[Dovecot] Fw: Cannot Authenticate via LDAP
Alex Crow
acrow at integrafin.co.uk
Tue Jun 4 21:04:01 EEST 2013
That'll teach me for looking too quickly: the only things different from
mine is the fact you don't look up the email address and you don't use
prefetch.
Did you try tracing the LDAP server end (eg by upping the log level for
your LDAP server or using tcpdump/wireshark?)
I'll shut up now before a 3rd foot goes in my trap!
Alex
On 04/06/13 18:43, Alex Crow wrote:
> Forgot to say that the lines below would be part of a file included
> thusly:
>
> passdb {
> driver = ldap
>
> # Path for LDAP configuration file, see
> example-config/dovecot-ldap.conf.ext
> args = /etc/dovecot/dovecot-ldap.conf.ext
> }
>
> userdb {
> driver = prefetch
> }
>
> userdb {
> driver = ldap
> args = /etc/dovecot/dovecot-ldap.conf.ext
> }
>
> And in the /ettc/dovecot-ldap.conf.ext as well as the examples I gave
> you'll also need a line like:
>
> uris = ldap://myldapserver1 ldap://myldapserver2
>
> (I use 2 servers with referrals to the master)
>
> Also look up iterate_attrs and iterate_filter to let doveadm and other
> things iterate over accounts.
>
> Cheers
>
> Alex
>
> On 04/06/13 18:34, Alex Crow wrote:
>> Hi,
>>
>> That can't be the full output of doveconf -n can it?
>>
>> You need to define (examples from my configs using qmail schema; your
>> values will probably be different if you are using AD or openLDAP
>> with a different mail schema)
>>
>> user_attrs = homeDirectory=home,mailMessageStore=mail
>> user_filter = (&(objectClass=qmailUser)(mail=%u))
>> pass_attrs =
>> userPassword=password,homeDirectory=userdb_home,mailMessageStore=userdb_mail
>> pass_filter = (&(objectClass=qmailUser)(mail=%u))
>>
>> Also look at the auth_bind parameter. Mine is "yes" because I'm using
>> userdb prefetch as you can see from the pass_attrs param.
>>
>> And you probably need to set up virtual users as well!
>>
>> Cheers
>>
>> Alex
>>
>>
>> On 04/06/13 17:44, Christian Wiese wrote:
>>> Hello Christian,
>>> I tried what you suggested by adding "REFERALS off"
>>> to /etc/ldap/ldap.conf and restarting slapd and dovecot, but the error
>>> persists.
>>>
>>>
>>> On Tue, Jun 4, 2013 at 7:56 AM, Christian Wiese <
>>> christian.wiese at securepoint.de> wrote:
>>>
>>>> Hi Ron,
>>>>
>>>> I didn't had the time to check all logs but the error log.
>>>> First thing you should check if there are LDAP REFFERALS enabled in
>>>> the systems ldap.conf.
>>>> I had a similar looking issue and it took me a good amount of time to
>>>> figure out that I had to disable LDAP REFFERALS globally.
>>>> This happened when using an AD as LDAP backend, but also applies to
>>>> Samba4 as you can see in the following mailing list thread:
>>>>
>>>>
>>>> http://dovecot.markmail.org/message/mjurv4fp4w65u2ib?q=Dovecot+LDA+LDAP+lookups+on+samba4+server+ends+very+often+in+timeouts
>>>>
>>>>
>>>> The settings within the systems ldap.conf might influence dovecot,
>>>> because libldap (openldap) functions might read the global ldap.conf
>>>> settings.
>>>>
>>>> Hope that helps.
>>>>
>>>> Cheers,
>>>> Chris
>>>>
>>>> Am Tue, 4 Jun 2013 05:50:16 -0400
>>>> schrieb Ron Scott-Adams <ron at tohuw.net>:
>>>>
>>>>> a login tohuw [myPassword] returns "NO [AUTHENTICATIONFAILED]
>>>>> Authentication failed." I believe I'm missing a configuration
>>>>> detail, but what?
>>>>>
>>>>>
>>>>> info.log: http://pastebin.ca/2388873
>>>>>
>>>>> debug.log: http://pastebin.ca/2388872
>>>>>
>>>>> error.log: http://pastebin.ca/2388871
>>>>>
>>>>> dovecot -n: http://pastebin.ca/2388870
>>>>>
>>>>> dovecot-ldap.conf.ext summary: http://pastebin.ca/2388867
>>>>
>>
>>
>
>
More information about the dovecot
mailing list