LDAP authentication

[John Oliver]

On Wed, Sep 10, 2014 at 12:41:16PM -0700, Bob Miller wrote:
> Hi,
> > Sep 10 11:27:00 localhost dovecot: auth: pam(testuser1,127.0.0.1):
> > pam_authenticate() failed: Permission denied
> > Sep 10 11:27:00 localhost dovecot: auth: ldap(testuser1,127.0.0.1):
> > invalid credentials
> 
> I am not clear from this if you are using pam auth first and ldap auth
> 2nd, or if you are trying to use pam to do your ldap authentication for
> you.  Assuming the former, I would guess that you are either failing the
> auth_bind, or the attributes you are using for user_filter/pass_filter
> aren't matching the username format.  I would start by checking the
> settings in your dovecot-ldap.conf file...

[joliver at localhost ~]$ dovecot -n
# 2.0.9: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-431.el6.x86_64 x86_64 CentOS release 6.5 (Final) 
auth_debug = yes
auth_username_format = %Lu
auth_verbose = yes
mail_access_groups = mail
mail_location = mbox:~/mail/:INBOX=/var/mail/%u
mail_privileged_group = mail
mbox_write_locks = fcntl
passdb {
  driver = pam
}
passdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
protocols = imap
ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
ssl_key = </etc/pki/dovecot/private/dovecot.pem
userdb {
  driver = passwd
}
userdb {
  args = uid=503 gid=504 home=/home/vmail/%u
  driver = static
}
[joliver at localhost ~]$ cat /etc/dovecot/dovecot-ldap.conf.ext
hosts = localhost
base = ou=Users,dc=my,dc=domain
ldap_version = 3
auth_bind = yes
auth_bind_userdn = uid=%u,ou=Users,dc=my,dc=domain

-- 
***********************************************************************
* John Oliver                             http://www.john-oliver.net/ *
*                                                                     *
***********************************************************************