Am 31.10.2013 01:11, schrieb m...@electronico.nc:
Le 31/10/2013 10:42, Achim Gottinger a écrit :
Am 30.10.2013 21:17, schrieb m...@electronico.nc:
Hello and thanks for your answer.
Le 30/10/2013 19:32, Steffen Kaiser a écrit :
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, 30 Oct 2013, m...@electronico.nc wrote:
passdb {
args = /etc/dovecot/dovecot-ldap-passdb.conf.ext
driver = ldap
}
/etc/dovecot/dovecot-ldap-passdb.conf.ext:
hosts = localhost
auth_bind = yes
auth_bind_userdn = cn=%u,OU=users,dc=domain,dc=lan
You define your bind DN as cn=%u,OU=users,dc=domain,dc=lan
ldap_version = 3
base = ou=users,dc=domain,dc=lan
scope = subtree
pass_filter = (&(objectClass=person)(cn=%u)(mail=*))
You should use
/etc/dovecot/dovecot-ldap-passdb.conf.ext
hosts = localhost
dn = cn=ldap,cn=Users,DC=domain,DC=lan
dnpass = My_secret_pass
auth_bind = yes
ldap_version = 3
base = OU=users,DC=domain,DC=lan
scope = subtree
pass_filter = (&(objectClass=person)(cn=%u)(mail=*))
That way pass_filter should match
cn=%u,OU=administrative,OU=Users,DC=domain,DC=lan as well. Take an
look at http://wiki2.dovecot.org/AuthDatabase/LDAP/AuthBinds DN
lookup vs. DN template.
Hello Achim,
Thanks for your answer :-)
Sure it works OK, as soon as I specify dn & dnpass (that I omitted in
passdb... :-[ )
Many thanks again !
Nicolas
The problem was auth_bind_userdn which only matched users in OU=users.
If you use that type of passwort check pass_filter is not used. Now
dovecot binds as user dn first, does an lookup of the users dn via
pass_filter and uses the result as the dn for the password verification
via an second bind to ldap. If you use the LDAP Server from an Active
Directory i'd recommen you use.
pass_filter = (&(objectClass=person)(sAMAccountName=%u)(mail=*)).
Because if you use Windows Remote Admin Tools to create users the users
dn is usually someting like dn=cn=[Full Name],ou=Users,dc=domain,dc=lan
and cn=[Full Name]. sAMAccountName however holds the users login name.
