-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, 26 Nov 2014, Aaron Jenkins wrote:
I’ve attempted the user Mail with the same password with the same result
(binding as my own user was a last-ditch attempt).
OK, what about the:
As I understand auth_bind_userdn, you do not need
dn/dnpass anyway, because auth_bind_userdn prevents searching for the
user's DN
Did you removed the dn/dnpass settings?
What about the:
I wonder if the log shows the error from this setting or from the user's
login attempt. Could you try another user?
If you login with another user (not aaron.jenkins) to IMAP, which
username is listed in the logs then.
aaron@aaron-Parallels-Virtual-Platform:/etc/sssd$ ldapsearch -x -H
ldap://dc1.ad.automaton.uk -D
CN=aaron.jenkins,CN=users,DC=ad,DC=automaton,DC=uk -W - -b
CN=aaron.jenkins,CN=users,DC=ad,DC=automaton,DC=uk
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <CN=aaron.jenkins,CN=users,DC=ad,DC=automaton,DC=uk> with scope subtree
# filter: (objectclass=*)
# requesting: -
#
# aaron.jenkins, Users, ad.automaton.uk
dn: CN=aaron.jenkins,CN=Users,DC=ad,DC=automaton,DC=uk
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
Same with the user Mail
On November 25, 2014 at 2:18:26 AM, Steffen Kaiser
(skdove...@smail.inf.fh-brs.de<mailto:skdove...@smail.inf.fh-brs.de>) wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, 25 Nov 2014, Aaron Jenkins wrote:
I’m having issues getting Dovecot to work with AD on 2012 R2 in a test
environment.
…
Nov 19 09:22:23 auth: Debug: auth client connected (pid=10345)
Nov 19 09:22:23 auth: Debug: client in: AUTH 1 PLAIN service=imap secured
session=pkJxdDkISwAK0zcd lip=10.211.55.33 rip=10.211.55.29lport=993 rport=56395
Nov 19 09:22:23 auth: Debug: client passdb out: CONT 1
Nov 19 09:22:23 auth: Debug: client in: CONT 1 (previous base64 data may
contain sensitive data)
Nov 19 09:22:29 auth: Debug: client passdb out: FAIL 1 user=aaron.jenkins temp
Your conf:
auth_bind = yes
dn = aaron.jenkins
dnpass = dummypass1
auth_bind_userdn = CN=%u,CN=users,DC=ad,DC=automaton,DC=uk
Can you really succeed a simple auth with the dn aaron.jenkins ? This
ought to be a full DN. As I understand auth_bind_userdn, you do not need
dn/dnpass anyway, because auth_bind_userdn prevents searching for the
user's DN, in which case Dovecot requires a connection before any user
bind takes place.
I wonder if the log shows the error from this setting or from the user's
login attempt. Could you try another user?
Can you auth from command line via
ldapsearch -x -H ldap://dc1.ad.automaton.uk -D \
CN=aaron.jenkins,CN=users,DC=ad,DC=automaton,DC=uk -W \
- -b CN=aaron.jenkins,CN=users,DC=ad,DC=automaton,DC=uk
- --
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBVHRYQ3z1H7kL/d9rAQLlKgf9GB2o0/T84E9KykVU/IkoCuLQLfaNeTzg
tI26Puwl1+tHXY+WkJs8uHTsKWaI5Qyh0Fv/6bR3ZSB5QhEkAQSE87WKfSJCe6FX
i1261C5oLSqA8mWYoyPnkeHuHDFKp9YULnfqgBbLzz/7Y63i0dDgaql5stELZSwa
XCzUwrEWdxdzgt8h7mnfG6fHn4xxfLeKCiA5e62afjXux4eCGclcytXOpIgl8z7u
bULhGmxqyYDvjkGXCex/LYtKx+S6zSIMg/8Ior6SrPBy+IK0qUtwPoOssCY4cycd
4ZRVdvxjmjbHrzQdV/ZJn+jLqSI016l/lzASP7SUptHb8CjwxZxeCw==
=6Zsw
-----END PGP SIGNATURE-----
---------------Output of GPG------------------
Decryption of block failed
gpg: Signature made Tue 25 Nov 2014 11:21:55 AM CET using RSA key ID 0BFDDF6B
gpg: BAD signature from "Steffen Kaiser <skdove...@smail.inf.fh-brs.de>"
- --
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBVHWNNXz1H7kL/d9rAQLnnAf7B2u8IlAG8ayWgsGSOF6JQCYE071r8fvd
3QS5d8kLw59wDocUaRgDDZKflk3AJkpQVb4SNsrTKaESHk9W6vpG9U9LMoQH9Kcg
w2R9nr/m5AH7GKx/aZSYpuJYCHZ9uMIv2lMorgUQb8iZdFcSdTa3p/aiDQf/yvjv
yEB4W/tXugLZXsP43sEUjjM4yqaYRDM0D1d9GtohaxuZS+VxuZBEPRLD5Wlkh8cj
4NMrvdgPsAAu3jnhpkOkfRnx6mQ6wyPdd7tU0U8QRFtJcae24c7l8jlK785oEREM
wCPRfp+HejnQWUzZ2XRjevv58LWa2teQ+U36zutN5Aj2/VTo+U7H+g==
=P2I4
-----END PGP SIGNATURE-----
