LDAP authentication

Luca Bertoncello lucabert at lucabert.de
Mon Jun 22 14:19:52 UTC 2015 

Hi again

I'm trying to authenticate a user against an LDAP Server (well, our  
AD, but it can LDAP).

This is my configuration:

hosts = my.server.local
auth_bind = yes
ldap_version = 3
base = CN=Person,CN=Schema,CN=Configuration,DC=company,DC=local
scope = subtree
user_attrs = \
   =home=/home/imapproxy/%u, \
   =mail=maildir:/home/imapproxy/%u

pass_attrs = uid=%u, userPassword=%w
pass_filter = (&(objectClass=user)(sAMAccountName=%u))
auth_bind_userdn = company\%u

If I try to login on the LDAP-Server using ldapsearch it works, but  
with Dovecot not...
I see this in my log:

Jun 22 16:14:08 proxy01 dovecot: auth: Debug: client in:  
AUTH#0111#011PLAIN#011service=imap#011secured#011session=+agW4xsZ4gAKADPG#011lip=10.0.46.4#011rip=10.0.51.198#011lport=143#011rport=34018#011resp=<hidden>
Jun 22 16:14:08 proxy01 dovecot: auth: Debug: client passdb out:  
OK#0111#011user=bertoncello
Jun 22 16:14:08 proxy01 dovecot: auth: Debug: master in:  
REQUEST#0111586495489#01117122#0111#01161785e0770d6c48e7316ab484bc2778c#011session_pid=17125#011request_auth_token
Jun 22 16:14:08 proxy01 dovecot: auth: Debug:  
ldap(bertoncello,10.0.51.198,<+agW4xsZ4gAKADPG>): user search:  
base=CN=Person,CN=Schema,CN=Configuration,DC=company,DC=local  
scope=subtree filter=(&(objectClass=posixAccount)(uid=bertoncello))  
fields=
Jun 22 16:14:08 proxy01 dovecot: auth: Error:  
ldap(bertoncello,10.0.51.198,<+agW4xsZ4gAKADPG>):  
ldap_search(base=CN=Person,CN=Schema,CN=Configuration,DC=company,DC=local  
filter=(&(objectClass=posixAccount)(uid=bertoncello))) failed:  
Operations error
Jun 22 16:14:08 proxy01 dovecot: auth: Debug: master userdb out:  
FAIL#0111586495489
Jun 22 16:14:08 proxy01 dovecot: imap: Error: Internal auth failure  
(client-pid=17122 client-id=1)
Jun 22 16:14:08 proxy01 dovecot: imap-login: Internal login failure  
(pid=17122 id=1) (internal failure, 1 successful auths):  
user=<bertoncello>, method=PLAIN, rip=10.0.51.198, lip=10.0.46.4,  
mpid=17125, TLS, session=<+agW4xsZ4gAKADPG>

and if I sniff with ngrep the comunication with the AD I see:

####
T 10.0.46.4:58761 -> 192.168.168.23:389 [AP]
   0....`........
#
T 192.168.168.23:389 -> 10.0.46.4:58761 [AP]
   0........a............
##
T 10.0.46.4:58761 -> 192.168.168.23:389 [AP]
   0#...`......company\bertoncello..secret
#
T 192.168.168.23:389 -> 10.0.46.4:58761 [AP]
   0........a............
##
T 10.0.46.4:58761 -> 192.168.168.23:389 [AP]
   0....`........
#
T 192.168.168.23:389 -> 10.0.46.4:58761 [AP]
   0........a............
#
T 10.0.46.4:58761 -> 192.168.168.23:389 [AP]
    
0.....c{.5CN=Person,CN=Schema,CN=Configuration,DC=company,DC=local................1....objectClass..posixAccount....uid..bertoncello0.
#
T 192.168.168.23:389 -> 10.0.46.4:58761 [AP]
   0........e................000004DC: LdapErr: DSID-0C0906E8,  
comment: In order to perform this operation a successful bind must be  
completed on the connection., data 0, v1db1.
##
T 10.0.46.4:58761 -> 192.168.168.23:389 [AP]
   0....B.
###
T 192.168.168.23:389 -> 10.0.46.4:58761 [AR]
   ..

and I can't understand why:

1) I read "objectClass..posixAccount"
2) The authentication does not work...

Thanks for your help!
Luca Bertoncello
(lucabert at lucabert.de)

More information about the dovecot mailing list