[Dovecot] Dovecot LDAP issue
Deeztek Support
support at deeztek.com
Tue Apr 8 09:36:51 UTC 2014
On 4/8/2014 2:18 AM, Steffen Kaiser wrote:
> The primary question is: Does
>
> ldapsearch -H ldap://server.domain.tld:389 \
> -b dc=domain,dc=tld -D ... -W \
> '(&(userPrincipalName=<<user>>)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))'
>
> return the user?
yes it does. The authentication with AD works as it should as long as
dovecot is pointing to the right OU.
>
> How many domain controllers to you have in the AD? Which of them holds
> which domains? See http://technet.microsoft.com/en-us/library/cc978012.aspx
>
I have on domain controller and there is only one domain. I think we are
getting off track here. There is no problem with authentication. Maybe I
need to be more clear.
Dovecot is able to authenticate with active directory as long as the
"base = " parameter in "/etc/dovecot/dovecot-ldap.conf" is pointing to
the OU that the dovecot users are. However, I have another OU where my
Exchange users are. So, when I try to send email from a dovecot user to
an Exchange user, dovecot throws the error "user unknown" because it's
not able to find the Exchange user since it's in a different OU. When I
set the "base =" parameter in "/etc/dovecot/dovecot-ldap.conf" to domain
root i.e. instead of having it say:
base = ou=testou,dc=domain,dc=tld
I set it to:
base = dc=domain,dc=tld
so it can lookup all users in the entire domain
then dovecot stops authenticating with AD altogether
More information about the dovecot
mailing list