On Tue, 2011-11-01 at 09:55 -0600, David Varela wrote: > I am running a Dovecot server (version 1.2.17) on FreeBSD 8.2, using > LDAP to authenticate Active Directory users. I can successfully bind and > authenticate using PLAIN and LDAP without SASL, but obviously passwords for > the bind user and the user being authenticated are being passed in plain > text. I've attempted to configure my server to us SASL however when I > attempt to authenticate a user I see authentication failures. I reviewed > the security log on my domain controller and see that the bind user is > binding properly, so the issue appears to be orginating from the user > authentication, however I cannot determine what the issue is. Here is all > the information regarding my configuration, along with the logs from the > server:
SASL binding currently works only for the initial "ldap admin user" authentication. It doesn't work for individual user authentication requests (auth_bind=yes). > #auth_bind = yes Here you're not even attempting to use auth binds. > pass_attrs = mail=user And you're also not returning a password for user. > Nov 01 09:13:26 auth(default): Info: ldap(dav...@smallmountain.net,127.0.0.1): > No password returned (and no nopassword) So Dovecot has no way of authenticating user. I'd suggest forgetting about SASL and enabling TLS instead.
