[Dovecot] Dovecot/LDAP problem

Burton Simmons burtonsimmons at gmail.com
Thu May 18 01:51:53 EEST 2006 

Dear Dovecot mailing list people -

What I'm trying to do is use Postfix (with virtual users) and a POP3 server
(we don't want IMAP - don't ask) to work against our new Active Directory
servers that will be coming soon.  Before we roll anything out we're testing
it in the lab.  Here's what we've got:
x86 server running Red Hat Enterprise Linux 3
Postfix 2.0.16
Dovecot-1.0 Beta7
Windows 2003 server running Active Directory
Windows XP client running Outlook

Eventually, we'd like the clients to be joined to the AD domain and that's
where we'll store ALL the user information.  The email will come in on our
postfix server (which uses virtual users) and the clients will check it
passing their email username and domain password.  The catch is that USERS
CAN BE ANYWHERE IN THE DIRECTORY.  (I apologize for the caps, I wanted to
make sure that phrase wasn't glossed over.) So, for instance:
> DC=local
|
>DC=domain
  |
  >OU=group1
  | |
  | > CN=user1
  | > CN=user2
  |
  >OU=group2
  | |
  | > CN=user3
  | > CN=user4
  |
  >OU=group3
    |
    >CN=user5

The path to user1 is therefore CN=user1,OU=group1,DC=domain,DC=local (at
least in the AD world.)  The path to user3 is
CN=user3,OU=group2,DC=domain,DC=local.  So to search for users I would think
(because this is how Postfix does it) that I could have the search base as
DC=domain,DC=local and then have scope = subtree.  IT DOESN'T WORK.  (Again,
caps used for emphasis only.)

Here's the meat of the dovecot-ldap.conf file I'm using:
hosts = 192.168.x.x
dn = cn=Administrator,cn=Users,DC=domain,DC=local
dnpass = xxxxx
auth_bind = yes
ldap_version = 3
base = DC=domain,DC=local
scope = subtree
user_attrs = sAMAccountName,mail,,,,
user_filter = (&(objectClass=organizationalPerson)(sAMAccountName=%u))
pass_filter = (&(objectClass=organizationalPerson)(sAMAccountName=%u))
user_global_uid = 44
user_global_gid = 44

--- Interestingly, if I simply point the base to the actual user's
container, it works just fine.  The idea works from Postfix, but from
dovecot it doesn't actually seem to search the tree. ---

Here's some of the output from the log files.
dovecot: May 17 15:35:52 Info: auth(default): client in: AUTH   1
PLAIN  service=POP3     lip= 192.168.0.199      rip=192.168.0.195
resp=AGp1c2VyAHBhc3N3b3Jk
dovecot: May 17 15:35:52 Info: auth(default): ldap(user1, 192.168.0.195):
bind search: base=DC=LAB,DC=local
filter=(&(objectClass=organizationalPerson)(sAMAccountName=user1))
dovecot: May 17 15:36:52 Info: pop3-login: Disconnected: Inactivity:
method=PLAIN, rip= 192.168.90.195, lip=192.168.90.199
dovecot: May 17 15:37:52 Info: auth(default): client in: AUTH   1
PLAIN  service=POP3     lip=192.168.0.199       rip=192.168.0.195
resp=AGp1c2VyAHBhc3N3b3Jk
dovecot: May 17 15:37:52 Info: auth(default): ldap(user1,192.168.0.195):
bind search: base=DC=domain,DC=local
filter=(&(objectClass=organizationalPerson)(sAMAccountName=user1))
dovecot: May 17 15:37:54 Info: auth(default): client out: OK    1
user=user1
dovecot: May 17 15:37:54 Info: auth(default): client out: OK    1
user=user1
dovecot: May 17 15:37:54 Info: auth(default): master in: REQUEST
1      25233    1
dovecot: May 17 15:37:54 Info: auth(default): ldap(user1,192.168.0.195):
base=DC=LAB,DC=local scope=subtree
filter=(&(objectClass=organizationalPerson)(sAMAccountName=user1))
fields=sAMAccountName,mail,,,,
dovecot: May 17 15:38:52 Info: pop3-login: Disconnected: Inactivity:
user=<user1>, method=PLAIN, rip=192.168.0.195, lip=192.168.0.199

Can anybody offer any insight?  Pretty please?

- Burton
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://dovecot.org/pipermail/dovecot/attachments/20060517/bd500558/attachment.html

More information about the dovecot mailing list