[Dovecot] LDAP authentication

Steffen Kaiser skdovecot at smail.inf.fh-brs.de
Fri Apr 19 17:45:09 EEST 2013 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 19 Apr 2013, val john wrote:

> uris = ldap://ldap.example.com:389
> dn = cn=admin,dc=example,dc=com
> dnpass = abc
> tls = no
> ldap_version = 3
> base = ou=users,dc=example,dc=com
> scope = subtree
> user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> # Entry 1: uid=userone,ou=users,dc=example,dc=com
> dn: uid=userone,ou=users,dc=example,dc=com
> cn: Firtname Lastname
> displayname: Firtname Lastname
> givenname: Firstname
> mail: userone at example.com
> objectclass: inetOrgPerson
> objectclass: top
> sn: Lastname
> uid: userone
> userpassword: {SHA}0P/ssspVCIZx8+tVsss=

No uidNumber nor gidNumber nor homeDirectory here.

> but authentication fails with the follwing error  ,  Please Advice

> Apr 19 08:18:50 localhost dovecot: auth(default):
> ldap(userone,127.0.0.1): result: uid(user)=userone
> userPassword(password)=<hidden>
> Apr 19 08:18:50 localhost dovecot: auth(default): client out:
> OK#0111#011user=userone

LDAP authentification succeeds.

> Apr 19 08:18:50 localhost dovecot: auth(default):
> ldap(userone,127.0.0.1): user search: base=ou=users,dc=example,dc=com
> scope=subtree filter=(uid=userone)
> fields=homeDirectory,uidNumber,gidNumber

Now requesting the LDAP attributes you've specified, ...

> Apr 19 08:18:51 localhost dovecot: auth(default):
> ldap(userone,127.0.0.1): no fields returned by the server

..., but none there.

> Apr 19 08:18:51 localhost dovecot: auth(default): master out:
> USER#0111#011userone
> Apr 19 08:18:51 localhost dovecot: dovecot: User userone is missing
> UID (see mail_uid setting)

Dovecot does not know, which uid to use.
Either assign global mail_uid and mail_gid or add mailUid and mailGid 
attributes to your LDAP items.

Next problem will be the missing homeDirectory ... .

> Apr 19 08:18:51 localhost dovecot: imap-login: Internal login failure
> (auth failed, 1 attempts): user=<userone>, method=PLAIN,
> rip=127.0.0.1, lip=127.0.0.1, secured
>

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBUXFYdV3r2wJMiz2NAQJmrwf/U5six5ut3Z+QwfFvm+mSgyXz44nhWnsB
EozjS2ULT4MtOUWZacDLooQf6FYh+7gOUwpCOqeBHfOcQvW5p5gTflJU4S+WdDgL
Vuq9IeUcbcaHOOTrEuuenOMuI0nZLB1pv9Rz7KjeRfgAr9H/v4GmirYj9+cuHrWs
jSWjwN+lOj1FmOp7U1F3UAZoibQOTi9JdgUm7MgEOB6v5QobG+oxpiA7Xkl/MXAY
Ip3BOo7qWsuwXVuSnI/9bH7jDk4yK0jitHulsYY5+yl2ePvF86hOLxv60oliyVkI
qkIRd1W8aWLnz9lPTdiL2N5eKOXWpHi0gZYyrVe8vYxVYxrdpgSMmQ==
=t29J
-----END PGP SIGNATURE-----

More information about the dovecot mailing list