[Dovecot] Fw: Cannot Authenticate via LDAP
Alex Crow
acrow at integrafin.co.uk
Tue Jun 4 20:43:12 EEST 2013
Forgot to say that the lines below would be part of a file included thusly:
passdb {
driver = ldap
# Path for LDAP configuration file, see
example-config/dovecot-ldap.conf.ext
args = /etc/dovecot/dovecot-ldap.conf.ext
}
userdb {
driver = prefetch
}
userdb {
driver = ldap
args = /etc/dovecot/dovecot-ldap.conf.ext
}
And in the /ettc/dovecot-ldap.conf.ext as well as the examples I gave
you'll also need a line like:
uris = ldap://myldapserver1 ldap://myldapserver2
(I use 2 servers with referrals to the master)
Also look up iterate_attrs and iterate_filter to let doveadm and other
things iterate over accounts.
Cheers
Alex
On 04/06/13 18:34, Alex Crow wrote:
> Hi,
>
> That can't be the full output of doveconf -n can it?
>
> You need to define (examples from my configs using qmail schema; your
> values will probably be different if you are using AD or openLDAP with
> a different mail schema)
>
> user_attrs = homeDirectory=home,mailMessageStore=mail
> user_filter = (&(objectClass=qmailUser)(mail=%u))
> pass_attrs =
> userPassword=password,homeDirectory=userdb_home,mailMessageStore=userdb_mail
> pass_filter = (&(objectClass=qmailUser)(mail=%u))
>
> Also look at the auth_bind parameter. Mine is "yes" because I'm using
> userdb prefetch as you can see from the pass_attrs param.
>
> And you probably need to set up virtual users as well!
>
> Cheers
>
> Alex
>
>
> On 04/06/13 17:44, Christian Wiese wrote:
>> Hello Christian,
>> I tried what you suggested by adding "REFERALS off"
>> to /etc/ldap/ldap.conf and restarting slapd and dovecot, but the error
>> persists.
>>
>>
>> On Tue, Jun 4, 2013 at 7:56 AM, Christian Wiese <
>> christian.wiese at securepoint.de> wrote:
>>
>>> Hi Ron,
>>>
>>> I didn't had the time to check all logs but the error log.
>>> First thing you should check if there are LDAP REFFERALS enabled in
>>> the systems ldap.conf.
>>> I had a similar looking issue and it took me a good amount of time to
>>> figure out that I had to disable LDAP REFFERALS globally.
>>> This happened when using an AD as LDAP backend, but also applies to
>>> Samba4 as you can see in the following mailing list thread:
>>>
>>>
>>> http://dovecot.markmail.org/message/mjurv4fp4w65u2ib?q=Dovecot+LDA+LDAP+lookups+on+samba4+server+ends+very+often+in+timeouts
>>>
>>>
>>> The settings within the systems ldap.conf might influence dovecot,
>>> because libldap (openldap) functions might read the global ldap.conf
>>> settings.
>>>
>>> Hope that helps.
>>>
>>> Cheers,
>>> Chris
>>>
>>> Am Tue, 4 Jun 2013 05:50:16 -0400
>>> schrieb Ron Scott-Adams <ron at tohuw.net>:
>>>
>>>> a login tohuw [myPassword] returns "NO [AUTHENTICATIONFAILED]
>>>> Authentication failed." I believe I'm missing a configuration
>>>> detail, but what?
>>>>
>>>>
>>>> info.log: http://pastebin.ca/2388873
>>>>
>>>> debug.log: http://pastebin.ca/2388872
>>>>
>>>> error.log: http://pastebin.ca/2388871
>>>>
>>>> dovecot -n: http://pastebin.ca/2388870
>>>>
>>>> dovecot-ldap.conf.ext summary: http://pastebin.ca/2388867
>>>
>
>
More information about the dovecot
mailing list