AD LDAP auth shows unknown results
victorpictor at mailbox.hu
victorpictor at mailbox.hu
Fri Apr 15 16:53:38 UTC 2016
Hi List!
Been struggling with AD LDAP auth, ldapsearch shows everything fine, but
when I try to telnet, the log shows unknown attributes.
Dovecot 2.0.19
dovecot -n:
# 2.0.19: /etc/dovecot/dovecot.conf
# OS: Linux 3.5.0-23-generic x86_64 Ubuntu 12.04.5 LTS ext4
auth_debug = yes
auth_mechanisms = plain login
auth_username_format = %n
auth_verbose = yes
disable_plaintext_auth = no
listen = *
mail_location = maildir:/var/mail/%u%d/Maildir
namespace inbox {
inbox = yes
location =
prefix =
}
passdb {
args = /etc/dovecot/dovecot-ldap-passdb.conf
driver = ldap
}
plugin {
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
sieve_global_dir = /var/lib/dovecot/sieve/
}
protocols = " imap lmtp pop3"
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
user = vmail
}
ssl = no
ssl_cert = </etc/ssl/certs/dovecot.pem
ssl_key = </etc/ssl/private/dovecot.pem
userdb {
args = /etc/dovecot/dovecot-ldap-userdb.conf
driver = ldap
}
protocol lmtp {
mail_plugins = " sieve"
postmaster_address = postmaster at domain.hu
}
Contents of passdb.conf:
hosts = 1.2.3.4
auth_bind = yes
auth_bind_userdn = DOMAIN\%u
ldap_version = 3
base = dc=domain,dc=in
scope = subtree
deref = never
pass_filter = (&(objectClass=person)(sAMAccountName=%u)(mail=*))
Contents of userdb.conf:
hosts = 1.2.3.4
dn = DOMAIN\user
dnpass = xxx
ldap_version = 3
base = dc=domain,dc=in
user_attrs =
=uid=108,=gid=115,=home=/var/mail/%Lu,=mail=maildir:/var/mail/%Lu/Maildir/
user_filter = (&(objectClass=person)(sAMAccountName=%u)(mail=*))
# Attributes and filter to get a list of all users
iterate_attrs = sAMAccountName=user
iterate_filter = (objectClass=person)
And the log after a test login:
Apr 15 18:10:52 ubuntutest2 dovecot: auth: Debug: ldap(user,127.0.0.1):
user search: base=dc=domain,dc=in scope=subtree
filter=(&(objectClass=person)(sAMAccountName=user)(mail=*)) fields=
Apr 15 18:10:52 ubuntutest2 dovecot: auth: Debug: ldap(user,127.0.0.1):
result: objectClass(?unknown?)= cn(?unknown?)= instanceType(?unknown?)=
whenCreated(?unknown?)= uSNCreated(?unknown?)= name(?unknown?)=
objectGUID(?unknown?)= badPwdCount(?unknown?)= codePage(?unknown?)=
countryCode(?unknown?)= badPasswordTime(?unknown?)=
lastLogoff(?unknown?)= lastLogon(?unknown?)= primaryGroupID(?unknown?)=
objectSid(?unknown?)= accountExpires(?unknown?)= logonCount(?unknown?)=
sAMAccountName(?unknown?)= sAMAccountType(?unknown?)=
userPrincipalName(?unknown?)= objectCategory(?unknown?)=
givenName(?unknown?)= initials(?unknown?)= sn(?unknown?)=
displayName(?unknown?)= description(?unknown?)=
physicalDeliveryOfficeName(?unknown?)= userAccountControl(?unknown?)=
msDS-SupportedEncryptionTypes(?unknown?)= pwdLastSet(?unknown?)=
homeDrive(?unknown?)= homeDirectory(?unknown?)= memberOf(?unknown?)=
mail(?unknown?)= whenChanged(?unknown?)= uSNChanged(?unknown?)=
distinguishedName(?unknown?)=
Any idea?
Thanks for advance!
Victorpictor
More information about the dovecot
mailing list