Re: [Dovecot] Configuration of dovecot 2.0.19 to authenticate users via LDAP

Sun, 18 May 2014 23:57:07 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sun, 18 May 2014, Danylo Esterman wrote:


   # Max Mustermann, people, ht
   dn: cn=Max Mustermann,ou=people,dc=ht
   cn: Max Mustermann
   givenName: Max
   gidNumber: 500
   homeDirectory: /home/users/mmustormann
   sn: Mustermann
   objectClass: inetOrgPerson
   objectClass: posixAccount
   objectClass: top
   uidNumber: 1000
   uid: mmustermann
   userPassword:: e01ENX1ETUYxdWNEeHRxZ3h3NW5pYVhjbVlRPT0=
   loginShell: /bin/bash
   mail: must...@test.com

Now, I use the following configuration for dovecot
(/etc/dovecot/dovecot-ldap.conf.ext)

   hosts = 10.1.2.1
   dn = cn=admin,dc=ht
   dnpass = a
   auth_bind = yes
   auth_bind_userdn = uid=%u,ou=people,dc=ht
   ldap_version = 3
   scope = subtree
   base = ou=people,dc=ht
   user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid
   user_filter = (&(objectClass=posixAccount)(uid=%u))
   pass_attrs = uid=user,userPassword=password
   pass_filter = (&(objectClass=posixAccount)(uid=%u))

This is what I see in Wireshark: http://i.stack.imgur.com/ICzDe.png

Dovecot cannot authenticate itself for some reason...
The Wireshark trace shows that you've tried to authentificate an user "uid=mmustermann,ou=people,dc=ht", but no such LDAP item exists. It is named "cn=Max Mustermann,ou=people,dc=ht". 


If i change the configuration as follows:

   auth_bind = no
   #auth_bind_userdn = uid=%u,ou=people,dc=ht

Then I get following picture: http://i.stack.imgur.com/tb5vo.png


Well, why auth_bind = no? If you read the comment for that setting:

# Use authentication binding for verifying password's validity. This works by
# logging into LDAP server using the username and password given by client.
# The pass_filter is used to find the DN for the user. Note that the pass_attrs
# is still used, only the password field is ignored in it. Before doing any
# search, the binding is switched back to the default DN.
#auth_bind = no
auth_bind = yes


I am really desperate and don't know how to make it work. Can somebody
please give me a clue how to solve this problem?
- -- Steffen Kaiser 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBU3mrOHz1H7kL/d9rAQJP3Qf/S4FMF1R1ZSvs1vpul3S2pN1stNlEKvjU
9O5hemGYbjfXJjZzY0Htp1rfDHz35GkYkfIxNOmf9pH7WVS9BXK+3wx0jNXVOMVh
3OPnbe7UNZmj5MMx/xtCs6MrC010aOvZ0semBEaoyosUaZA11nyi+Ju2rYtxmZqG
4GNWxMjlXl98qzt8LPqSdnYzLJ+uzkmdh8CNQLOS5e86bwcxV5Fd5V3CbuT40/A0
odEtyvoe8czpnfOBM1CImwwoOnyK0lBi4Pk5SGwLA3qyDlac7bsNnNahUx22Nozd
VYQ3ixZODp3f3/VIloqdVmTFHly8S2vLFDZOmWo4Tc0FEYsLHqR+iA==
=fy/V
-----END PGP SIGNATURE-----

Reply via email to