LDAP auth problems "unknown user"

Steffen Kaiser skdovecot at smail.inf.fh-brs.de
Tue Nov 22 13:57:16 UTC 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sun, 20 Nov 2016, Nikolai Lusan wrote:

> # grep -v '^ *\(#.*\)\?$' /etc/dovecot/ldap/maliuta.org-ldap.conf.ext
> uris = ldap://localhost
> dn = cn=admin,dc=maliuta,dc=org
> dnpass = <secret>
> tls = yes
> tls_ca_cert_dir = /etc/ssl/certs
> auth_bind = no
> ldap_version = 3
> base = ou=mail,dc=mailuta,dc=org
> scope = subtree
> default_pass_scheme = SSHA
> deref = never
> user_attrs = postfixDeliveryAddress=user
> user_filter =
> (&(postfixDeliveryEnabled=TRUE)(objectClass=postfixMailPerson))
> pass_attrs = postfixDeliveryAddress=user,userPassword=password
> pass_filter =
> (&(postfixDeliveryEnabled=TRUE)(objectClass=postfixMailPerson)(postfixD
> eliveryAddress=%u))

Your userdb and passdb filter differ, user_filter is missing the (a / 
some) %u part

> iterate_attrs = uid=user
> iterate_filter = (objectClass=postfixMailPerson)
>
>
> # ldapsearch -H ldap://localhost:389 -x -D 'cn=admin,dc=maliuta,dc=org' -W -b "ou=mail,dc=maliuta,dc=org" -s sub -LLL -ZZ  '(&(postfixDeliveryEnabled=TRUE)(objectClass=postfixMailPerson)(postfixDeliveryAddress=nikolai at test.maliuta.org))' uid userPassword
> Enter LDAP Password:
> dn: mail=nikolai at test.maliuta.org,ou=mail,dc=maliuta,dc=org
> uid: nikolai
> userPassword:: e1NTSEF9QVBZMTlaeGw1cWd0a25XeGxURXdqM2g5Yk5YL3BxOGY=
>
> ## From /var/log/mail.log
> Nov 20 07:24:20 kiliya dovecot: auth: Debug: auth client connected (pid=27086)
> Nov 20 07:24:20 kiliya dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=imap#011secured#011session=1kW2C65BFI2WZbl8#011lip=<local_ip>#011rip=<remote_ip>#011lport=143#011rport=36116#011local_name=<hostname>#011resp=AG5pa29sYWlAdGVzdC5tYWxpdXRhLm9yZwBmb29iYXIzMzQ0 (previous base64 data may contain sensitive data)
> Nov 20 07:24:20 kiliya dovecot: auth: Debug: ldap(nikolai at test.maliuta.org,<remote_ip>,<1kW2C65BFI2WZbl8>): cache miss
> Nov 20 07:24:20 kiliya dovecot: auth: Debug: ldap(nikolai at test.maliuta.org,<remote_ip,<1kW2C65BFI2WZbl8>): pass search: base=ou=mail,dc=mailuta,dc=org scope=subtree filter=(&(postfixDeliveryEnabled=TRUE)(objectClass=postfixMailPerson)(postfixDeliveryAddress=nikolai at test.maliuta.org)) fields=postfixDeliveryAddress,userPassword
> Nov 20 07:24:20 kiliya dovecot: auth: ldap(nikolai at test.maliuta.org,<remote_ip>,<1kW2C65BFI2WZbl8>): unknown user (given password: <correct_password>)
> Nov 20 07:24:22 kiliya dovecot: auth: Debug: client passdb out: FAIL#0111#011user=nikolai at test.maliuta.org
>
>

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEVAwUBWDROvHz1H7kL/d9rAQIujAgAumoghZV5Wo7ONK/Uncoa6iVB30NP0D5m
SdU/a++El5bLeiyKcdKoLkIqD74ZcFGjwImhRtd2Y8jroaGA15lK8HRRgJCERBKf
Nr/ZQ5B4Nhbig8ETwYYrJi2KOGkKMGQyXaSHxxlXmVKNFBrWmxo8SRqa0V39KYUB
pH9hVSNheHCkqpV6iS6JXnOmjXvguVtyB8ezA1zdrVfytMLL04oRKmK3Zn5s5JrO
M3mfArDdVitTad5r7stf9QOBR6xMG6rNBs+2WaEuJZV7/Dlln6fcd5IbhO/X0poN
pJIJ42VLirIMqAMLCRA7OWDjQcxbBFEAPAbaDh3O/pPRL/IXPJxjyw==
=AxPt
-----END PGP SIGNATURE-----


More information about the dovecot mailing list