[Dovecot] LDAP auth_bind fails

Pol Bettinger dovecot at arvoreen.net
Tue Mar 6 13:29:13 EET 2012


Hello,

I wanted to configure dovecot for using auth_bind but didn't succeed to 
me it seems like it does always an anonymous bind.

Dovecot version 2.1.1 (I started with 2.1.0 and hoped 2.1.1 would fix it)

I tried to play around with the base, pass_attrs,pass_filter to no avail 
but didn't succeed.

Looking at a wireshark trace i only saw 7 packets and it seemed to me 
dovecot did only an anonymous bind.

any help would appreciated

Sincerely
Pol Bettinger


output of mail.log:
Mar  6 12:16:34 Dell dovecot: auth: Debug: client in: 
AUTH#0112#011CRAM-MD5#011service=imap#011secured#011lip=192.168.16.27#011rip=192.168.16.20#011lport=993#011rport=51838
Mar  6 12:16:34 Dell dovecot: auth: Debug: client out: 
CONT#0112#011PDQ1NjgyMjE3NjYyMDk3NjkuMTMzMTAzMjU5NEBEZWxsPg==
Mar  6 12:16:34 Dell dovecot: auth: Debug: client in: CONT<hidden>
Mar  6 12:16:34 Dell dovecot: auth: Debug: 
password(arvi at arvoreen.net,192.168.16.20): passdb doesn't support 
credential lookups
Mar  6 12:16:36 Dell dovecot: auth: Debug: client out: 
FAIL#0112#011user=arvi at arvoreen.net

output of dovecot -n:
# 2.1.1: /etc/dovecot/dovecot.conf
# OS: Linux 3.0.0-15-generic i686 Ubuntu 11.10 ext4
auth_debug = yes
auth_default_realm = arvoreen.net
auth_mechanisms = plain digest-md5 cram-md5
auth_verbose = yes
base_dir = /var/run/dovecot/
mail_location = maildir:/var/mail/%d/%1n/%n:INDEX=/var/indexes/%d/%1n/%n
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope 
encoded-character vacation subaddress comparator-i;ascii-numeric 
relational regex imap4flags copy include variables body enotify 
environment mailbox date ihave
namespace inbox {
   inbox = yes
   location =
   mailbox Archive {
     auto = create
     special_use = \Archive
   }
   mailbox Drafts {
     auto = create
     special_use = \Drafts
   }
   mailbox Junk {
     auto = create
     special_use = \Junk
   }
   mailbox Sent {
     special_use = \Sent
   }
   mailbox "Sent Messages" {
     special_use = \Sent
   }
   mailbox Trash {
     auto = create
     special_use = \Trash
   }
   prefix =
}
passdb {
   args = /etc/dovecot/dovecot-ldap_pass.conf.ext
   driver = ldap
}
plugin {
   sieve = /var/sieve/%d/%1n/%n
   sieve_dir = /var/sieve/%d/%1n/%n
}
protocols = imap lmtp sieve
service managesieve-login {
   inet_listener sieve {
     port = 4190
   }
}
ssl_cert = </etc/ssl/certs/webmail.arvoreen.pem
ssl_key = </etc/ssl/private/webmail.arvoreen.key
userdb {
   args = /etc/dovecot/dovecot-ldap_user.conf.ext
   driver = ldap
}
protocol lmtp {
   mail_plugins = " sieve"
}


output of cat /etc/dovecot/dovecot-ldap_pass.conf.ext:
hosts = 127.0.0.1:389
auth_bind = yes
auth_bind_userdn = uid=%n,ou=Users,dc=arvoreen,dc=net
base = ou=Users,dc=arvoreen, dc=net
ldap_version = 3


olcAccess infomation:
olcSuffix: dc=arvoreen,dc=net
olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by 
anonymou
  s auth by dn="cn=admin,dc=arvoreen,dc=net" write by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by self write by dn="cn=admin,dc=arvoreen,dc=net" 
write by
  * read


-------------- next part --------------
A non-text attachment was scrubbed...
Name: ldap_auth_bind.pcap
Type: application/octet-stream
Size: 642 bytes
Desc: not available
URL: <http://dovecot.org/pipermail/dovecot/attachments/20120306/37308cb3/attachment-0002.obj>


More information about the dovecot mailing list