On Sun, 2010-11-14 at 21:31 +0900, marie ot wrote: > I am using dovecot-2.0.6 with NetBSD amd64. .. > hosts = xxx.xxx.xxx.xxx:389 > dn = cn=Mail Administrator, cn=Users, dc=example, dc=com > dnpass = *********
dn is set, so Dovecot does a bind before doing anything else. > Both dovecot and postfix the first "bindRequest" was quite > the same demand and the results. > > Next, dovecot demanded query of "userPrincipalName" and "unixUserPassword". > It seems to be ok for the result. > # This fails if it doesn't add to "Account Operators" group. Looks right. > However, "name" and "simple" were issued by the blank (anonymously?) What do you mean by "name" and "simple"? > as for the following next demand (bindRequest). Since you have auth_bind=no, there should be only a single bind request at the beginning of LDAP connection, nothing afterwards. > In addition, query of "userPrincipalName" and "unixUserPassword" is issued > to > "cn=Configuration, dc=example, dc=com" afterwards. Where's that Configuration coming from? It's not in your config file, so I don't see why Dovecot would go querying it. Unless perhaps it's OpenLDAP library that goes doing this stuff internally. > errorMessage: 000004DC: LdapErr: DSID-0C0906DC, comment: In order to perform > this operation a successful bind must be completed on the connection., data > 0, v1db0 I don't see how this could happen, except if the previous LDAP reply contains some kind of a reference elsewhere and OpenLDAP automatically goes connecting there.
