On Fri, 2010-10-15 at 07:17 -0600, Trever L. Adams wrote: > Fantastic. I am not. Postfix, is validating user existence. I read > somewhere I can turn off Dovecot LDA validation, but now I am unable to > find the page.
http://wiki2.dovecot.org/UserDatabase/Static / allow_all_users > >>> Oct 15 05:48:06 TeaSet dovecot: master: Error: service(auth-worker): > >>> child 16375 killed with signal 11 (core dumps disabled) > > Can you get a gdb backtrace? First enable core dumps with "ulimit -c > > unlimited" and once you have core file see > > http://dovecot.org/bugreport.html > I am not sure this is necessary. A crash is a bug in any case that I'd like to fix. A good backtrace would make it easier for me to do that. > The problem seems to be in this > dovecot: auth: Debug: ldap(?): result: sAMAccountName(?unknown?)= > > I get that for all fields in the AD. It looks like I am going to have to > do a bind of some kind. You mean the "?unknown?" part? I think the problem here is that I hadn't thought that LDAP attributes are case-insensitive. You should have used sAMAccountName, not samaccountname in the iterate_attrs. But I suppose I'll need to fix this myself too. > auth: Error: LDAP: binding failed (dn > CN=SMTP-SERVICE-PRINCIPAL-USER,CN=Users,DC=example,DC=org): Local error, > SASL(-1): generic failure: GSSAPI Error: An invalid name was supplied > (Cannot determine realm for numeric host address) No idea. > I am thinking I should add gss-spnego to the mech, but haven't done so. No, anything outside dovecot-ldap.conf doesn't affect LDAP. OpenLDAP uses Cyrus SASL for doing the GSSAPI stuff, so you should try to look into that.
