"Temporary authentication failure" ? Cant connect with ldap user

David Scheele

23 Feb 2015 23 Feb '15

7:02 p.m.

Hello there, first time writing.

I'm relatively new to linux and have been tasked with setting up the following configuration: Debian Wheezy Server Postfix Dovecot OpenLDAP

So, I set up the Server, installed and configured postfix, ldap and dovecot (in that order) and now simply try to log into the mail account with a used from the LDAP over telnet.

The test looks like this:

In the logs it says

*|[date] mailserver dovecot: auth: Error: LDAP: binding failed (dn cn=admin): Invalid credentials*

But I KNOW the admin password I entered into the dovecot-lda.conf.ext is correct as I use it to log into the LDAP directory over jxplorer

I also know the password for the user i try to log in with is correct as i set it myself over and over just to be sure there are no typos. I'm at a loss, I've been at this end for a few days now and can't find good tutorials online because its either always an old dovecot, postfix, ldap or debian version and somewhere in the middle it just stops because some file is completely missing. I get the impression I'm just not able-brained for linux useage.

Anyway, here are a few more informations about the system:

*Dovecot version 2.1.7*

Output of grep -v '^ *$#.*$\?$' dovecot-sql.conf:

*hosts = localhost* *dn = cn=admin* *dnpass = [password]* *sasl_bind = no* *tls = no* *auth_bind = yes* *ldap_version = 3* *base = dc=[domainname],dc=de* *user_attrs = uidNumber=uid,gidNumber=gid* *user_filter = (&(objectClass=posixAccount)(uid=%u))* *pass_attrs = uid=user,userPassword=password*

Output of dovecot -n:

*disable_plaintest_auth = no* *mail_location = mbox:~/mail:INBOX=/var/mail/%u* *[namespace config here]*

*passdb {* *args = /etc/dovecot/dovecot-ldap.conf.ext* *driver = ldap* *}* *plugin {* *sieve = ~/.dovecot.sieve* *sieve_dir = ~/sieve* *}*

*protocols = " imap pop3"* *ssl_cert = *ssl_key = *userdb {* *args = /etc/dovecot/dovecot-ldap.conf.ext* *driver =ldap* *}* *protocol pop3 {* *pop3_client_workarounds = outlook-no-nuls oe-ns-eoh* *pop3_uidl_format = %08Xu%08Xv* *}*

Any help would be greatly apprechiated.... I'm going crazy over here.

Thanks in advance, David

0 0

Reply
Sign in to reply online Use email software

Show replies by date

Bob Miller

23 Feb 23 Feb
7:14 p.m.

Hi,

...
*hosts = localhost* *dn = cn=admin* *dnpass = [password]* *sasl_bind = no* *tls = no* *auth_bind = yes*

Just a guess, but I don't see a matching auth_bind_userdn to go with this...

...
*ldap_version = 3* *base = dc=[domainname],dc=de* *user_attrs = uidNumber=uid,gidNumber=gid* *user_filter = (&(objectClass=posixAccount)(uid=%u))* *pass_attrs = uid=user,userPassword=password*

0 0

Reply
Sign in to reply online Use email software

Mihai Badici

8:11 p.m.

On Monday 23 February 2015 18:02:13 David Scheele wrote:

...
Hello there, first time writing.

I'm relatively new to linux and have been tasked with setting up the following configuration: Debian Wheezy Server Postfix Dovecot OpenLDAP

I use this configuration for some time, I call it Machinet mailserver as a sort of dumb version of Kolab Mailserver.

You can find a simple script here for installing all thing, is not finished but you can at least look at configuration files: http://mihai.badici.ro/linux/machinet/debian/ Some short info here: http://machinet.badici.ro/

...
So, I set up the Server, installed and configured postfix, ldap and dovecot (in that order) and now simply try to log into the mail account with a used from the LDAP over telnet.

The test looks like this:

*|> telnet localhost 143* *| a bunch of stuff ending with:* *| OK [**] Dovecot ready.* *|> a login username userpassword* *| a NO [UNAVAILABLE] Temporary authentication failure. [host and date here]*

In the logs it says

*|[date] mailserver dovecot: auth: Error: LDAP: binding failed (dn cn=admin): Invalid credentials*

But I KNOW the admin password I entered into the dovecot-lda.conf.ext is correct as I use it to log into the LDAP directory over jxplorer

I also know the password for the user i try to log in with is correct as i set it myself over and over just to be sure there are no typos. I'm at a loss, I've been at this end for a few days now and can't find good tutorials online because its either always an old dovecot, postfix, ldap or debian version and somewhere in the middle it just stops because some file is completely missing. I get the impression I'm just not able-brained for linux useage.

Anyway, here are a few more informations about the system:

*Dovecot version 2.1.7*

Output of grep -v '^ *$#.*$\?$' dovecot-sql.conf:

*hosts = localhost* *dn = cn=admin* *dnpass = [password]* *sasl_bind = no* *tls = no* *auth_bind = yes* *ldap_version = 3* *base = dc=[domainname],dc=de* *user_attrs = uidNumber=uid,gidNumber=gid* *user_filter = (&(objectClass=posixAccount)(uid=%u))* *pass_attrs = uid=user,userPassword=password*

Output of dovecot -n:

*disable_plaintest_auth = no* *mail_location = mbox:~/mail:INBOX=/var/mail/%u* *[namespace config here]*

*passdb {* *args = /etc/dovecot/dovecot-ldap.conf.ext* *driver = ldap* *}* *plugin {* *sieve = ~/.dovecot.sieve* *sieve_dir = ~/sieve* *}*

*protocols = " imap pop3"* *ssl_cert = *ssl_key = *userdb {* *args = /etc/dovecot/dovecot-ldap.conf.ext* *driver =ldap* *}* *protocol pop3 {* *pop3_client_workarounds = outlook-no-nuls oe-ns-eoh* *pop3_uidl_format = %08Xu%08Xv* *}*

Any help would be greatly apprechiated.... I'm going crazy over here.

Thanks in advance, David

Mihai Bădici http://mihai.badici.ro

0 0

Reply
Sign in to reply online Use email software

Steffen Kaiser

24 Feb 24 Feb
9:05 a.m.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

On Mon, 23 Feb 2015, David Scheele wrote:

...
So, I set up the Server, installed and configured postfix, ldap and dovecot (in that order) and now simply try to log into the mail account with a used from the LDAP over telnet.

The test looks like this:

*|> telnet localhost 143* *| a bunch of stuff ending with:* *| OK [**] Dovecot ready.* *|> a login username userpassword* *| a NO [UNAVAILABLE] Temporary authentication failure. [host and date here]*

In the logs it says

*|[date] mailserver dovecot: auth: Error: LDAP: binding failed (dn cn=admin): Invalid credentials*

But I KNOW the admin password I entered into the dovecot-lda.conf.ext is correct as I use it to log into the LDAP directory over jxplorer

I also know the password for the user i try to log in with is correct as i set it myself over and over just to be sure there are no typos. I'm at a loss, I've been at this end for a few days now and can't find good tutorials online because its either always an old dovecot, postfix, ldap or debian version and somewhere in the middle it just stops because some file is completely missing. I get the impression I'm just not able-brained for linux useage.

Anyway, here are a few more informations about the system:

*Dovecot version 2.1.7*

Output of grep -v '^ *$#.*$\?$' dovecot-sql.conf: ^^^^^^^^^^^^^^^^

*hosts = localhost* *dn = cn=admin* *dnpass = [password]* *sasl_bind = no* *tls = no* *auth_bind = yes* *ldap_version = 3* *base = dc=[domainname],dc=de* *user_attrs = uidNumber=uid,gidNumber=gid* *user_filter = (&(objectClass=posixAccount)(uid=%u))* *pass_attrs = uid=user,userPassword=password*

Output of dovecot -n:

*disable_plaintest_auth = no* *mail_location = mbox:~/mail:INBOX=/var/mail/%u* *[namespace config here]*

*passdb {* *args = /etc/dovecot/dovecot-ldap.conf.ext* ^^^^^^^^^^^^^^^^^^^^

filename mismatch

...
*driver = ldap* *}* *plugin {* *sieve = ~/.dovecot.sieve* *sieve_dir = ~/sieve* *}*

*protocols = " imap pop3"* *ssl_cert = *ssl_key = *userdb {* *args = /etc/dovecot/dovecot-ldap.conf.ext* *driver =ldap* *}* *protocol pop3 {* *pop3_client_workarounds = outlook-no-nuls oe-ns-eoh* *pop3_uidl_format = %08Xu%08Xv* *}*

Any help would be greatly apprechiated.... I'm going crazy over here.

Thanks in advance, David

Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQEVAwUBVOwixXz1H7kL/d9rAQJxAgf/dNt0dBGANbIGvm6B0Oeuna/+uY5/7MR8 9EpFwss94eu4PyFgAfOm2Al+IOT98LP1N9OHs3Za2r/2W7LKaesgjCa3vBfH9IjZ okUj7fsQXsTAM+UqtF+ne3f5Vp6Ng36Irabr5HLptlbIu3lq8ALMm/E/72TabVLl Lln7bB/YFftnrTlI2HheRLnAwSOMHu4rNE7G9zLqiPEipD5XsqgDBPpAM6PwPmbi k/irSUgq8h4b66LCzo6Ekv6lvKzWxQpzJo0MC99HT0syAP/qpyLbPARhQvDXCH7J wvf/T19EAt+OC4zzfIPgL2YxRP5ZN5efr82NLYdiMVfAcBaDHaFWTA== =8upy -----END PGP SIGNATURE-----

0 0

Reply
Sign in to reply online Use email software

David Scheele

10:36 a.m.

@Steffen Kaiser: Sorry I wrote that wrong. I did indeed *grep -v '^ *$#.*$\?$' dovecot-ldap.conf.ext* to get those results.

@Bob Miller: And how would that look like? I added a auth_bind_userdn looking like this: *auth_bind_userdn = uid=%u,dc=[hostname],o=de* And restartet dovecot, no use.

Any other ideas?

Best, David

2015-02-24 8:05 GMT+01:00 Steffen Kaiser skdovecot@smail.inf.fh-brs.de:

...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

On Mon, 23 Feb 2015, David Scheele wrote:

So, I set up the Server, installed and configured postfix, ldap and

...
dovecot (in that order) and now simply try to log into the mail account with a used from the LDAP over telnet.

The test looks like this:

*|> telnet localhost 143* *| a bunch of stuff ending with:* *| OK [**] Dovecot ready.* *|> a login username userpassword* *| a NO [UNAVAILABLE] Temporary authentication failure. [host and date here]*

In the logs it says

*|[date] mailserver dovecot: auth: Error: LDAP: binding failed (dn cn=admin): Invalid credentials*

But I KNOW the admin password I entered into the dovecot-lda.conf.ext is correct as I use it to log into the LDAP directory over jxplorer

I also know the password for the user i try to log in with is correct as i set it myself over and over just to be sure there are no typos. I'm at a loss, I've been at this end for a few days now and can't find good tutorials online because its either always an old dovecot, postfix, ldap or debian version and somewhere in the middle it just stops because some file is completely missing. I get the impression I'm just not able-brained for linux useage.

Anyway, here are a few more informations about the system:

*Dovecot version 2.1.7*

Output of grep -v '^ *$#.*$\?$' dovecot-sql.conf:

^^^^^^^^^^^^^^^^

...
*hosts = localhost* *dn = cn=admin* *dnpass = [password]* *sasl_bind = no* *tls = no* *auth_bind = yes* *ldap_version = 3* *base = dc=[domainname],dc=de* *user_attrs = uidNumber=uid,gidNumber=gid* *user_filter = (&(objectClass=posixAccount)(uid=%u))* *pass_attrs = uid=user,userPassword=password*

Output of dovecot -n:

*disable_plaintest_auth = no* *mail_location = mbox:~/mail:INBOX=/var/mail/%u* *[namespace config here]*

*passdb {* *args = /etc/dovecot/dovecot-ldap.conf.ext*

^^^^^^^^^^^^^^^^^^^^

filename mismatch

*driver = ldap*

...
*}* *plugin {* *sieve = ~/.dovecot.sieve* *sieve_dir = ~/sieve* *}*

*protocols = " imap pop3"* *ssl_cert = *ssl_key = *userdb {* *args = /etc/dovecot/dovecot-ldap.conf.ext* *driver =ldap* *}* *protocol pop3 {* *pop3_client_workarounds = outlook-no-nuls oe-ns-eoh* *pop3_uidl_format = %08Xu%08Xv* *}*

Any help would be greatly apprechiated.... I'm going crazy over here.

Thanks in advance, David

-- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQEVAwUBVOwixXz1H7kL/d9rAQJxAgf/dNt0dBGANbIGvm6B0Oeuna/+uY5/7MR8 9EpFwss94eu4PyFgAfOm2Al+IOT98LP1N9OHs3Za2r/2W7LKaesgjCa3vBfH9IjZ okUj7fsQXsTAM+UqtF+ne3f5Vp6Ng36Irabr5HLptlbIu3lq8ALMm/E/72TabVLl Lln7bB/YFftnrTlI2HheRLnAwSOMHu4rNE7G9zLqiPEipD5XsqgDBPpAM6PwPmbi k/irSUgq8h4b66LCzo6Ekv6lvKzWxQpzJo0MC99HT0syAP/qpyLbPARhQvDXCH7J wvf/T19EAt+OC4zzfIPgL2YxRP5ZN5efr82NLYdiMVfAcBaDHaFWTA== =8upy -----END PGP SIGNATURE-----

0 0

Reply
Sign in to reply online Use email software

Steffen Kaiser

11:02 a.m.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

On Tue, 24 Feb 2015, David Scheele wrote:

...
2015-02-24 8:05 GMT+01:00 Steffen Kaiser skdovecot@smail.inf.fh-brs.de:

...
On Mon, 23 Feb 2015, David Scheele wrote:

So, I set up the Server, installed and configured postfix, ldap and

...
dovecot (in that order) and now simply try to log into the mail account with a used from the LDAP over telnet.

The test looks like this:

*|> telnet localhost 143* *| a bunch of stuff ending with:* *| OK [**] Dovecot ready.* *|> a login username userpassword* *| a NO [UNAVAILABLE] Temporary authentication failure. [host and date here]*

In the logs it says

*|[date] mailserver dovecot: auth: Error: LDAP: binding failed (dn cn=admin): Invalid credentials*

But I KNOW the admin password I entered into the dovecot-lda.conf.ext is correct as I use it to log into the LDAP directory over jxplorer

I also know the password for the user i try to log in with is correct as i set it myself over and over just to be sure there are no typos. I'm at a loss, I've been at this end for a few days now and can't find good tutorials online because its either always an old dovecot, postfix, ldap or debian version and somewhere in the middle it just stops because some file is completely missing. I get the impression I'm just not able-brained for linux useage.

Anyway, here are a few more informations about the system:

*Dovecot version 2.1.7*

Output of grep -v '^ *$#.*$\?$' dovecot-ldap.conf.ext: *hosts = localhost* *dn = cn=admin* *dnpass = [password]*

install the ldap-utils package - that one containing ldapsearch - and execute:

ldapsearch -W -D cn=admin -b 'dc=[domainname],dc=de'
'(&(objectClass=posixAccount)(uid=<<uid>>))'

then enter your password.

I suppose, cn=admin is missing a domain name, e.g. dc=[domainname],dc=de .

does your dnpass contain "funny" characters?

...
...
...
*sasl_bind = no* *tls = no* *auth_bind = yes* *ldap_version = 3* *base = dc=[domainname],dc=de* *user_attrs = uidNumber=uid,gidNumber=gid* *user_filter = (&(objectClass=posixAccount)(uid=%u))* *pass_attrs = uid=user,userPassword=password*

BTW: You do not habe no pass_filter or I deleted it last time.

...
...
...
Output of dovecot -n:

*disable_plaintest_auth = no* *mail_location = mbox:~/mail:INBOX=/var/mail/%u* *[namespace config here]*

*passdb {* *args = /etc/dovecot/dovecot-ldap.conf.ext*

^^^^^^^^^^^^^^^^^^^^

filename mismatch

*driver = ldap*

...
*}* *plugin {* *sieve = ~/.dovecot.sieve* *sieve_dir = ~/sieve* *}*

*protocols = " imap pop3"* *ssl_cert = *ssl_key = *userdb {* *args = /etc/dovecot/dovecot-ldap.conf.ext* *driver =ldap* *}* *protocol pop3 {* *pop3_client_workarounds = outlook-no-nuls oe-ns-eoh* *pop3_uidl_format = %08Xu%08Xv* *}*

Any help would be greatly apprechiated.... I'm going crazy over here.

Thanks in advance, David

-- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQEVAwUBVOwixXz1H7kL/d9rAQJxAgf/dNt0dBGANbIGvm6B0Oeuna/+uY5/7MR8 9EpFwss94eu4PyFgAfOm2Al+IOT98LP1N9OHs3Za2r/2W7LKaesgjCa3vBfH9IjZ okUj7fsQXsTAM+UqtF+ne3f5Vp6Ng36Irabr5HLptlbIu3lq8ALMm/E/72TabVLl Lln7bB/YFftnrTlI2HheRLnAwSOMHu4rNE7G9zLqiPEipD5XsqgDBPpAM6PwPmbi k/irSUgq8h4b66LCzo6Ekv6lvKzWxQpzJo0MC99HT0syAP/qpyLbPARhQvDXCH7J wvf/T19EAt+OC4zzfIPgL2YxRP5ZN5efr82NLYdiMVfAcBaDHaFWTA== =8upy -----END PGP SIGNATURE-----

Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQEVAwUBVOw+O3z1H7kL/d9rAQIaZAf+MTnOlpm92TbjdWLCNp3THyjUHMaHDmHt /EuAXa7P0r16tuBHXNuWAohSzG80ZF6ALxg1EhtFkFdH/VtrnyqZ0L6imahcXbhe QnwMA1R4PK1+K7ckUisg8Pkv+3hXPrMyjvOyqMUwOTmlwG6PjHNaX7LxthDQNTu4 0PjXVZ0IBGlBPTyra/9l81K5j/vw0qfvVF4ycWAFV7An/dqM3nYBnqkBTziqozNs wdhYWFQqApE/pGOe6TbFGeDEiE9PXVTue4G/H9VGe8GKu/ctlp0mtaRN7x84h5dO bqshRfVouSIOhK5jynJMH/T142URGKYGGaS7evCVfwNsRkOcdWJm+g== =W7kX -----END PGP SIGNATURE-----

0 0

Reply
Sign in to reply online Use email software

David Scheele

11:23 a.m.

The ldap-utils were already installed. I did the ldapsearch you gave me, but after inputting my admin password it gives me *ldap_bind: Invalid credentials (49)* I logged into the ldap server with my admin credentials (which worked fine) and changed my password to '12345', Trying that, still *Invalid credentials* .

1.) I tried that already. The error switches to syntax error then. 2.) Not really. An upper case letter and a number + various lowercase letters. Not very exotic.

Is the pass_filter neccessary? I just wanted to make the installation as basic as possible, to not get any unwanted errors.

Best, David

2015-02-24 10:02 GMT+01:00 Steffen Kaiser skdovecot@smail.inf.fh-brs.de:

...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

On Tue, 24 Feb 2015, David Scheele wrote:

...
2015-02-24 8:05 GMT+01:00 Steffen Kaiser skdovecot@smail.inf.fh-brs.de:

...
On Mon, 23 Feb 2015, David Scheele wrote:

So, I set up the Server, installed and configured postfix, ldap and

...
dovecot (in that order) and now simply try to log into the mail account with a used from the LDAP over telnet.

The test looks like this:

*|> telnet localhost 143* *| a bunch of stuff ending with:* *| OK [**] Dovecot ready.* *|> a login username userpassword* *| a NO [UNAVAILABLE] Temporary authentication failure. [host and date here]*

In the logs it says

*|[date] mailserver dovecot: auth: Error: LDAP: binding failed (dn cn=admin): Invalid credentials*

But I KNOW the admin password I entered into the dovecot-lda.conf.ext is correct as I use it to log into the LDAP directory over jxplorer

I also know the password for the user i try to log in with is correct as i set it myself over and over just to be sure there are no typos. I'm at a loss, I've been at this end for a few days now and can't find good tutorials online because its either always an old dovecot, postfix, ldap or debian version and somewhere in the middle it just stops because some file is completely missing. I get the impression I'm just not able-brained for linux useage.

Anyway, here are a few more informations about the system:

*Dovecot version 2.1.7*

Output of grep -v '^ *$#.*$\?$' dovecot-ldap.conf.ext: *hosts = localhost* *dn = cn=admin* *dnpass = [password]*

install the ldap-utils package - that one containing ldapsearch - and execute:

ldapsearch -W -D cn=admin -b 'dc=[domainname],dc=de'
'(&(objectClass=posixAccount)(uid=<<uid>>))'

then enter your password.

I suppose, cn=admin is missing a domain name, e.g. dc=[domainname],dc=de .

does your dnpass contain "funny" characters?

*sasl_bind = no*

...
...
...
*tls = no* *auth_bind = yes* *ldap_version = 3* *base = dc=[domainname],dc=de* *user_attrs = uidNumber=uid,gidNumber=gid* *user_filter = (&(objectClass=posixAccount)(uid=%u))* *pass_attrs = uid=user,userPassword=password*

BTW: You do not habe no pass_filter or I deleted it last time.

...
...
...
Output of dovecot -n:

*disable_plaintest_auth = no* *mail_location = mbox:~/mail:INBOX=/var/mail/%u* *[namespace config here]*

*passdb {* *args = /etc/dovecot/dovecot-ldap.conf.ext*

^^^^^^^^^^^^^^^^^^^^

filename mismatch

*driver = ldap*

...
*}* *plugin {* *sieve = ~/.dovecot.sieve* *sieve_dir = ~/sieve* *}*

*protocols = " imap pop3"* *ssl_cert = *ssl_key = *userdb {* *args = /etc/dovecot/dovecot-ldap.conf.ext* *driver =ldap* *}* *protocol pop3 {* *pop3_client_workarounds = outlook-no-nuls oe-ns-eoh* *pop3_uidl_format = %08Xu%08Xv* *}*

Any help would be greatly apprechiated.... I'm going crazy over here.

Thanks in advance, David

-- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQEVAwUBVOwixXz1H7kL/d9rAQJxAgf/dNt0dBGANbIGvm6B0Oeuna/+uY5/7MR8 9EpFwss94eu4PyFgAfOm2Al+IOT98LP1N9OHs3Za2r/2W7LKaesgjCa3vBfH9IjZ okUj7fsQXsTAM+UqtF+ne3f5Vp6Ng36Irabr5HLptlbIu3lq8ALMm/E/72TabVLl Lln7bB/YFftnrTlI2HheRLnAwSOMHu4rNE7G9zLqiPEipD5XsqgDBPpAM6PwPmbi k/irSUgq8h4b66LCzo6Ekv6lvKzWxQpzJo0MC99HT0syAP/qpyLbPARhQvDXCH7J wvf/T19EAt+OC4zzfIPgL2YxRP5ZN5efr82NLYdiMVfAcBaDHaFWTA== =8upy -----END PGP SIGNATURE-----

-- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQEVAwUBVOw+O3z1H7kL/d9rAQIaZAf+MTnOlpm92TbjdWLCNp3THyjUHMaHDmHt /EuAXa7P0r16tuBHXNuWAohSzG80ZF6ALxg1EhtFkFdH/VtrnyqZ0L6imahcXbhe QnwMA1R4PK1+K7ckUisg8Pkv+3hXPrMyjvOyqMUwOTmlwG6PjHNaX7LxthDQNTu4 0PjXVZ0IBGlBPTyra/9l81K5j/vw0qfvVF4ycWAFV7An/dqM3nYBnqkBTziqozNs wdhYWFQqApE/pGOe6TbFGeDEiE9PXVTue4G/H9VGe8GKu/ctlp0mtaRN7x84h5dO bqshRfVouSIOhK5jynJMH/T142URGKYGGaS7evCVfwNsRkOcdWJm+g== =W7kX -----END PGP SIGNATURE-----

0 0

Reply
Sign in to reply online Use email software

Mihai Badici

11:30 a.m.

On Tuesday 24 February 2015 10:23:14 David Scheele wrote:

...
The ldap-utils were already installed. I did the ldapsearch you gave me, but after inputting my admin password it gives me *ldap_bind: Invalid credentials (49)* I logged into the ldap server with my admin credentials (which worked fine) and changed my password to '12345', Trying that, still *Invalid credentials* .

1.) I tried that already. The error switches to syntax error then. 2.) Not really. An upper case letter and a number + various lowercase letters. Not very exotic.

Is the pass_filter neccessary? I just wanted to make the installation as basic as possible, to not get any unwanted errors.

Best, David

You can compare the querry performed by ldapsearch versus the one performed by your ldap frontend by looking in openldap log ( /var/log/debug ? ) Should be the dn pf the admin user, maybe isn't cn=admin but cn=admin,dc=mydomain .

0 0

Reply
Sign in to reply online Use email software

Steffen Kaiser

11:42 a.m.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

On Tue, 24 Feb 2015, David Scheele wrote:

...
The ldap-utils were already installed. I did the ldapsearch you gave me, but after inputting my admin password it gives me *ldap_bind: Invalid credentials (49)* I logged into the ldap server with my admin credentials (which worked fine) and changed my password to '12345', Trying that, still *Invalid credentials* .

Oh forgot:

ldapsearch -x ..

Also try:

ldapsearch -x cn=admin

to get the full DN of the admin

...
1.) I tried that already. The error switches to syntax error then. 2.) Not really. An upper case letter and a number + various lowercase letters. Not very exotic.

Is the pass_filter neccessary? I just wanted to make the installation as basic as possible, to not get any unwanted errors.

Best, David

2015-02-24 10:02 GMT+01:00 Steffen Kaiser skdovecot@smail.inf.fh-brs.de:

...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

On Tue, 24 Feb 2015, David Scheele wrote:

...
2015-02-24 8:05 GMT+01:00 Steffen Kaiser skdovecot@smail.inf.fh-brs.de:

...
On Mon, 23 Feb 2015, David Scheele wrote:

So, I set up the Server, installed and configured postfix, ldap and

...
dovecot (in that order) and now simply try to log into the mail account with a used from the LDAP over telnet.

The test looks like this:

*|> telnet localhost 143* *| a bunch of stuff ending with:* *| OK [**] Dovecot ready.* *|> a login username userpassword* *| a NO [UNAVAILABLE] Temporary authentication failure. [host and date here]*

In the logs it says

*|[date] mailserver dovecot: auth: Error: LDAP: binding failed (dn cn=admin): Invalid credentials*

But I KNOW the admin password I entered into the dovecot-lda.conf.ext is correct as I use it to log into the LDAP directory over jxplorer

I also know the password for the user i try to log in with is correct as i set it myself over and over just to be sure there are no typos. I'm at a loss, I've been at this end for a few days now and can't find good tutorials online because its either always an old dovecot, postfix, ldap or debian version and somewhere in the middle it just stops because some file is completely missing. I get the impression I'm just not able-brained for linux useage.

Anyway, here are a few more informations about the system:

*Dovecot version 2.1.7*

Output of grep -v '^ *$#.*$\?$' dovecot-ldap.conf.ext: *hosts = localhost* *dn = cn=admin* *dnpass = [password]*

install the ldap-utils package - that one containing ldapsearch - and execute:

ldapsearch -W -D cn=admin -b 'dc=[domainname],dc=de'
'(&(objectClass=posixAccount)(uid=<<uid>>))'

then enter your password.

I suppose, cn=admin is missing a domain name, e.g. dc=[domainname],dc=de .

does your dnpass contain "funny" characters?

*sasl_bind = no*

...
...
...
*tls = no* *auth_bind = yes* *ldap_version = 3* *base = dc=[domainname],dc=de* *user_attrs = uidNumber=uid,gidNumber=gid* *user_filter = (&(objectClass=posixAccount)(uid=%u))* *pass_attrs = uid=user,userPassword=password*

BTW: You do not habe no pass_filter or I deleted it last time.

...
...
...
Output of dovecot -n:

*disable_plaintest_auth = no* *mail_location = mbox:~/mail:INBOX=/var/mail/%u* *[namespace config here]*

*passdb {* *args = /etc/dovecot/dovecot-ldap.conf.ext*

^^^^^^^^^^^^^^^^^^^^

filename mismatch

*driver = ldap*

...
*}* *plugin {* *sieve = ~/.dovecot.sieve* *sieve_dir = ~/sieve* *}*

*protocols = " imap pop3"* *ssl_cert = *ssl_key = *userdb {* *args = /etc/dovecot/dovecot-ldap.conf.ext* *driver =ldap* *}* *protocol pop3 {* *pop3_client_workarounds = outlook-no-nuls oe-ns-eoh* *pop3_uidl_format = %08Xu%08Xv* *}*

Any help would be greatly apprechiated.... I'm going crazy over here.

Thanks in advance, David

-- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQEVAwUBVOwixXz1H7kL/d9rAQJxAgf/dNt0dBGANbIGvm6B0Oeuna/+uY5/7MR8 9EpFwss94eu4PyFgAfOm2Al+IOT98LP1N9OHs3Za2r/2W7LKaesgjCa3vBfH9IjZ okUj7fsQXsTAM+UqtF+ne3f5Vp6Ng36Irabr5HLptlbIu3lq8ALMm/E/72TabVLl Lln7bB/YFftnrTlI2HheRLnAwSOMHu4rNE7G9zLqiPEipD5XsqgDBPpAM6PwPmbi k/irSUgq8h4b66LCzo6Ekv6lvKzWxQpzJo0MC99HT0syAP/qpyLbPARhQvDXCH7J wvf/T19EAt+OC4zzfIPgL2YxRP5ZN5efr82NLYdiMVfAcBaDHaFWTA== =8upy -----END PGP SIGNATURE-----

-- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQEVAwUBVOw+O3z1H7kL/d9rAQIaZAf+MTnOlpm92TbjdWLCNp3THyjUHMaHDmHt /EuAXa7P0r16tuBHXNuWAohSzG80ZF6ALxg1EhtFkFdH/VtrnyqZ0L6imahcXbhe QnwMA1R4PK1+K7ckUisg8Pkv+3hXPrMyjvOyqMUwOTmlwG6PjHNaX7LxthDQNTu4 0PjXVZ0IBGlBPTyra/9l81K5j/vw0qfvVF4ycWAFV7An/dqM3nYBnqkBTziqozNs wdhYWFQqApE/pGOe6TbFGeDEiE9PXVTue4G/H9VGe8GKu/ctlp0mtaRN7x84h5dO bqshRfVouSIOhK5jynJMH/T142URGKYGGaS7evCVfwNsRkOcdWJm+g== =W7kX -----END PGP SIGNATURE-----

Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQEVAwUBVOxHeXz1H7kL/d9rAQLm6ggAg0Aqx0d6zWxvPf7jIJ+fG9omXlLGrnHU DoqcLFR+PslKJcB6jsGNNzwrN2Xlfqh2ZljreOEyvgYZmD0G0U6z+WI1siGTu/Li Qx8qcHUbKv/fLSuwx5uV0QL4RtgHNX69/DABtHiffd4ecAeuiTL2Vgdxu5DLzgZE zm1ZPpdrqEFDLb28qu0jxWvfhZT8tVJ+4NH2zvgxEIZ0/O7xozIBCcp/BwRiy/JH iGK+J039UfBX03qGTpezEiL8AWIwnouVMx+f0Xh9R+Fah7scG2iF3AEcgpFsoLpS d9b/cMgKufK6qtxQvb4IIahZuxt15EBRLdYLqW7L1QaLNwVZYtK0fw== =pJnh -----END PGP SIGNATURE-----

0 0

Reply
Sign in to reply online Use email software

David Scheele

11:51 a.m.

Hmm...

*ldapsearch -x cn=admin* gives me:

| # A bunch of information not really interesting | # search result | search: 2 | result: 32 No such object | | numResponses: 1

*ldapsearch -x cn=admin* gives the same. Did i configure the ldap wrong?

2015-02-24 10:42 GMT+01:00 Steffen Kaiser skdovecot@smail.inf.fh-brs.de:

...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

On Tue, 24 Feb 2015, David Scheele wrote:

...
The ldap-utils were already installed. I did the ldapsearch you gave me, but after inputting my admin password it gives me *ldap_bind: Invalid credentials (49)* I logged into the ldap server with my admin credentials (which worked fine) and changed my password to '12345', Trying that, still *Invalid credentials* .

Oh forgot:

ldapsearch -x ..

Also try:

ldapsearch -x cn=admin

to get the full DN of the admin

1.) I tried that already. The error switches to syntax error then.

...
2.) Not really. An upper case letter and a number + various lowercase letters. Not very exotic.

Is the pass_filter neccessary? I just wanted to make the installation as basic as possible, to not get any unwanted errors.

Best, David

2015-02-24 10:02 GMT+01:00 Steffen Kaiser
...
:

-----BEGIN PGP SIGNED MESSAGE-----

...
Hash: SHA1

On Tue, 24 Feb 2015, David Scheele wrote:

2015-02-24 8:05 GMT+01:00 Steffen Kaiser
...
...
:

On Mon, 23 Feb 2015, David Scheele wrote:

...
So, I set up the Server, installed and configured postfix, ldap and

dovecot

...
(in that order) and now simply try to log into the mail account with a used from the LDAP over telnet.

The test looks like this:

*|> telnet localhost 143* *| a bunch of stuff ending with:* *| OK [**] Dovecot ready.* *|> a login username userpassword* *| a NO [UNAVAILABLE] Temporary authentication failure. [host and date here]*

In the logs it says

*|[date] mailserver dovecot: auth: Error: LDAP: binding failed (dn cn=admin): Invalid credentials*

But I KNOW the admin password I entered into the dovecot-lda.conf.ext is correct as I use it to log into the LDAP directory over jxplorer

I also know the password for the user i try to log in with is correct as i set it myself over and over just to be sure there are no typos. I'm at a loss, I've been at this end for a few days now and can't find good tutorials online because its either always an old dovecot, postfix, ldap or debian version and somewhere in the middle it just stops because some file is completely missing. I get the impression I'm just not able-brained for linux useage.

Anyway, here are a few more informations about the system:

*Dovecot version 2.1.7*

Output of grep -v '^ *$#.*$\?$' dovecot-ldap.conf.ext: *hosts = localhost* *dn = cn=admin* *dnpass = [password]*

install the ldap-utils package - that one containing ldapsearch - and

execute:

ldapsearch -W -D cn=admin -b 'dc=[domainname],dc=de'
'(&(objectClass=posixAccount)(uid=<<uid>>))'

then enter your password.

I suppose, cn=admin is missing a domain name, e.g. dc=[domainname],dc=de .

does your dnpass contain "funny" characters?

*sasl_bind = no*

...
*tls = no*

...
...
*auth_bind = yes* *ldap_version = 3* *base = dc=[domainname],dc=de* *user_attrs = uidNumber=uid,gidNumber=gid* *user_filter = (&(objectClass=posixAccount)(uid=%u))* *pass_attrs = uid=user,userPassword=password*

BTW: You do not habe no pass_filter or I deleted it last time.

Output of dovecot -n:

...
...
...
*disable_plaintest_auth = no* *mail_location = mbox:~/mail:INBOX=/var/mail/%u* *[namespace config here]*

*passdb {* *args = /etc/dovecot/dovecot-ldap.conf.ext*

^^^^^^^^^^^^^^^^^^^^

filename mismatch

*driver = ldap*

*}*

...
*plugin {* *sieve = ~/.dovecot.sieve* *sieve_dir = ~/sieve* *}*

*protocols = " imap pop3"* *ssl_cert = *ssl_key = *userdb {* *args = /etc/dovecot/dovecot-ldap.conf.ext* *driver =ldap* *}* *protocol pop3 {* *pop3_client_workarounds = outlook-no-nuls oe-ns-eoh* *pop3_uidl_format = %08Xu%08Xv* *}*

Any help would be greatly apprechiated.... I'm going crazy over here.

Thanks in advance, David

-- Steffen Kaiser

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQEVAwUBVOwixXz1H7kL/d9rAQJxAgf/dNt0dBGANbIGvm6B0Oeuna/+uY5/7MR8 9EpFwss94eu4PyFgAfOm2Al+IOT98LP1N9OHs3Za2r/2W7LKaesgjCa3vBfH9IjZ okUj7fsQXsTAM+UqtF+ne3f5Vp6Ng36Irabr5HLptlbIu3lq8ALMm/E/72TabVLl Lln7bB/YFftnrTlI2HheRLnAwSOMHu4rNE7G9zLqiPEipD5XsqgDBPpAM6PwPmbi k/irSUgq8h4b66LCzo6Ekv6lvKzWxQpzJo0MC99HT0syAP/qpyLbPARhQvDXCH7J wvf/T19EAt+OC4zzfIPgL2YxRP5ZN5efr82NLYdiMVfAcBaDHaFWTA== =8upy -----END PGP SIGNATURE-----

-- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQEVAwUBVOw+O3z1H7kL/d9rAQIaZAf+MTnOlpm92TbjdWLCNp3THyjUHMaHDmHt /EuAXa7P0r16tuBHXNuWAohSzG80ZF6ALxg1EhtFkFdH/VtrnyqZ0L6imahcXbhe QnwMA1R4PK1+K7ckUisg8Pkv+3hXPrMyjvOyqMUwOTmlwG6PjHNaX7LxthDQNTu4 0PjXVZ0IBGlBPTyra/9l81K5j/vw0qfvVF4ycWAFV7An/dqM3nYBnqkBTziqozNs wdhYWFQqApE/pGOe6TbFGeDEiE9PXVTue4G/H9VGe8GKu/ctlp0mtaRN7x84h5dO bqshRfVouSIOhK5jynJMH/T142URGKYGGaS7evCVfwNsRkOcdWJm+g== =W7kX -----END PGP SIGNATURE-----

-- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQEVAwUBVOxHeXz1H7kL/d9rAQLm6ggAg0Aqx0d6zWxvPf7jIJ+fG9omXlLGrnHU DoqcLFR+PslKJcB6jsGNNzwrN2Xlfqh2ZljreOEyvgYZmD0G0U6z+WI1siGTu/Li Qx8qcHUbKv/fLSuwx5uV0QL4RtgHNX69/DABtHiffd4ecAeuiTL2Vgdxu5DLzgZE zm1ZPpdrqEFDLb28qu0jxWvfhZT8tVJ+4NH2zvgxEIZ0/O7xozIBCcp/BwRiy/JH iGK+J039UfBX03qGTpezEiL8AWIwnouVMx+f0Xh9R+Fah7scG2iF3AEcgpFsoLpS d9b/cMgKufK6qtxQvb4IIahZuxt15EBRLdYLqW7L1QaLNwVZYtK0fw== =pJnh -----END PGP SIGNATURE-----

0 0

Reply
Sign in to reply online Use email software

Steffen Kaiser

12:10 p.m.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

On Tue, 24 Feb 2015, David Scheele wrote:

...
*ldapsearch -x cn=admin* gives me:

| # A bunch of information not really interesting | # search result | search: 2 | result: 32 No such object | | numResponses: 1

*ldapsearch -x cn=admin* gives the same. Did i configure the ldap wrong?

ldapsearch -x -h localhost cn=admin ?

...
2015-02-24 10:42 GMT+01:00 Steffen Kaiser skdovecot@smail.inf.fh-brs.de:

...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

On Tue, 24 Feb 2015, David Scheele wrote:

...
The ldap-utils were already installed. I did the ldapsearch you gave me, but after inputting my admin password it gives me *ldap_bind: Invalid credentials (49)* I logged into the ldap server with my admin credentials (which worked fine) and changed my password to '12345', Trying that, still *Invalid credentials* .

Oh forgot:

ldapsearch -x ..

Also try:

ldapsearch -x cn=admin

to get the full DN of the admin

1.) I tried that already. The error switches to syntax error then.

...
2.) Not really. An upper case letter and a number + various lowercase letters. Not very exotic.

Is the pass_filter neccessary? I just wanted to make the installation as basic as possible, to not get any unwanted errors.

Best, David

2015-02-24 10:02 GMT+01:00 Steffen Kaiser
...
:

-----BEGIN PGP SIGNED MESSAGE-----

...
Hash: SHA1

On Tue, 24 Feb 2015, David Scheele wrote:

2015-02-24 8:05 GMT+01:00 Steffen Kaiser
...
...
:

On Mon, 23 Feb 2015, David Scheele wrote:

...
So, I set up the Server, installed and configured postfix, ldap and

dovecot > (in that order) and now simply try to log into the mail account with a > used > from the LDAP over telnet. > > The test looks like this: > > *|> telnet localhost 143* > *| a bunch of stuff ending with:* > *| OK [**] Dovecot ready.* > *|> a login username userpassword* > *| a NO [UNAVAILABLE] Temporary authentication failure. [host and date > here]* > > In the logs it says > > *|[date] mailserver dovecot: auth: Error: LDAP: binding failed (dn > cn=admin): Invalid credentials* > > But I KNOW the admin password I entered into the dovecot-lda.conf.ext > is > correct as I use it to log into the LDAP directory over jxplorer > > I also know the password for the user i try to log in with is correct > as i > set it myself over and over just to be sure there are no typos. > I'm at a loss, I've been at this end for a few days now and can't find > good > tutorials online because its either always an old dovecot, postfix, > ldap > or > debian version and somewhere in the middle it just stops because some > file > is completely missing. I get the impression I'm just not able-brained > for > linux useage. > > Anyway, here are a few more informations about the system: > > *Dovecot version 2.1.7* > > Output of grep -v '^ *$#.*$\?$' dovecot-ldap.conf.ext: > *hosts = localhost* > *dn = cn=admin* > *dnpass = [password]* > > install the ldap-utils package - that one containing ldapsearch - and

execute:

ldapsearch -W -D cn=admin -b 'dc=[domainname],dc=de'
'(&(objectClass=posixAccount)(uid=<<uid>>))'

then enter your password.

I suppose, cn=admin is missing a domain name, e.g. dc=[domainname],dc=de .

does your dnpass contain "funny" characters?

*sasl_bind = no*

...
*tls = no*

...
> *auth_bind = yes* > *ldap_version = 3* > *base = dc=[domainname],dc=de* > *user_attrs = uidNumber=uid,gidNumber=gid* > *user_filter = (&(objectClass=posixAccount)(uid=%u))* > *pass_attrs = uid=user,userPassword=password* > > BTW: You do not habe no pass_filter or I deleted it last time.

Output of dovecot -n:

...
...
> > *disable_plaintest_auth = no* > *mail_location = mbox:~/mail:INBOX=/var/mail/%u* > *[namespace config here]* > > *passdb {* > *args = /etc/dovecot/dovecot-ldap.conf.ext* > > ^^^^^^^^^^^^^^^^^^^^ >

filename mismatch

*driver = ldap*

*}* > *plugin {* > *sieve = ~/.dovecot.sieve* > *sieve_dir = ~/sieve* > *}* > > *protocols = " imap pop3"* > *ssl_cert = > *ssl_key = > *userdb {* > *args = /etc/dovecot/dovecot-ldap.conf.ext* > *driver =ldap* > *}* > *protocol pop3 {* > *pop3_client_workarounds = outlook-no-nuls oe-ns-eoh* > *pop3_uidl_format = %08Xu%08Xv* > *}* > > Any help would be greatly apprechiated.... I'm going crazy over here. > > Thanks in advance, > David > > > - -- Steffen Kaiser > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQEVAwUBVOwixXz1H7kL/d9rAQJxAgf/dNt0dBGANbIGvm6B0Oeuna/+uY5/7MR8 9EpFwss94eu4PyFgAfOm2Al+IOT98LP1N9OHs3Za2r/2W7LKaesgjCa3vBfH9IjZ okUj7fsQXsTAM+UqtF+ne3f5Vp6Ng36Irabr5HLptlbIu3lq8ALMm/E/72TabVLl Lln7bB/YFftnrTlI2HheRLnAwSOMHu4rNE7G9zLqiPEipD5XsqgDBPpAM6PwPmbi k/irSUgq8h4b66LCzo6Ekv6lvKzWxQpzJo0MC99HT0syAP/qpyLbPARhQvDXCH7J wvf/T19EAt+OC4zzfIPgL2YxRP5ZN5efr82NLYdiMVfAcBaDHaFWTA== =8upy -----END PGP SIGNATURE-----

-- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQEVAwUBVOw+O3z1H7kL/d9rAQIaZAf+MTnOlpm92TbjdWLCNp3THyjUHMaHDmHt /EuAXa7P0r16tuBHXNuWAohSzG80ZF6ALxg1EhtFkFdH/VtrnyqZ0L6imahcXbhe QnwMA1R4PK1+K7ckUisg8Pkv+3hXPrMyjvOyqMUwOTmlwG6PjHNaX7LxthDQNTu4 0PjXVZ0IBGlBPTyra/9l81K5j/vw0qfvVF4ycWAFV7An/dqM3nYBnqkBTziqozNs wdhYWFQqApE/pGOe6TbFGeDEiE9PXVTue4G/H9VGe8GKu/ctlp0mtaRN7x84h5dO bqshRfVouSIOhK5jynJMH/T142URGKYGGaS7evCVfwNsRkOcdWJm+g== =W7kX -----END PGP SIGNATURE-----

-- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQEVAwUBVOxHeXz1H7kL/d9rAQLm6ggAg0Aqx0d6zWxvPf7jIJ+fG9omXlLGrnHU DoqcLFR+PslKJcB6jsGNNzwrN2Xlfqh2ZljreOEyvgYZmD0G0U6z+WI1siGTu/Li Qx8qcHUbKv/fLSuwx5uV0QL4RtgHNX69/DABtHiffd4ecAeuiTL2Vgdxu5DLzgZE zm1ZPpdrqEFDLb28qu0jxWvfhZT8tVJ+4NH2zvgxEIZ0/O7xozIBCcp/BwRiy/JH iGK+J039UfBX03qGTpezEiL8AWIwnouVMx+f0Xh9R+Fah7scG2iF3AEcgpFsoLpS d9b/cMgKufK6qtxQvb4IIahZuxt15EBRLdYLqW7L1QaLNwVZYtK0fw== =pJnh -----END PGP SIGNATURE-----

Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQEVAwUBVOxOCHz1H7kL/d9rAQIpnAgAg7AppZILrbrqcclRNKc1iZc299rPuRIm ghf2Bmv+WF21u9qKtvwHmCYFYD4v+JgmPRS1X8e+jxEFocAYkA25qESDElvjJKfD qq3CiLQ42VLcBxGQZ70WlyJXkQK5TUBMu9tF1YuhjuGwb4lF0KMOAiowSwt8xsut JlsgxHfDbVYa8okQ5DwEydHSfqcwBBs3GLzJcQb2UYZRN6GIq71wFqFqQuAI8QRk knzjGUqOYrvsrjdMcp+G+5eywk/Mum/rU5+xXU/0ReyjYtlMGf8iggOzWq8J98Wv c4brY6BegnlAlXLQfmsJnZDZn06bsovdBji88xJPCjaxjur2m8PHtQ== =RCw5 -----END PGP SIGNATURE-----

0 0

Reply
Sign in to reply online Use email software

David Scheele

12:10 p.m.

Ok I completed the dn as thus: *dn = cn=admin,dc=luenenet,dc=de* And now wehn i try* a login Username Password *over *telnet localhost 143* I get *a NO [AUTHENTICATIONFAILED] Authentication failed.*

I confirmed that the user password is correct.

by the way,* ldapsearch -x -D 'cn=admin,dc=[domainname],dc=de' -w 12345 -b 'dc=[**domainname**],dc=de' cn* gives me:

*| # [**domainname* *].de* *| dn: dc=[**domainname**],dc=de*

*| #admin, [**domainname* *].de* *| dn: cn=admin,dc=[**domainname* *],dc=de*

*| cn: admin*

*| # [User Name], [**domainname* *].de* *| dn: cn=[User Name],dc=[**domainname* *],dc=de*

*| cn: [User Name]*

*| #search result*

*| search: 2*

*| result: 0 Success*

*| # numResponses: 4* *| # numEntries: 3*

2015-02-24 10:51 GMT+01:00 David Scheele david.scheele2@googlemail.com:

...
Hmm...

*ldapsearch -x cn=admin* gives me:

| # A bunch of information not really interesting | # search result | search: 2 | result: 32 No such object | | numResponses: 1

*ldapsearch -x cn=admin* gives the same. Did i configure the ldap wrong?

2015-02-24 10:42 GMT+01:00 Steffen Kaiser skdovecot@smail.inf.fh-brs.de:

...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

On Tue, 24 Feb 2015, David Scheele wrote:

...
The ldap-utils were already installed. I did the ldapsearch you gave me, but after inputting my admin password it gives me *ldap_bind: Invalid credentials (49)* I logged into the ldap server with my admin credentials (which worked fine) and changed my password to '12345', Trying that, still *Invalid credentials* .

Oh forgot:

ldapsearch -x ..

Also try:

ldapsearch -x cn=admin

to get the full DN of the admin

1.) I tried that already. The error switches to syntax error then.

...
2.) Not really. An upper case letter and a number + various lowercase letters. Not very exotic.

Is the pass_filter neccessary? I just wanted to make the installation as basic as possible, to not get any unwanted errors.

Best, David

2015-02-24 10:02 GMT+01:00 Steffen Kaiser
...
:

-----BEGIN PGP SIGNED MESSAGE-----

...
Hash: SHA1

On Tue, 24 Feb 2015, David Scheele wrote:

2015-02-24 8:05 GMT+01:00 Steffen Kaiser <

...
skdovecot@smail.inf.fh-brs.de>:

On Mon, 23 Feb 2015, David Scheele wrote:

...
So, I set up the Server, installed and configured postfix, ldap and

dovecot > (in that order) and now simply try to log into the mail account with > a > used > from the LDAP over telnet. > > The test looks like this: > > *|> telnet localhost 143* > *| a bunch of stuff ending with:* > *| OK [**] Dovecot ready.* > *|> a login username userpassword* > *| a NO [UNAVAILABLE] Temporary authentication failure. [host and > date > here]* > > In the logs it says > > *|[date] mailserver dovecot: auth: Error: LDAP: binding failed (dn > cn=admin): Invalid credentials* > > But I KNOW the admin password I entered into the > dovecot-lda.conf.ext is > correct as I use it to log into the LDAP directory over jxplorer > > I also know the password for the user i try to log in with is correct > as i > set it myself over and over just to be sure there are no typos. > I'm at a loss, I've been at this end for a few days now and can't > find > good > tutorials online because its either always an old dovecot, postfix, > ldap > or > debian version and somewhere in the middle it just stops because some > file > is completely missing. I get the impression I'm just not able-brained > for > linux useage. > > Anyway, here are a few more informations about the system: > > *Dovecot version 2.1.7* > > Output of grep -v '^ *$#.*$\?$' dovecot-ldap.conf.ext: > *hosts = localhost* > *dn = cn=admin* > *dnpass = [password]* > > install the ldap-utils package - that one containing ldapsearch - and

execute:

ldapsearch -W -D cn=admin -b 'dc=[domainname],dc=de'
'(&(objectClass=posixAccount)(uid=<<uid>>))'

then enter your password.

I suppose, cn=admin is missing a domain name, e.g. dc=[domainname],dc=de .

does your dnpass contain "funny" characters?

*sasl_bind = no*

...
*tls = no*

...
> *auth_bind = yes* > *ldap_version = 3* > *base = dc=[domainname],dc=de* > *user_attrs = uidNumber=uid,gidNumber=gid* > *user_filter = (&(objectClass=posixAccount)(uid=%u))* > *pass_attrs = uid=user,userPassword=password* > > BTW: You do not habe no pass_filter or I deleted it last time.

Output of dovecot -n:

...
...
> > *disable_plaintest_auth = no* > *mail_location = mbox:~/mail:INBOX=/var/mail/%u* > *[namespace config here]* > > *passdb {* > *args = /etc/dovecot/dovecot-ldap.conf.ext* > > ^^^^^^^^^^^^^^^^^^^^ >

filename mismatch

*driver = ldap*

*}* > *plugin {* > *sieve = ~/.dovecot.sieve* > *sieve_dir = ~/sieve* > *}* > > *protocols = " imap pop3"* > *ssl_cert = > *ssl_key = > *userdb {* > *args = /etc/dovecot/dovecot-ldap.conf.ext* > *driver =ldap* > *}* > *protocol pop3 {* > *pop3_client_workarounds = outlook-no-nuls oe-ns-eoh* > *pop3_uidl_format = %08Xu%08Xv* > *}* > > Any help would be greatly apprechiated.... I'm going crazy over here. > > Thanks in advance, > David > > > - -- Steffen Kaiser > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQEVAwUBVOwixXz1H7kL/d9rAQJxAgf/dNt0dBGANbIGvm6B0Oeuna/+uY5/7MR8 9EpFwss94eu4PyFgAfOm2Al+IOT98LP1N9OHs3Za2r/2W7LKaesgjCa3vBfH9IjZ okUj7fsQXsTAM+UqtF+ne3f5Vp6Ng36Irabr5HLptlbIu3lq8ALMm/E/72TabVLl Lln7bB/YFftnrTlI2HheRLnAwSOMHu4rNE7G9zLqiPEipD5XsqgDBPpAM6PwPmbi k/irSUgq8h4b66LCzo6Ekv6lvKzWxQpzJo0MC99HT0syAP/qpyLbPARhQvDXCH7J wvf/T19EAt+OC4zzfIPgL2YxRP5ZN5efr82NLYdiMVfAcBaDHaFWTA== =8upy -----END PGP SIGNATURE-----

-- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQEVAwUBVOw+O3z1H7kL/d9rAQIaZAf+MTnOlpm92TbjdWLCNp3THyjUHMaHDmHt /EuAXa7P0r16tuBHXNuWAohSzG80ZF6ALxg1EhtFkFdH/VtrnyqZ0L6imahcXbhe QnwMA1R4PK1+K7ckUisg8Pkv+3hXPrMyjvOyqMUwOTmlwG6PjHNaX7LxthDQNTu4 0PjXVZ0IBGlBPTyra/9l81K5j/vw0qfvVF4ycWAFV7An/dqM3nYBnqkBTziqozNs wdhYWFQqApE/pGOe6TbFGeDEiE9PXVTue4G/H9VGe8GKu/ctlp0mtaRN7x84h5dO bqshRfVouSIOhK5jynJMH/T142URGKYGGaS7evCVfwNsRkOcdWJm+g== =W7kX -----END PGP SIGNATURE-----

-- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQEVAwUBVOxHeXz1H7kL/d9rAQLm6ggAg0Aqx0d6zWxvPf7jIJ+fG9omXlLGrnHU DoqcLFR+PslKJcB6jsGNNzwrN2Xlfqh2ZljreOEyvgYZmD0G0U6z+WI1siGTu/Li Qx8qcHUbKv/fLSuwx5uV0QL4RtgHNX69/DABtHiffd4ecAeuiTL2Vgdxu5DLzgZE zm1ZPpdrqEFDLb28qu0jxWvfhZT8tVJ+4NH2zvgxEIZ0/O7xozIBCcp/BwRiy/JH iGK+J039UfBX03qGTpezEiL8AWIwnouVMx+f0Xh9R+Fah7scG2iF3AEcgpFsoLpS d9b/cMgKufK6qtxQvb4IIahZuxt15EBRLdYLqW7L1QaLNwVZYtK0fw== =pJnh -----END PGP SIGNATURE-----

0 0

Reply
Sign in to reply online Use email software

Steffen Kaiser

12:33 p.m.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

On Tue, 24 Feb 2015, David Scheele wrote:

...
Ok I completed the dn as thus: *dn = cn=admin,dc=luenenet,dc=de* And now wehn i try* a login Username Password *over *telnet localhost 143* I get *a NO [AUTHENTICATIONFAILED] Authentication failed.*

Did you've added pass_filter?

Has the LDAP item

...
*| # [User Name], [**domainname* *].de* *| dn: cn=[User Name],dc=[**domainname* *],dc=de*

*| cn: [User Name]*

the attributes

objectClass: posixAccount uid:

?

Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQEVAwUBVOxTX3z1H7kL/d9rAQK0SQf/TgLwfpfzoEOOnZcUxVXiUdKPjmqsGyL3 tuyN2WzBPXB338lJfRdY8YVRRHqvn3Ff++LkpyM6sPXhIGqEjdln0T/75e3H4M+b NV6lvmyw+J+5s3+m7BoEa3WMam9cmubCSrmpM8UdGMIcF2W4tgsNuRQG+cAofOIU pG9yFi3RyKNUPxXJJKw1t8ZnSwDPVuEzL+CPMuFqT0QRoFPWHbEdrsyWRs5/EeUp +hROn57AF40OtWpF+dIV/HHNzyAwmFqhmJS7AJcajvqtUS8q62xj0S81EvOXnN1f 9tRoDjkfYoaxT4eOMXtP37E9MZzdrcnK5zG5G8nANbgjo8uyVOeA/Q== =WqJq -----END PGP SIGNATURE-----

0 0

Reply
Sign in to reply online Use email software

Mihai Badici

12:33 p.m.

On Tuesday 24 February 2015 10:51:44 David Scheele wrote:

...
Hmm...

*ldapsearch -x cn=admin* gives me: | # A bunch of information not really interesting | # search result | search: 2 | result: 32 No such object | | numResponses: 1

*ldapsearch -x cn=admin* gives the same. Did i configure the ldap wrong? Ldapsearch will search in the default container. But probably the admin user is in different container, like cn=admin,cn=config so you can't find it with this search

0 0

Reply
Sign in to reply online Use email software

David Scheele

25 Feb 25 Feb
11:31 a.m.

Is there a good, foolproof dovecot-openldap tutorial that walks you through the steps and works with the newest version of both softwares? I'm giving up and starting anew.

2015-02-24 11:33 GMT+01:00 Mihai Badici mihai@badici.ro:

...
On Tuesday 24 February 2015 10:51:44 David Scheele wrote:

...
Hmm...

*ldapsearch -x cn=admin* gives me: | # A bunch of information not really interesting | # search result | search: 2 | result: 32 No such object | | numResponses: 1

*ldapsearch -x cn=admin* gives the same. Did i configure the ldap wrong? Ldapsearch will search in the default container. But probably the admin user is in different container, like cn=admin,cn=config so you can't find it with this search

0 0

Reply
Sign in to reply online Use email software

Mihai Badici

1:11 p.m.

On Wednesday 25 February 2015 10:31:22 David Scheele wrote:

...
Is there a good, foolproof dovecot-openldap tutorial that walks you through the steps and works with the newest version of both softwares? I'm giving up and starting anew.

...
2015-02-24 11:33 GMT+01:00 Mihai Badici mihai@badici.ro:

...
On Tuesday 24 February 2015 10:51:44 David Scheele wrote:

...
Hmm...

Well, I'm not sure. As I said, you can take a look on my templates. Openldap is maybe to flexible for us :) and the dovecot setup always depend on openldap setup.. which depend on your distribution if you install it with apt-get. If you download my packages you don't need to install them but there are some configuration templates you can see and modify.

If you have anonymous access you don't need to bind with admin credentials.

...
...
...
*ldapsearch -x cn=admin* gives me: | # A bunch of information not really interesting | # search result | search: 2 | result: 32 No such object | | numResponses: 1

*ldapsearch -x cn=admin* gives the same. Did i configure the ldap wrong?

Ldapsearch will search in the default container. But probably the admin user is in different container, like cn=admin,cn=config so you can't find it with this search

Mihai Bădici http://mihai.badici.ro

0 0

Reply
Sign in to reply online Use email software

Steffen Kaiser

2:10 p.m.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

On Wed, 25 Feb 2015, Mihai Badici wrote:

...
On Wednesday 25 February 2015 10:31:22 David Scheele wrote:

...
Is there a good, foolproof dovecot-openldap tutorial that walks you through the steps and works with the newest version of both softwares? I'm giving up and starting anew.

...
2015-02-24 11:33 GMT+01:00 Mihai Badici mihai@badici.ro:

...
On Tuesday 24 February 2015 10:51:44 David Scheele wrote:

...
Hmm...

Well, I'm not sure. As I said, you can take a look on my templates. Openldap is maybe to flexible for us :) and the dovecot setup always depend on openldap setup.. which depend on your distribution if you install it with apt-get. If you download my packages you don't need to install them but there are some configuration templates you can see and modify.

If you have anonymous access you don't need to bind with admin credentials.

(Y)

@David: You should know your LDAP setup and craft Dovecot for it.

From your question I guess that you have not changed the LDAP scheme, but use some default posixAccount objectclass.

So tell us:

does ldapsearch -x -h server displays all users ? If yes: No admin access required.

How does your users are to login? Mail address, account name, user name?

Which information is storred in LDAP per account mandatory and in which LDAP attribute.

...
...
...
...
*ldapsearch -x cn=admin* gives me: | # A bunch of information not really interesting | # search result | search: 2 | result: 32 No such object | | numResponses: 1

*ldapsearch -x cn=admin* gives the same. Did i configure the ldap wrong?

Ldapsearch will search in the default container. But probably the admin user is in different container, like cn=admin,cn=config so you can't find it with this search

Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQEVAwUBVO27x3z1H7kL/d9rAQJGhggAj/DEzn5pl9yGG2tgAo2OvMCAW9ag/saw D+vDNK2MKgDRYbWk3Rt9pdHGWmTBtXMZltIX/EFe/nFOMMBFpwS0qbEaJedCuNad ThEVtrYRkliwkXR6XMdLbPWbM47eJt+feftygD/NJ6V5rZ6QmX22aALJbZz8QbRJ 9nq7CsbGai1T99cjUxBny2u6jF96gjXI4DIr8iyva+GIWiehIGUl4n+9NGqgvvky SBLwefTrRZDQPfMj4+NjNxdjZ/RDKC+aFVSTrbybXQCTUv3LDm9BU5JJchO6q53x VzJWLmC08gmuv0bG+xc5rmoeV49GoFhkX1C8h5ovDbG5XYbPiP9pQA== =Z1Ak -----END PGP SIGNATURE-----

0 0

Reply
Sign in to reply online Use email software

3560
Age (days ago)

3562
Last active (days ago)

List overview

16 comments

4 participants

Add to favorites Remove from favorites

tags

participants (4)

Bob Miller

David Scheele

Mihai Badici

Steffen Kaiser