Re: [Dovecot] Dovecot2 vs. AD, "Inactivity during authentication"

Thu, 27 Feb 2014 23:31:48 -0800 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 27 Feb 2014, Jeroen Scheerder wrote:


passdb {
 args = /usr/local/etc/dovecot/on2it-ldap-users.cfg
 driver = ldap
}



userdb {
 args = /usr/local/etc/dovecot/on2it-ldap-users-userdb.cfg
 driver = ldap
}



$ cat /usr/local/etc/dovecot/on2it-ldap-users.cfg
hosts = dc2.office.on2it.net
ldap_version = 3
base = dc=office,dc=on2it,dc=net
scope=subtree
auth_bind = yes
dn = [suppressed]
dnpass = [suppressed]

pass_attrs = sAMAccountName=user
user_attrs = \
        =home=/var/mail/on2it/%{ldap:sAMAccountName}, \
        =mail=maildir:/var/mail/on2it/%{ldap:sAMAccountName}
you must not use home dir == mail dir, search list about what wired things can happen, if you do. But this has nothing to do with your auth problem. 


user_filter = (&(ObjectClass=person)(sAMAccountName=%u))
pass_filter = (&(ObjectClass=person)(sAMAccountName=%u))

iterate_attrs = sAMAccountName=user
iterate_filter = (objectClass=person)

$ ls -l /usr/local/etc/dovecot/on2it-ldap-users-userdb.cfg
lrwxr-xr-x  1 root  wheel  20 Feb 27 12:07 
/usr/local/etc/dovecot/on2it-ldap-users-userdb.cfg -> on2it-ldap-users.cfg



Feb 27 12:49:16 auth: Debug: ldap(js,127.0.0.1,<9QHH22HzYgB/AAAB>): result: 
sAMAccountName=js; sAMAccountName unused
Feb 27 12:49:16 auth: Debug: ldap(js,127.0.0.1,<9QHH22HzYgB/AAAB>): result: 
sAMAccountName=js
This puzzles me, "sAMAccountName unused" should mean that Dovecot does not use the attribute, which contradicts the definition of pass_attrs. Do you have wiered characters in/around the line "pass_attrs = sAMAccountName=user"? Maybe a Windows linebreak ^M / \r or something? A Unicode non-breakable space? Did you stopped, killed any remaining Dovecot processes and restarted Dovecot - just to be sure? 

Maybe, add sAMAccountName=user to user_attrs, too.
- -- Steffen Kaiser 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBUxA7WXD1/YhP6VMHAQKX4ggA1Zn7M3ADyVmqxtYT3aiNW429RiFLnKrX
ql8YZUS+ZPAKP7aBzEFZqUFKc3UkP9yR6QfZPoJC/x3DJqnKZZTW6dJl2vDkXVth
KUA1OotQVE21E85mbZR8zUYwKGl05saYwJb/4HpfP56xX8PbaItAUPISwPa5LAYK
aShfHZ/dD0Qq49eEMqa/ErG/3ntUQfD162UCiKMspUh91i4enEt1WQ2j4cSRN3BV
iSwx3U337uFYyUCqAhiUG7dtHU8CH2GD6RNFM/m3JXYZWg91zgKveBNJ4pGzV8mU
bb5pJ2KAhUQIjXnCgZrSSVIkgUr6KOMr0gkztACNvwhm78TF45WAbg==
=Y/0n
-----END PGP SIGNATURE-----

Reply via email to