[Dovecot] connection Dovecot to samba4

Achim Gottinger achim at ag-web.biz
Mon Dec 16 18:07:50 EET 2013 

Am 16.12.2013 16:14, schrieb Pascal den Bekker:
> Hey Achim,
>
> thank you for your help :-) Unfortunately it did not work :-(
>
> I changed the lines in the dovecot config you sent me.. When I try to 
> login into the sogo gui, im getting the following error message:
>
> 2013-12-16 16:10:07 auth: Info: 
> ldap(administrator,127.0.0.1,<DBQZNajtqQB/AAAB>): unknown user
> 2013-12-16 16:10:07 auth: Error: 
> userdb(administrator,127.0.0.1,<DBQZNajtqQB/AAAB>): user not found 
> from userdb ldap
> 2013-12-16 16:10:07 imap: Error: Authenticated user not found from 
> userdb, auth lookup id=4126670849 (client-pid=5503 client-id=1)
> 2013-12-16 16:10:07 imap-login: Info: Internal login failure (pid=5503 
> id=1) (internal failure, 1 succesful auths): user=<administrator>, 
> method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=5504, secured, 
> session=<DBQZNajtqQB/AAAB>
>
> When I look in samba4:
>
> samba-tool user list
> Administrator
> krbtgt
> Guest
> ldap
>
> The user seems to be there..:-(
>
>
> Cheers,
>
> - Pascal
>
> On 12/16/2013 03:37 PM, Achim Gottinger wrote:
>> Hi,
>>
>> Added a few corrections to your config below. Hope it works.
>>
>> achim~
>>
>>
>> Am 16.12.2013 11:51, schrieb Pascal den Bekker:
>>> Hello,
>>>
>>> I am trying to setup samba4/openchange and dovecot. Does anyone has 
>>> experiences concering dovecot connecting to samba4 ??
>>>
>>> I tried the following:
>>>
>>> /etc/dovecot.conf:
>>>
>>> protocols = imap sieve
>>> mail_location = maildir:/data/mail/%d/%n/Maildir
>>> mail_access_groups = vmail
>>> mail_privileged_group = vmail
>>> first_valid_uid = 110
>>> last_valid_uid = 110
>> last_valid_uid = 5000
>>> first_valid_gid = 115
>>> last_valid_gid = 115
>> last_valid_gid = 5000
>>
>> Your vmail user/group seems to have the uid/gid 5000 so it must be in 
>> the valid range.
>>> log_path = /var/log/dovecot
>>> log_timestamp = "%Y-%m-%d %H:%M:%S "
>>> login_greeting = Welcome to domain.local.
>>>
>>> service imap {
>>>   inet_listener {
>>>     port=143
>>>   }
>>> }
>>>
>>> protocol lda {
>>>     log_path = /var/log/mail/dovecot-deliver.log
>>>     auth_socket_path = /var/run/dovecot/auth-master
>>>     postmaster_address = postmaster at domain.local
>>>     mail_plugins = sieve
>>> }
>>>
>>> service managesieve {
>>>     inet_listener {
>>>         port=12000
>>>         }
>>> }
>>>
>>> auth_verbose = yes
>>> auth_debug = yes
>>>
>>> service auth {
>>> unix_listener /var/spool/postfix/private/auth {
>>>     group = vmail
>>>     mode = 0660
>>>     user = postfix
>>>     }
>>> }
>>>
>>> #service auth-userdb {
>>> #    user = vmail
>>> #    }
>>>     #user = root
>>> #}
>>>
>>> passdb {
>>>     args = /etc/dovecot/dovecot-ldap-passdb.conf
>>>     driver = ldap
>>> }
>>>
>>> userdb {
>>>     args = /etc/dovecot/dovecot-ldap-userdb.conf
>>>     driver = ldap
>>> }
>>>
>>> plugin {
>>>     sieve = /data/mail/%d/%n/sieverc
>>>     sieve_storage=/data/mail/%d/%n/sieve
>>>     sieve_max_redirects = 20
>>>     }
>>>
>>>
>>> debug_log_path = /var/log/dovecot-debug.log
>>>
>>> dict {
>>> }
>>>
>>> /etc/dovecot/dovecot-ldap-passdb.conf
>>>
>>> hosts = localhost
>>> auth_bind = yes
>>> auth_bind_userdn = cn=%u,cn=Users,dc=domain,dc=local
>>> ldap_version = 3
>>> base = cn=Users,dc=domain,dc=local
>>> pass_filter = (&(objectClass=person)(cn=%u)(mail=*))
>>>
>> hosts = localhost
>> auth_bind = yes
>> dn = cn=ldap,cn=Users,DC=domain,DC=local
>> dnpass = password
>> #auth_bind_userdn = cn=%u,cn=Users,dc=domain,dc=local
>> ldap_version = 3
>> base = cn=Users,dc=domain,dc=local
>> pass_filter = (&(objectClass=person)(sAMAccountName=%u)(mail=*))
>> user_attrs=uid=5000
>>
>> This way dovecot connects as user ldap does the user lookup according 
>> to pass_filter and uses the resulting dn for authetification. If you 
>> create users via the Windows Remote Management tools the dn for an 
>> user normaly uses the Full Name as cn and not the user id which is 
>> stored as sAMAccountName.
>>> /etc/dovecot/dovecot-ldap-userdb.conf:
>>>
>>> hosts = localhost
>>> dn = cn=ldap,cn=Users,DC=domain,DC=local
>>> dnpass = password
>>> ldap_version = 3
>>> base = cn=Users,DC=domain,DC=local
>>>
>>> #user_attrs =
>>> user_attrs=uid=5000,=gid=5000,=home=/data/mail/%d/%n,mail=/data/mail/%d/%u/Maildir 
>>>
>>> user_filter = (&(objectClass=person)(cn=%u)(mail=*))
>>> iterate_attrs = cn=user
>>> iterate_filter = (objectClass=person)
>> user_filter = (&(objectClass=person)(sAMAccountName=%u)(mail=*))
>> iterate_attrs = sAMAccountName=user
>>>
>>> When I try to login with useraccountadministrator I get the 
>>> following error messages:
>>>
>>> 2013-12-16 11:28:29 auth: Info: 
>>> ldap(ldap,127.0.0.1,<N3HjRaTtdAB/AAAB>): unknown user
>>> 2013-12-16 11:28:29 auth: Error: 
>>> userdb(ldap,127.0.0.1,<N3HjRaTtdAB/AAAB>): user not found from 
>>> userdb ldap
>>> 2013-12-16 11:28:29 imap: Error: Authenticated user not found from 
>>> userdb, auth lookup id=783810561 (client-pid=3809 client-id=1)
>>> 2013-12-16 11:28:29 imap-login: Info: Internal login failure 
>>> (pid=3809 id=1) (internal failure, 1 succesful auths): user=<ldap>, 
>>> method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=3810, secured, 
>>> session=<N3HjRaTtdAB/AAAB>
>>>
>>> Can someone tell me what I am doing wrong, or is there way to test 
>>> to dovecot ldap connection string ??
>>>
>>> Cheers,
>>>
>>> - Pascal
>>>
>>
>
>
I'd test it with an different user than Administrator, and make sure the 
user has an E-Mail adress assigned.

More information about the dovecot mailing list