[Dovecot] LDAP (AD) auth problem
Misha Volodko
pablo at honey.org.ua
Mon May 25 18:07:09 EEST 2009
I'm trying to authenticate users using MS AD with auth_bind option.
Here is my config file:
# 1.0.15: /etc/dovecot/dovecot.conf
log_timestamp: %Y-%m-%d %H:%M:%S
protocols: imaps
ssl_cert_file: /etc/dovecot/ssl/cert.pem
ssl_key_file: /etc/dovecot/ssl/key.pem
disable_plaintext_auth: no
verbose_ssl: yes
login_dir: /var/run/dovecot/login
login_executable: /usr/lib/dovecot/imap-login
mail_privileged_group: mail
mail_location: maildir:~/Maildir
mail_debug: yes
mail_plugins: acl
auth default:
verbose: yes
debug: yes
debug_passwords: yes
passdb:
driver: ldap
args: /etc/dovecot/dovecot-ldap.conf
userdb:
driver: ldap
args: /etc/dovecot/dovecot-ldap.conf
plugin:
acl: vfile
content of dovecot-ldap.conf
hosts = myhost:389
auth_bind = yes
auth_bind_userdn = cn=%n,ou=People,dc=company,dc=com
base = ou=People,dc=company,dc=com
user_attrs = mailNickname=home
user_filter = (&(objectClass=user)(sAMAccountName=%n))
user_global_uid = vmail
user_global_gid = vmail
Using the same options I can fetch info with ldapsearch
ldapsearch -h myhost -b 'dc=company,dc=com' -D
'cn=username,ou=People,dc=company,dc=com' -x -W
'(&(objectClass=user)(sAMAccountName=username))'
Dovecot doesn't work with this setting, shows in log:
dovecot: auth(default): ldap(username,10.131.11.147): ldap_search()
failed: Operations error
Using tcpdump i found a cause of it, seems dovecot binds to AD server,
then drop connection and trying to do search without bind.
During sniff I see response to my ldap search - LdapErr:
DSID-0C090627, comment: In order to perform this operation a
successful bind must be completed on the connection
Found similar problem in maillist - without solution.
http://markmail.org/message/a6pui34ewb5bd55d
Kindly asking what to do with it? :)
--
Best Regards
More information about the dovecot
mailing list