main 1.866.411.7266 Fax 1.888.892.7266 Email paul@scom.ca
On 2026-01-25 4:37 AM, ByteWave via dovecot wrote:
Hello Paul,
Thank you very much for your detailed information and advice.
I'm currently using Dovecot 2.4.1. On Windows, it's not possible to grant a user access to all the necessary information, so I rely on user logins to validate passwords.
This method works correctly for IMAP authentication, but, for some unknown reason, it doesn't work for writing emails: Dovecot can't find the user or the static user database it should use in this case.
I'm continuing to investigate to understand this difference in behavior.
I also wish you a very happy 2026, full of success!
Sincerely,
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
Hi Paul,
Yes, I can authenticate without any problem using Windows LDAP via a self-signed certificate.
However, the userdb isn't being found. Dovecot is trying to search for the user using the filter and the ldap_base I specified, whereas, according to the documentation, this shouldn't be necessary with a template-based bind_userdn.
I'm a bit confused about this behavior—I'm wondering if it's a bug.
I think I should perhaps contact Dovecot support about this to get their opinion.
Thank you for your comments and advice, and Happy New Year 2026!
Sincerely,
participants (2)
-
ByteWave
-
Paul Kudla