[Dovecot] Using ldap and pam

Steffen Kaiser skdovecot at smail.inf.fh-brs.de
Tue Aug 6 09:41:56 EEST 2013 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 5 Aug 2013, Bo Lynch wrote:

> Having some issues with ldap logins. I am using Centos
> 5,dovecot-1.0.13-1.el5.rfx and openldap-servers-2.3.43-25.el5_8.1
> Trying to get this to work with the SoGo interface. First I converted all
> my standard system users to ldap using the openldap-tools. This worked
> fine, however when a user changes there password they can no longer see
> there email. If they change it back to the original password mail can be
> seen. This has stumped me for a day or so so I was hoping someone could
> shed some light.

What are in the logs? http://wiki1.dovecot.org/Logging see auth_debug=yes

> /etc/dovecot.conf
> protocols = imap imaps
> disable_plaintext_auth = no
> mbox_read_locks = fcntl
> mbox_write_locks = fcntl
> protocol imap {
> }
> protocol pop3 {
> }
> protocol lda {
>  postmaster_address = postmaster at example.com
> }
> auth default {
> mechanisms = plain login
>  passdb pam {
>  }
>  passdb ldap {
>    args = /etc/dovecot-ldap.pass
>  }

You first query PAM then LDAP. If your users are in passwd still, you get 
a failed password response.

>  userdb passwd {
>  }

You read the user data from passwd? I think you've migrated to LDAP?

>  user = root
>  user = root
>  socket listen {
>    client {
>      path = /var/spool/postfix/private/auth
>      mode = 0660
>      user = postfix
>      group = postfix
>    }
>  }
> }
> dict {
> }
> plugin {
> }
>
> /etc/dovecot-ldap.conf
> hosts = 127.0.0.1:389
> sasl_bind = no
> auth_bind = yes
> auth_bind = no
> ldap_version = 3
> deref = never
> dn = cn=sogo,dc=ameliaschools,dc=com
> dnpass=password
> base = dc=ameliaschools,dc=com
> scope = subtree
> pass_attrs = uid=user, userPassword=password
> pass_filter = (uid=%u)
>
>
>
>
>
>

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBUgCatF3r2wJMiz2NAQIbPwf/dv1WYwiUjLH/EXeWnBhan6ygb33Cw9yg
gluh62cH0hr4yJMCYxvbfWqUS+BjtO01x5kXJuNFQf7EyZ9PjRXv5ElyGr7Q8yHo
t4rpVn4s1tDm5xlxcR7HHCh2XUFlUDmA3vrOmn6CeddFUZgfEXXlhjaI9n35Kg/5
yrO71mDi60jhz5FM3MqFskM8cvgmwP/gWiW1fpsPVHXyQcQ/B//jKCMhGaEAwGOw
1ydN7JOwkYrlOnOEoO2OQ8wKHpH5dLXtYa0lt11DaV0CnLsb9784CYAsFrXvJwud
HU8EKDaWDOnqoaBr76dkl+HvhB04MfmJAapyloJa4Qtm+smnH0Md0g==
=dbUQ
-----END PGP SIGNATURE-----

More information about the dovecot mailing list