Working with Active Directory on Windows Server 2012 R2

[Steffen Kaiser]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 25 Nov 2014, Aaron Jenkins wrote:

> I’m having issues getting Dovecot to work with AD on 2012 R2 in a test environment.
> …
> Nov 19 09:22:23 auth: Debug: auth client connected (pid=10345)
> Nov 19 09:22:23 auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=pkJxdDkISwAK0zcd lip=10.211.55.33 rip=10.211.55.29lport=993 rport=56395
> Nov 19 09:22:23 auth: Debug: client passdb out: CONT 1
> Nov 19 09:22:23 auth: Debug: client in: CONT 1  (previous base64 data may contain sensitive data)
> Nov 19 09:22:29 auth: Debug: client passdb out: FAIL 1 user=aaron.jenkins temp

Your conf:
auth_bind       = yes
dn              = aaron.jenkins
dnpass          = dummypass1
auth_bind_userdn = CN=%u,CN=users,DC=ad,DC=automaton,DC=uk

Can you really succeed a simple auth with the dn aaron.jenkins ? This 
ought to be a full DN. As I understand auth_bind_userdn, you do not need 
dn/dnpass anyway, because auth_bind_userdn prevents searching for the 
user's DN, in which case Dovecot requires a connection before any user 
bind takes place.

I wonder if the log shows the error from this setting or from the user's 
login attempt. Could you try another user?

Can you auth from command line via

ldapsearch -x -H ldap://dc1.ad.automaton.uk -D  \
CN=aaron.jenkins,CN=users,DC=ad,DC=automaton,DC=uk -W \
- -b CN=aaron.jenkins,CN=users,DC=ad,DC=automaton,DC=uk

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBVHRYQ3z1H7kL/d9rAQLlKgf9GB2o0/T84E9KykVU/IkoCuLQLfaNeTzg
tI26Puwl1+tHXY+WkJs8uHTsKWaI5Qyh0Fv/6bR3ZSB5QhEkAQSE87WKfSJCe6FX
i1261C5oLSqA8mWYoyPnkeHuHDFKp9YULnfqgBbLzz/7Y63i0dDgaql5stELZSwa
XCzUwrEWdxdzgt8h7mnfG6fHn4xxfLeKCiA5e62afjXux4eCGclcytXOpIgl8z7u
bULhGmxqyYDvjkGXCex/LYtKx+S6zSIMg/8Ior6SrPBy+IK0qUtwPoOssCY4cycd
4ZRVdvxjmjbHrzQdV/ZJn+jLqSI016l/lzASP7SUptHb8CjwxZxeCw==
=6Zsw
-----END PGP SIGNATURE-----