"Temporary authentication failure" ? Cant connect with ldap user

Steffen Kaiser skdovecot at smail.inf.fh-brs.de
Tue Feb 24 09:02:51 UTC 2015 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 24 Feb 2015, David Scheele wrote:
> 2015-02-24 8:05 GMT+01:00 Steffen Kaiser <skdovecot at smail.inf.fh-brs.de>:
>> On Mon, 23 Feb 2015, David Scheele wrote:
>>
>>  So, I set up the Server, installed and configured postfix, ldap and
>>> dovecot
>>> (in that order) and now simply try to log into the mail account with a
>>> used
>>> from the LDAP over telnet.
>>>
>>> The test looks like this:
>>>
>>> *|> telnet localhost 143*
>>> *| a bunch of stuff ending with:*
>>> *| OK [**] Dovecot ready.*
>>> *|> a login username userpassword*
>>> *| a NO [UNAVAILABLE] Temporary authentication failure. [host and date
>>> here]*
>>>
>>> In the logs it says
>>>
>>> *|[date] mailserver dovecot: auth: Error: LDAP: binding failed (dn
>>> cn=admin): Invalid credentials*
>>>
>>> But I KNOW the admin password I entered into the dovecot-lda.conf.ext is
>>> correct as I use it to log into the LDAP directory over jxplorer
>>>
>>> I also know the password for the user i try to log in with is correct as i
>>> set it myself over and over just to be sure there are no typos.
>>> I'm at a loss, I've been at this end for a few days now and can't find
>>> good
>>> tutorials online because its either always an old dovecot, postfix, ldap
>>> or
>>> debian version and somewhere in the middle it just stops because some file
>>> is completely missing. I get the impression I'm just not able-brained for
>>> linux useage.
>>>
>>> Anyway, here are a few more informations about the system:
>>>
>>> *Dovecot version 2.1.7*
>>>
>>> Output of grep -v '^ *\(#.*\)\?$' dovecot-ldap.conf.ext:
>>> *hosts = localhost*
>>> *dn = cn=admin*
>>> *dnpass = [password]*

install the ldap-utils package - that one containing ldapsearch - and 
execute:

ldapsearch -W -D cn=admin -b 'dc=[domainname],dc=de' \
'(&(objectClass=posixAccount)(uid=<<uid>>))'

then enter your password.

1) I suppose, cn=admin is missing a domain name, e.g. 
dc=[domainname],dc=de .

2) does your dnpass contain "funny" characters?

>>> *sasl_bind = no*
>>> *tls = no*
>>> *auth_bind = yes*
>>> *ldap_version = 3*
>>> *base = dc=[domainname],dc=de*
>>> *user_attrs = uidNumber=uid,gidNumber=gid*
>>> *user_filter = (&(objectClass=posixAccount)(uid=%u))*
>>> *pass_attrs = uid=user,userPassword=password*

BTW: You do not habe no pass_filter or I deleted it last time.

>>>
>>> Output of dovecot -n:
>>>
>>> *disable_plaintest_auth = no*
>>> *mail_location = mbox:~/mail:INBOX=/var/mail/%u*
>>> *[namespace config here]*
>>>
>>> *passdb {*
>>> *args = /etc/dovecot/dovecot-ldap.conf.ext*
>>>
>>                        ^^^^^^^^^^^^^^^^^^^^
>>
>> filename mismatch
>>
>>  *driver = ldap*
>>> *}*
>>> *plugin {*
>>> *sieve = ~/.dovecot.sieve*
>>> *sieve_dir = ~/sieve*
>>> *}*
>>>
>>> *protocols = " imap pop3"*
>>> *ssl_cert = </etc/dovecot/dovecot.pem*
>>> *ssl_key = </etc/dovecot/private/dovecot.pem*
>>> *userdb {*
>>> *args = /etc/dovecot/dovecot-ldap.conf.ext*
>>> *driver =ldap*
>>> *}*
>>> *protocol pop3 {*
>>> *pop3_client_workarounds = outlook-no-nuls oe-ns-eoh*
>>> *pop3_uidl_format = %08Xu%08Xv*
>>> *}*
>>>
>>> Any help would be greatly apprechiated.... I'm going crazy over here.
>>>
>>> Thanks in advance,
>>> David
>>>
>>>
>> - -- Steffen Kaiser
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1
>>
>> iQEVAwUBVOwixXz1H7kL/d9rAQJxAgf/dNt0dBGANbIGvm6B0Oeuna/+uY5/7MR8
>> 9EpFwss94eu4PyFgAfOm2Al+IOT98LP1N9OHs3Za2r/2W7LKaesgjCa3vBfH9IjZ
>> okUj7fsQXsTAM+UqtF+ne3f5Vp6Ng36Irabr5HLptlbIu3lq8ALMm/E/72TabVLl
>> Lln7bB/YFftnrTlI2HheRLnAwSOMHu4rNE7G9zLqiPEipD5XsqgDBPpAM6PwPmbi
>> k/irSUgq8h4b66LCzo6Ekv6lvKzWxQpzJo0MC99HT0syAP/qpyLbPARhQvDXCH7J
>> wvf/T19EAt+OC4zzfIPgL2YxRP5ZN5efr82NLYdiMVfAcBaDHaFWTA==
>> =8upy
>> -----END PGP SIGNATURE-----
>>
>

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEVAwUBVOw+O3z1H7kL/d9rAQIaZAf+MTnOlpm92TbjdWLCNp3THyjUHMaHDmHt
/EuAXa7P0r16tuBHXNuWAohSzG80ZF6ALxg1EhtFkFdH/VtrnyqZ0L6imahcXbhe
QnwMA1R4PK1+K7ckUisg8Pkv+3hXPrMyjvOyqMUwOTmlwG6PjHNaX7LxthDQNTu4
0PjXVZ0IBGlBPTyra/9l81K5j/vw0qfvVF4ycWAFV7An/dqM3nYBnqkBTziqozNs
wdhYWFQqApE/pGOe6TbFGeDEiE9PXVTue4G/H9VGe8GKu/ctlp0mtaRN7x84h5dO
bqshRfVouSIOhK5jynJMH/T142URGKYGGaS7evCVfwNsRkOcdWJm+g==
=W7kX
-----END PGP SIGNATURE-----

More information about the dovecot mailing list