[Dovecot] Dovecot LDAP issue

Mon Apr 7 17:46:20 UTC 2014

Dovecot version: 2.0.19
-------------------------------------------------------
grep -v '^ *\(#.*\)\?$' /etc/dovecot/dovecot-ldap.conf

hosts           = server.domain.tld:389
ldap_version    = 3
auth_bind       = yes
dn              = vmail at domain.tld
dnpass          = somepassword
base            = ou=testou,dc=domain,dc=tld
scope           = subtree
deref           = never
user_filter     = 
(&(userPrincipalName=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
pass_filter     = 
(&(userPrincipalName=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
pass_attrs      = userPassword=password
default_pass_scheme = CRYPT
user_attrs      = 
=home=/var/vmail/vmail1/%Ld/%Ln/Maildir/,=mail=maildir:/var/vmail/vmail1/%Ld/%Ln/Maildir
-----------------------------------------------------

I'm authenticating users through AD and it seems to work with no 
problems. Unfortunately, when I try to send e-mail from a user who's not 
in the testou container I get the following error:

Sender address rejected: User unknown in virtual mailbox table> #SMTP#.

I'm assuming this happens because dovecot is not able to to lookup up 
that user since that user is outside the testou  container. A lot of the 
AD users are in different places inside the AD structure and I need to 
be able to configure dovecot to look from the root of the AD structure 
down. I changed the base to this:

base = dc=domain,dc=tld

but it simply fails to lookup any users at that point.

How would I go about getting dovecot to start at the top of the domain 
and look at every nested OU within AD?

thanks a lot

D