Dear Dovecot mailing list people -<br><br>What I'm trying to do is use Postfix (with virtual users) and a POP3 server (we don't want IMAP - don't ask) to work against our new Active Directory servers that will be coming soon. Before we roll anything out we're testing it in the lab. Here's what we've got:
<br>x86 server running Red Hat Enterprise Linux 3<br>Postfix 2.0.16<br>Dovecot-1.0 Beta7<br>Windows 2003 server running Active Directory<br>Windows XP client running Outlook<br><br>Eventually, we'd like the clients to be joined to the AD domain and that's where we'll store ALL the user information. The email will come in on our postfix server (which uses virtual users) and the clients will check it passing their email username and domain password. The catch is that USERS CAN BE ANYWHERE IN THE DIRECTORY. (I apologize for the caps, I wanted to make sure that phrase wasn't glossed over.) So, for instance:
<br>> DC=local<br>|<br>>DC=domain<br> |<br> >OU=group1<br> | |<br> | > CN=user1<br> | > CN=user2<br> |<br> >OU=group2<br> | |<br> | > CN=user3<br> | > CN=user4<br> |<br> >OU=group3<br>
|<br> >CN=user5<br><br>The path to user1 is therefore CN=user1,OU=group1,DC=domain,DC=local (at least in the AD world.) The path to user3 is CN=user3,OU=group2,DC=domain,DC=local. So to search for users I would think (because this is how Postfix does it) that I could have the search base as DC=domain,DC=local and then have scope = subtree. IT DOESN'T WORK. (Again, caps used for emphasis only.)
<br><br>Here's the meat of the dovecot-ldap.conf file I'm using:<br>hosts = 192.168.x.x<br>dn = cn=Administrator,cn=Users,DC=domain,DC=local<br>dnpass = xxxxx<br>auth_bind = yes<br>ldap_version = 3<br>base = DC=domain,DC=local
<br>scope = subtree<br>user_attrs = sAMAccountName,mail,,,,<br>user_filter = (&(objectClass=organizationalPerson)(sAMAccountName=%u))<br>pass_filter = (&(objectClass=organizationalPerson)(sAMAccountName=%u))<br>user_global_uid = 44
<br>user_global_gid = 44<br><br>--- Interestingly, if I simply point the base to the actual user's container, it works just fine. The idea works from Postfix, but from dovecot it doesn't actually seem to search the tree. ---
<br><br>Here's some of the output from the log files. <br>dovecot: May 17 15:35:52 Info: auth(default): client in: AUTH 1 PLAIN service=POP3 lip=
<a href="http://192.168.0.199" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">192.168.0.199</a> rip=<a href="http://192.168.0.195" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
192.168.0.195</a> resp=AGp1c2VyAHBhc3N3b3Jk<br>dovecot: May 17 15:35:52 Info: auth(default): ldap(user1,<a href="http://192.168.0.195" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
192.168.0.195</a>): bind search: base=DC=LAB,DC=local filter=(&(objectClass=organizationalPerson)(sAMAccountName=user1))<br>dovecot: May 17 15:36:52 Info: pop3-login: Disconnected: Inactivity: method=PLAIN, rip=<a href="http://192.168.90.195" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
192.168.90.195</a>, lip=<a href="http://192.168.90.199" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">192.168.90.199</a><br>dovecot: May 17 15:37:52 Info: auth(default): client in: AUTH 1 PLAIN service=POP3 lip=
<a href="http://192.168.0.199" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">192.168.0.199
</a> rip=<a href="http://192.168.0.195" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">192.168.0.195</a> resp=AGp1c2VyAHBhc3N3b3Jk<br>dovecot: May 17 15:37:52 Info: auth(default): ldap(user1,
<a href="http://192.168.0.195" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">192.168.0.195</a>): bind search: base=DC=domain,DC=local filter=(&(objectClass=organizationalPerson)(sAMAccountName=user1))
<br>dovecot: May 17 15:37:54 Info: auth(default): client out: OK 1 user=user1<br>dovecot: May 17 15:37:54 Info: auth(default): client out: OK 1 user=user1<br>dovecot: May 17 15:37:54 Info: auth(default): master in: REQUEST 1 25233 1
<br>dovecot: May 17 15:37:54 Info: auth(default): ldap(user1,<a href="http://192.168.0.195" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">192.168.0.195</a>): base=DC=LAB,DC=local scope=subtree filter=(&(objectClass=organizationalPerson)(sAMAccountName=user1)) fields=sAMAccountName,mail,,,,
<br>dovecot: May 17 15:38:52 Info: pop3-login: Disconnected: Inactivity: user=<user1>, method=PLAIN, rip=<a href="http://192.168.0.195" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">192.168.0.195
</a>, lip=<a href="http://192.168.0.199" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">192.168.0.199</a><br><br>
Can anybody offer any insight? Pretty please? <br><br>- Burton <br>