[Dovecot] Configuration of dovecot 2.0.19 to authenticate users via LDAP

Danylo Esterman estermad at hochschule-trier.de
Sun May 18 10:09:27 UTC 2014


I am trying to get dovecot 2.0.19 authenticate users via LDAP (OpenLDAP
2.4.28) and using Wireshark to debug the process. It looks like the basic
configuration of dovecot is fine, but it doesn't pull it off to send the
right request to the LDAP server. First of all, this is how my LDAP-entries
look:

    # ht
    dn: dc=ht
    objectClass: top
    objectClass: dcObject
    objectClass: organization
    o: ip
    dc: ht

    # admin, ht
    dn: cn=admin,dc=ht
    objectClass: simpleSecurityObject
    objectClass: organizationalRole
    cn: admin
    description: LDAP administrator
    userPassword:: e1NTSEF9cFY1b0ZZVUhack1aRTVvaUg1T3c2cytVWHV4aUNvaHI=

    # people, ht
    dn: ou=people,dc=ht
    objectClass: organizationalUnit
    objectClass: top
    ou: people

    # groups, ht
    dn: ou=groups,dc=ht
    objectClass: organizationalUnit
    objectClass: top
    ou: groups

    # ipusers, groups, ht
    dn: cn=ipusers,ou=groups,dc=ht
    gidNumber: 500
    cn: ipusers
    objectClass: posixGroup
    objectClass: top

    # Max Mustermann, people, ht
    dn: cn=Max Mustermann,ou=people,dc=ht
    cn: Max Mustermann
    givenName: Max
    gidNumber: 500
    homeDirectory: /home/users/mmustormann
    sn: Mustermann
    objectClass: inetOrgPerson
    objectClass: posixAccount
    objectClass: top
    uidNumber: 1000
    uid: mmustermann
    userPassword:: e01ENX1ETUYxdWNEeHRxZ3h3NW5pYVhjbVlRPT0=
    loginShell: /bin/bash
    mail: mustorm at test.com

Now, I use the following configuration for dovecot
(/etc/dovecot/dovecot-ldap.conf.ext)

    hosts = 10.1.2.1
    dn = cn=admin,dc=ht
    dnpass = a
    auth_bind = yes
    auth_bind_userdn = uid=%u,ou=people,dc=ht
    ldap_version = 3
    scope = subtree
    base = ou=people,dc=ht
    user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid
    user_filter = (&(objectClass=posixAccount)(uid=%u))
    pass_attrs = uid=user,userPassword=password
    pass_filter = (&(objectClass=posixAccount)(uid=%u))

This is what I see in Wireshark: http://i.stack.imgur.com/ICzDe.png

Dovecot cannot authenticate itself for some reason...

If i change the configuration as follows:

    auth_bind = no
    #auth_bind_userdn = uid=%u,ou=people,dc=ht

Then I get following picture: http://i.stack.imgur.com/tb5vo.png

It doesn't pick up the setting base = ou=people,dc=ht. But what is more
crucial is that even looking at the whole tree "<ROOT>" wholeSubTree it
can't find the required entry.

I am really desperate and don't know how to make it work. Can somebody
please give me a clue how to solve this problem?


More information about the dovecot mailing list