[Dovecot] login w/ IMAP & LDAP

Bob Hall rjhjr at cox.net
Wed Aug 13 10:03:30 EEST 2003 

Wow. Thanks for the rapid and detailed response!

On Wed, Aug 13, 2003 at 12:19:54AM +0300, Timo Sirainen wrote:
> On Tuesday, Aug 12, 2003, at 23:40 Europe/Helsinki, Bob Hall wrote:
> 
> >I'm getting
> >	imap-login: Internal login failure: bob
> >whenever I try to check mail. I'm new to mail server setup,
> >new to IMAP, and I don't know a heck of a lot about authentication
> >schemes.
> 
> There should be another error message before that line?

No. The complete log entries related to my last attempt to log in are

Aug 12 21:46:31 kongemord imap-login: Internal login failure: bob [192.168.0.2]
Aug 12 21:46:31 kongemord dovecot: child 14690 (auth) killed with signal 11

This is from maillog.

> >If I try
> >to test Dovecot using IMAP commands via telnet, Dovecot tells me
> >	LOGIN BAD Error in IMAP command received by server.
> 
> How did you try it? It should be:
> 1 login username password

That's what I used. 

 telnet imap 143
Trying xxx.xxx.xxx.xxx...
Connected to imap.domain.tld.
Escape character is '^]'.
* OK dovecot ready.
LOGIN dovecot secret
LOGIN BAD Error in IMAP command received by server.
 
> >I also can't telnet via localhost; I have to specify the host name,
> >so I'm connecting via the host's external interface. I have no
> >problem connecting to localhost on ports not used by Dovecot.
> 
> I'd guess it's because localhost resolves to IPv6 localhost ::1, and 
> Dovecot doesn't listen in IPv6 interfaces with *BSD fow now, since it 
> requires two sockets.

No, localhost resolves to 127.0.0.1. However, compiling Dovecot with
the --disable-ipv6 flag fixed that problem. Now I can connect via 
localhost, but I can't LOGIN. Error is identical to above.

In case it helps, here's my compile flags from the Makefile:

CONFIGURE_ARGS+=        --with-shadow  --disable-ipv6 \
                --localstatedir=/var --with-ldap --with-rawlog \
                --without-vpopmail --without-pgsql --without-pam

--with-rawlog doesn't seem to do anything. I've added the dovecot.rawlog
directory to both the root home and my home, and nothing is showing up 
in either location, even though maillog continues to receive error 
messages. 
 
> >So I have two questions:
> >1) How do I correct my configuration to make login successful?
> 
> The real error message should be in the logs, but I'd guess it's got 

The error message I quoted is from the logs.

> something to do with user ids. What uids have you given to users in 
> LDAP? Are they smaller than 500, which is the default minimum accepted 
> uid? You could change first_valid_uid in config file.

I'm confused. In the documentation and schemas that come with OpenLDAP, 
a uid is a login.  E.g. my account uid is 'bob'. Unix uses numeric 
uids, but if I'm using LDAP, I'm not accessing anything with numeric 
uids. posixAccount uses uidNumber, but I'm not using that class. 

> >Server configuration: IMAP
> >IMAP Mailbox Location Prefix: /var/mail/bob/Mail
> >Authentication Style: passwords
> 
> Don't give any IMAP prefix to clients.

OK. The Eudora documentation says I need it. This is why I want to be 
able to test w/out an MUA, so that I don't mix my client errors with my 
server errors. I've removed it, and I'm still getting the error message.
 
> >login_user = dovecot
> >auth_user = dovecot
> 
> It's better not to use the same user for auth and login. Maybe I should 
> add a check to disallow this entirely..

I don't know enough about it to know why that's a bad idea, but I got 
it from a sample config file online. I've changed auth_user to 
dovecot-auth and I'm still getting the same error.

Thanks again for the response.

Bob Hall

More information about the dovecot mailing list