-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, 30 Oct 2013, m...@electronico.nc wrote:
passdb {
args = /etc/dovecot/dovecot-ldap-passdb.conf.ext
driver = ldap
}
/etc/dovecot/dovecot-ldap-passdb.conf.ext:
hosts = localhost
auth_bind = yes
auth_bind_userdn = cn=%u,OU=users,dc=domain,dc=lan
You define your bind DN as cn=%u,OU=users,dc=domain,dc=lan
ldap_version = 3
base = ou=users,dc=domain,dc=lan
scope = subtree
pass_filter = (&(objectClass=person)(cn=%u)(mail=*))
user_attrs = uid=20001, gid=20001, home=/media/data/email/%n,
mail=/media/data/email/%n/mail
user_filter = (&(objectClass=person)(cn=%n)(mail=*))
pass_filter and user_filter differ in %u vs. %n.
Here is the debug part when user test3 (located in ou=users,
ou=administrative) tries to login:
The auth_bind_userdn does not match the ou=administrative location. Drop
the auth_bind_userdn, IMHO, so Dovecot actually uses pass_filter to
search for the DN of the user.
Oct 30 18:49:12 serveur dovecot: auth:
ldap(test3,10.10.20.208,<L6uskfDpKwAKChTQ>): invalid credentials
Oct 30 18:49:14 serveur dovecot: auth: Debug: client passdb out:
FAIL#0111#011user=test3
As soon as I move user 'test3' back to ou=users, it can login ...
Oct 30 18:53:57 serveur dovecot: auth: Debug: client passdb out:
OK#0111#011user=test3
- --
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBUnDECl3r2wJMiz2NAQLEJQgAp/fECmujABG7xDI4nSkyn7ZcDp5xOqLm
qa+t2O+DPmEqC9EI+MIBaM8XOzKBG7iAVHpVtJJ06WA/Sn0aupyWxq6mAFEIYTtM
2byKy4eSWexZU3XbhvggqMVaRJTBGHV31f2d05ZXjLzFeU4nzczN7xZ4DKVRqzhz
ii72NyMDf1bUhEx+1O7irMLnitOtpBlxsI5Xws6qrc1T4xlv0jjEkaqXEQAnPLWH
9F4x+t1mKks+UcMMl6wOUQ/Siozg4GBVjnyNd8F7bLVRznntkhxzOY0apCC8Df9+
kC2OhOF9ItHXKR2QI9w/emdqeKjbGQHEdrqC3Von2T/ntUA3yYHrCw==
=mGae
-----END PGP SIGNATURE-----
