<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/3.10.3">
</HEAD>
<BODY>
Hi,<BR>
I am having stability problems setting up dovecot to authenticate virtual users against Active Directory on Win2k3. If the correct userid and password are used, everything works fine, see first logfile snippet below. If an unknown userid is used, again everything works fine. If I try logging in with a valid userid but get the password wrong, that connection is rejected (see second logfile snippet), and all subsequent connection even with correct userid/password are rejected with thunderbird getting a temporary auth failure (see third logfile snippet below).<BR>
<BR>
I am using auth_bind = yes and it seems as though after the failed login with an incorrect password, dovecot is loosing the dn & dnpass settings for the initial user lookup.<BR>
<BR>
I have found numerous references to PHP and ActiveDirectory on Win2k3 getting a similar "ldap_search() failed: Operations error" error and they suggested ensuring LDAP Version 3 is used and the Deref is set to 'never'. I am already using these setting to no avail.<BR>
<BR>
Has anyone else experience these problems, or have any suggestions on how to overcome it ? <BR>
<BR>
Many thanks,<BR>
Rob Coward<BR>
<BR>
<BR>
<B><U>Normal Login with correct password</U></B><BR>
<BR>
Aug 16 10:08:52 gm-ho-lin-05 dovecot: auth(default): client in: AUTH 1 PLAIN service=IMAP secured lip=127.0.0.1 rip=127.0.0.1 resp=ADA5OTlAc3RvcmVzLmdhbWUuY28udWsAOTk5MA==<BR>
Aug 16 10:08:52 gm-ho-lin-05 dovecot: auth(default): ldap(0999@stores.game.co.uk,127.0.0.1): bind search: base=OU=Stores,OU=UK,DC=group,DC=game,DC=net filter=(&(objectClass=user)(mail=<A HREF="mailto:0999@stores.game.co.uk">0999@stores.game.co.uk</A>))<BR>
Aug 16 10:08:52 gm-ho-lin-05 dovecot: auth(default): client out: OK 1 user=<A HREF="mailto:0999@stores.game.co.uk">0999@stores.game.co.uk</A><BR>
Aug 16 10:08:52 gm-ho-lin-05 dovecot: auth(default): master in: REQUEST 6 20765 1<BR>
Aug 16 10:08:52 gm-ho-lin-05 dovecot: auth(default): ldap(0999@stores.game.co.uk,127.0.0.1): base=OU=Stores,OU=UK,DC=group,DC=game,DC=net scope=subtree filter=(&(objectClass=user)(mail=0999@stores.game.co.uk)) fields=uid,,,uid,,<BR>
Aug 16 10:08:52 gm-ho-lin-05 dovecot: auth(default): master out: USER 6 0999@stores.game.co.uk uid=12367 gid=12367<BR>
Aug 16 10:08:52 gm-ho-lin-05 dovecot: imap-login: Login: user=<0999@stores.game.co.uk>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured<BR>
Aug 16 10:08:52 gm-ho-lin-05 dovecot: IMAP(0999@stores.game.co.uk): Effective uid=12367, gid=12367<BR>
Aug 16 10:08:52 gm-ho-lin-05 dovecot: IMAP(0999@stores.game.co.uk): maildir: data=/data/mailstore/stores.game.co.uk/0999<BR>
Aug 16 10:08:52 gm-ho-lin-05 dovecot: IMAP(0999@stores.game.co.uk): maildir: root=/data/mailstore/stores.game.co.uk/0999, index=/data/mailstore/stores.game.co.uk/0999, control=, inbox=<BR>
Aug 16 10:08:52 gm-ho-lin-05 dovecot: IMAP(0999@stores.game.co.uk): Disconnected: Logged out<BR>
<BR>
<BR>
<B><U>Login with incorrect password</U></B><BR>
<BR>
Aug 16 10:09:37 gm-ho-lin-05 dovecot: auth(default): client in: AUTH 1 PLAIN service=IMAP secured lip=127.0.0.1 rip=127.0.0.1 resp=ADA5OTlAc3RvcmVzLmdhbWUuY28udWsAMTIzNA==<BR>
Aug 16 10:09:37 gm-ho-lin-05 dovecot: auth(default): ldap(0999@stores.game.co.uk,127.0.0.1): bind search: base=OU=Stores,OU=UK,DC=group,DC=game,DC=net filter=(&(objectClass=user)(mail=<A HREF="mailto:0999@stores.game.co.uk">0999@stores.game.co.uk</A>))<BR>
Aug 16 10:09:39 gm-ho-lin-05 dovecot: auth(default): client out: FAIL 1 user=<A HREF="mailto:0999@stores.game.co.uk">0999@stores.game.co.uk</A><BR>
Aug 16 10:09:39 gm-ho-lin-05 dovecot: imap-login: Aborted login: user=<0999@stores.game.co.uk>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured<BR>
<BR>
<BR>
<B><U>Subsequent logins with correct password</U></B><BR>
<BR>
Aug 16 10:09:48 gm-ho-lin-05 dovecot: auth(default): client in: AUTH 1 PLAIN service=IMAP secured lip=127.0.0.1 rip=127.0.0.1 resp=ADA5OTlAc3RvcmVzLmdhbWUuY28udWsAOTk5MA==<BR>
Aug 16 10:09:48 gm-ho-lin-05 dovecot: auth(default): ldap(0999@stores.game.co.uk,127.0.0.1): bind search: base=OU=Stores,OU=UK,DC=group,DC=game,DC=net filter=(&(objectClass=user)(mail=<A HREF="mailto:0999@stores.game.co.uk">0999@stores.game.co.uk</A>))<BR>
Aug 16 10:09:48 gm-ho-lin-05 dovecot: auth(default): ldap(0999@stores.game.co.uk,127.0.0.1): ldap_search() failed: Operations error<BR>
Aug 16 10:09:49 gm-ho-lin-05 dovecot: auth(default): client out: FAIL 1 user=0999@stores.game.co.uk temp<BR>
Aug 16 10:09:49 gm-ho-lin-05 dovecot: imap-login: Aborted login: user=<0999@stores.game.co.uk>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured<BR>
<BR>
<P> </P>
<P>This e-mail and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are
addressed. If you have received this e-mail in error please notify
the system manager
at: <BR> <BR>
mailto:<A
href="mailto:postmaster@game.net">postmaster@game.net</A> <BR>
<BR>The recipient acknowledges that the transmissions made via the Internet can
be corrupted and therefore THE GAME GROUP PLC and any of its
subsidiaries do not give any warranty as to the quality or accuracy
of any information contained in the message or assume any liability
for it or for its transmission, reception or storage. </P>
<P>This footnote also confirms that this e-mail message has been swept by
anti-virus software for the presence of computer viruses. <BR> <BR><A
href="http://www.game.co.uk">http://www.game.co.uk</A><BR><A
href="http://www.gamegroup.plc.uk/"
target=_blank>http://www.gamegroup.plc.uk</A> </P>
</BODY>
</HTML>