[Dovecot] Dovecot LDAP issue

Deeztek Support support at deeztek.com
Tue Apr 8 09:36:51 UTC 2014


On 4/8/2014 2:18 AM, Steffen Kaiser wrote:
> The primary question is: Does
>
> ldapsearch -H ldap://server.domain.tld:389 \
>   -b dc=domain,dc=tld -D ...  -W \
>   '(&(userPrincipalName=<<user>>)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))'
>
> return the user?

yes it does. The authentication with AD works as it should as long as 
dovecot is pointing to the right OU.

>
> How many domain controllers to you have in the AD? Which of them holds
> which domains? See http://technet.microsoft.com/en-us/library/cc978012.aspx
>

I have on domain controller and there is only one domain. I think we are 
getting off track here. There is no problem with authentication. Maybe I 
need to be more clear.

Dovecot is able to authenticate with active directory as long as the 
"base = " parameter in "/etc/dovecot/dovecot-ldap.conf" is pointing to 
the OU that the dovecot users are. However, I have another OU where my 
Exchange users are. So, when I try to send email from a dovecot user to 
an Exchange user, dovecot throws the error "user unknown" because it's 
not able to find the Exchange user since it's in a different OU. When I 
set the "base =" parameter in "/etc/dovecot/dovecot-ldap.conf" to domain 
root i.e. instead of having it say:

base = ou=testou,dc=domain,dc=tld

I set it to:

base = dc=domain,dc=tld

so it can lookup all users in the entire domain

then dovecot stops authenticating with AD altogether







More information about the dovecot mailing list