Re: My dovecot works fine against Active Directory 2003, but not against AD2008

Fran Thu, 10 Sep 2015 04:27:50 -0700

Hi Mark,

when I say AD 2003/8 I mean Active Directory 2003/8.


My configuration is attached.

I based my installation (dovecot+postfix) in the guides of this site:
http://www.linuxmail.info

The LDAP part is this:
http://www.linuxmail.info/postfix-dovecot-ldap-centos-5/

You can also use PAM to connect to AD
(http://www.linuxmail.info/active-directory-dovecot-pam-authentication/)
but that way doesn't allow to retrieve custom fields from the AD (ex. a
field to set quota per user), so I'm using the standard LDAP method.

Regards

El 10/09/2015 a las 4:51, Mark Foley escribió:
> Fran and/or Matthias,
>
> Could you publish your doveconf -n? I can't get dovecot to authenticate with 
> my
> AD. Maybe you have a solution I could try.
>
> What mail client(s) are you using? I assume by "AD 2003/8" You mean SBS2003/8
> and are therefore using Outlook?
>
> --Mark
>
> -----Original Message-----
>> Date: Wed, 9 Sep 2015 17:22:34 +0200
>> From: Matthias Lay <matthias....@securepoint.de>
>> To: Dovecot Mailing List <dovecot@dovecot.org>
>> Subject: Re: My dovecot works fine against Active Directory 2003, but not
>>      against AD2008
>>
>>
>> hi,
>>
>> check your 
>>
>> /etc/openldap/ldap.conf
>>
>> for
>>
>> REFERRALS off
>>
>> I had this errors with "referrals on" in misconfigured dns environments.
>>
>>
>> you can debug the dns packets by strace-ing the auth process
>>
>>
>>
>>
>> On Tue, 8 Sep 2015 11:00:37 +0200
>> Fran <cumc-436...@chguadalquivir.es> wrote:
>>
>>> Hello,
>>>
>>> my dovecot installation has been working fine against AD till we
>>> upgrade from AD 2003 to AD 2008. As
>>> http://wiki2.dovecot.org/AuthDatabase/LDAP said, now I'm not able to
>>> connect AD through 389 port. The port 3268 works fine though.
>>>
>>> (...)
>>> Sep  7 19:02:05 <dovecotServer> dovecot: imap-login: Error:
>>> master(imap): Auth request timed out (received 0/12 bytes)
>>> Sep  7 19:02:05 <dovecotServer> dovecot: imap-login: Internal login
>>> failure (pid=4846 id=1) (internal failure, 1 successful auths):
>>> user=<<username>>, method=PLAIN, rip=<clientLAN_IP>,
>>> lip=<dovecotServer_IP>, TLS, session=<T+grMCsfqgAKHyZV>
>>> (...)
>>> Sep  7 19:02:06 <dovecotServer> dovecot: auth: Error:
>>> ldap(<username>,<clientLAN_IP>,<ZjyONSsf6QAKHyZV>): Connection appears
>>> to be hanging, reconnecting
>>> Sep  7 19:02:06 <dovecotServer> dovecot: auth: Error:
>>> ldap(<username>,<clientLAN_IP>,<T+grMCsfqgAKHyZV>): LDAP search
>>> returned multiple entries
>>> (...)
>>>
>>> Is there a technical reason for this problem? Does it exist any
>>> workaround?
>>>
>>> The use of Global Catalog (port 3268) is not a solution for me, since
>>> it misses many attributes. (ex. I use the field "initials" to set the
>>> quota and this field is not available through port 3268).
>>>
>>> I also noticed that, now, it uses any DC available in the domain, it
>>> doesn't care what I configured in "hosts = " parameter.
>>>
>>> This is using "hosts = dc03.domain:389":
>>> -----------------------------------------------
>>>
>>> [root@<dovecotServer> ~]# netstat -anp | grep dovecot | grep auth
>>> tcp       22      0 <dovecotServer_IP>:55217     
>>> <dc03.domain_IP>:389          ESTABLISHED 4872/dovecot/auth
>>> tcp       22      0 <dovecotServer_IP>:57645     
>>> <dc06.domain_IP>:389        ESTABLISHED 4872/dovecot/auth
>>> tcp        0      0 <dovecotServer_IP>:55216     
>>> <dc03.domain_IP>:389          ESTABLISHED 4872/dovecot/auth
>>>
>>> It looks like it does a look up for other domains controller (I don't
>>> know how nor why) and it connect aleatory to any DC in my domain (in
>>> this case dc06.domain, but it changes any time), additionally to the
>>> configured one (dc03.domain).
>>>
>>> This is using "hosts = dc03.domain:3268":
>>> ------------------------------------------------
>>> [root@<dovecotServer> ~]# netstat -anp | grep dovecot | grep auth
>>> tcp        0      0 <dovecotServer_IP>:58485     
>>> <dc03.domain_IP>:3268         ESTABLISHED 4982/dovecot/auth
>>>
>>> In this case, only the configured server in host parameter is used (I
>>> think this is the right behaviour)
>>>
>>>
>>> Aditional info:
>>> ---------------
>>> CentOS Linux release 7.0.1406 (Core)
>>>
>>> dovecot 2.2.10
>>>
>>> Build options: ioloop=epoll notify=inotify ipv6 openssl
>>> io_block_size=8192 Mail storages: shared mdbox sdbox maildir mbox
>>> cydir imapc pop3c raw fail SQL driver plugins: mysql postgresql sqlite
>>> Passdb: checkpassword ldap pam passwd passwd-file shadow sql
>>> Userdb: checkpassword ldap(plugin) nss passwd prefetch passwd-file sql
>>>
>>>
>>> My /etc/dovecot/dovecot-ldap.conf.ext
>>> --------------------------------------
>>> #hosts = dc03.domain:3268
>>> hosts = dc03.domain:389
>>> #uris = ldap://dc03.domain
>>> base = DC=domain
>>> #tls = yes
>>> tls = no
>>> ldap_version = 3
>>> auth_bind = yes
>>> auth_bind_userdn = %u@domain
>>> #auth_bind_userdn = DOMAIN\%u
>>> dn = cn=<user>,cn=Users,dc=domain
>>> dnpass = <password>
>>>
>>> #scope           = subtree
>>> #deref           = never
>>>
>>> user_filter     =
>>> (&(userPrincipalName=%u@domain)(objectClass=person)(|(mail=%u@<domain>)(othermailbox=%u@<domain>)))
>>> pass_filter     =
>>> (&(userPrincipalName=%u@domain)(objectClass=person)(|(mail=%u@<domain>)(othermailbox=%u@<domain>)))
>>> pass_attrs      = userPassword=password
>>> user_attrs      = Initials=quota_rule=*:storage=%$MB
>>> ---------------
>>>
>>>
>>> --------------------------
>>> Log trace using PORT 389:
>>> --------------------------
>>> Sep  7 19:00:35 <dovecotServer> dovecot: imap-login: Debug: SSL:
>>> elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges
>>> Sep  7 19:00:35 <dovecotServer> dovecot: imap-login: Debug: SSL:
>>> elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges
>>> Sep  7 19:00:35 <dovecotServer> dovecot: imap-login: Debug: SSL:
>>> where=0x10, ret=1: before/accept initialization [<clientLAN_IP>]
>>> Sep  7 19:00:35 <dovecotServer> dovecot: imap-login: Debug: SSL:
>>> where=0x2001, ret=1: before/accept initialization [<clientLAN_IP>]
>>> Sep  7 19:00:35 <dovecotServer> dovecot: imap-login: Debug: SSL:
>>> where=0x2001, ret=1: SSLv3 read client hello A [<clientLAN_IP>]
>>> Sep  7 19:00:35 <dovecotServer> dovecot: imap-login: Debug: SSL:
>>> where=0x2001, ret=1: SSLv3 write server hello A [<clientLAN_IP>]
>>> Sep  7 19:00:35 <dovecotServer> dovecot: imap-login: Debug: SSL:
>>> where=0x2001, ret=1: SSLv3 write certificate A [<clientLAN_IP>]
>>> Sep  7 19:00:35 <dovecotServer> dovecot: auth: Debug: Loading modules
>>> from directory: /usr/lib64/dovecot/auth
>>> Sep  7 19:00:35 <dovecotServer> dovecot: auth: Debug: Module loaded:
>>> /usr/lib64/dovecot/auth/libdriver_sqlite.so
>>> Sep  7 19:00:35 <dovecotServer> dovecot: auth: Debug: Loading modules
>>> from directory: /usr/lib64/dovecot/auth
>>> Sep  7 19:00:35 <dovecotServer> dovecot: auth: Debug: Module loaded:
>>> /usr/lib64/dovecot/auth/libauthdb_ldap.so
>>> Sep  7 19:00:35 <dovecotServer> dovecot: auth: Debug: Read auth token
>>> secret from /var/run/dovecot/auth-token-secret.dat
>>> Sep  7 19:00:35 <dovecotServer> dovecot: imap-login: Debug: SSL:
>>> where=0x2001, ret=1: SSLv3 write key exchange A [<clientLAN_IP>]
>>> Sep  7 19:00:35 <dovecotServer> dovecot: imap-login: Debug: SSL:
>>> where=0x2001, ret=1: SSLv3 write server done A [<clientLAN_IP>]
>>> Sep  7 19:00:35 <dovecotServer> dovecot: imap-login: Debug: SSL:
>>> where=0x2001, ret=1: SSLv3 flush data [<clientLAN_IP>]
>>> Sep  7 19:00:35 <dovecotServer> dovecot: imap-login: Debug: SSL:
>>> where=0x2002, ret=-1: SSLv3 read client certificate A [<clientLAN_IP>]
>>> Sep  7 19:00:35 <dovecotServer> dovecot: imap-login: Debug: SSL:
>>> where=0x2002, ret=-1: SSLv3 read client certificate A [<clientLAN_IP>]
>>> Sep  7 19:00:35 <dovecotServer> dovecot: auth: Debug: auth client
>>> connected (pid=4846)
>>> Sep  7 19:00:35 <dovecotServer> dovecot: imap-login: Debug: SSL:
>>> where=0x2001, ret=1: SSLv3 read client key exchange A [<clientLAN_IP>]
>>> Sep  7 19:00:35 <dovecotServer> dovecot: imap-login: Debug: SSL:
>>> where=0x2001, ret=1: SSLv3 read finished A [<clientLAN_IP>]
>>> Sep  7 19:00:35 <dovecotServer> dovecot: imap-login: Debug: SSL:
>>> where=0x2001, ret=1: SSLv3 write session ticket A [<clientLAN_IP>]
>>> Sep  7 19:00:35 <dovecotServer> dovecot: imap-login: Debug: SSL:
>>> where=0x2001, ret=1: SSLv3 write change cipher spec A [<clientLAN_IP>]
>>> Sep  7 19:00:35 <dovecotServer> dovecot: imap-login: Debug: SSL:
>>> where=0x2001, ret=1: SSLv3 write finished A [<clientLAN_IP>]
>>> Sep  7 19:00:35 <dovecotServer> dovecot: imap-login: Debug: SSL:
>>> where=0x2001, ret=1: SSLv3 flush data [<clientLAN_IP>]
>>> Sep  7 19:00:35 <dovecotServer> dovecot: imap-login: Debug: SSL:
>>> where=0x20, ret=1: SSL negotiation finished successfully
>>> [<clientLAN_IP>] Sep  7 19:00:35 <dovecotServer> dovecot: imap-login:
>>> Debug: SSL: where=0x2002, ret=1: SSL negotiation finished
>>> successfully [<clientLAN_IP>] Sep  7 19:00:35 <dovecotServer>
>>> dovecot: auth: Debug: client in: AUTH 1       PLAIN   service=imap
>>> secured session=T+grMCsfqgAKHyZV lip=<dovecotServer_IP>
>>> rip=<clientLAN_IP> lport=993       rport=59818 Sep  7 19:00:35
>>> <dovecotServer> dovecot: auth: Debug: client passdb out: CONT  1
>>> Sep  7 19:00:35 <dovecotServer> dovecot: auth: Debug: client in: CONT 
>>> 1       AEN1bWMtNDM2MS0yLXBydWViYQBDb3JyZW9DaGcuMTIzNDU2 (previous
>>> base64 data may contain sensitive data)
>>> Sep  7 19:00:35 <dovecotServer> dovecot: auth: Debug: client passdb
>>> out: OK    1       user=<username>
>>> Sep  7 19:00:35 <dovecotServer> dovecot: auth: Debug: master in:
>>> REQUEST       4142792705      4846    1      
>>> cb2115241ccfd81959c15122ec062a8b       session_pid=4849       
>>> request_auth_token
>>> Sep  7 19:00:35 <dovecotServer> dovecot: auth: Debug:
>>> ldap(<username>,<clientLAN_IP>,<T+grMCsfqgAKHyZV>): user search:
>>> base=DC=domain scope=subtree
>>> filter=(&(userPrincipalName=<username>@domain)(objectClass=person)(|(mail=<username>@<domain>)(othermailbox=<username>@<domain>)))
>>> fields=Initials
>>>
>>> Sep  7 19:02:05 <dovecotServer> dovecot: imap-login: Error:
>>> master(imap): Auth request timed out (received 0/12 bytes)
>>> Sep  7 19:02:05 <dovecotServer> dovecot: imap-login: Internal login
>>> failure (pid=4846 id=1) (internal failure, 1 successful auths):
>>> user=<<username>>, method=PLAIN, rip=<clientLAN_IP>,
>>> lip=<dovecotServer_IP>, TLS, session=<T+grMCsfqgAKHyZV>
>>> Sep  7 19:02:05 <dovecotServer> dovecot: auth: Debug: client in:
>>> CANCEL        1
>>> Sep  7 19:02:05 <dovecotServer> dovecot: imap-login: Debug: SSL alert:
>>> close notify [<clientLAN_IP>]
>>> Sep  7 19:02:05 <dovecotServer> dovecot: imap: Error: Login client
>>> disconnected too early
>>> Sep  7 19:02:05 <dovecotServer> dovecot: imap-login: Debug: SSL:
>>> elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges
>>> Sep  7 19:02:05 <dovecotServer> dovecot: imap-login: Debug: SSL:
>>> elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges
>>> Sep  7 19:02:05 <dovecotServer> dovecot: auth: Debug: auth client
>>> connected (pid=4868)
>>> Sep  7 19:02:05 <dovecotServer> dovecot: imap-login: Debug: SSL:
>>> where=0x10, ret=1: before/accept initialization [<clientLAN_IP>]
>>> Sep  7 19:02:05 <dovecotServer> dovecot: imap-login: Debug: SSL:
>>> where=0x2001, ret=1: before/accept initialization [<clientLAN_IP>]
>>> Sep  7 19:02:05 <dovecotServer> dovecot: imap-login: Debug: SSL:
>>> where=0x2001, ret=1: SSLv3 read client hello A [<clientLAN_IP>]
>>> Sep  7 19:02:05 <dovecotServer> dovecot: imap-login: Debug: SSL:
>>> where=0x2001, ret=1: SSLv3 write server hello A [<clientLAN_IP>]
>>> Sep  7 19:02:05 <dovecotServer> dovecot: imap-login: Debug: SSL:
>>> where=0x2001, ret=1: SSLv3 write certificate A [<clientLAN_IP>]
>>> Sep  7 19:02:05 <dovecotServer> dovecot: imap-login: Debug: SSL:
>>> where=0x2001, ret=1: SSLv3 write key exchange A [<clientLAN_IP>]
>>> Sep  7 19:02:05 <dovecotServer> dovecot: imap-login: Debug: SSL:
>>> where=0x2001, ret=1: SSLv3 write server done A [<clientLAN_IP>]
>>> Sep  7 19:02:05 <dovecotServer> dovecot: imap-login: Debug: SSL:
>>> where=0x2001, ret=1: SSLv3 flush data [<clientLAN_IP>]
>>> Sep  7 19:02:05 <dovecotServer> dovecot: imap-login: Debug: SSL:
>>> where=0x2002, ret=-1: SSLv3 read client certificate A [<clientLAN_IP>]
>>> Sep  7 19:02:05 <dovecotServer> dovecot: imap-login: Debug: SSL:
>>> where=0x2002, ret=-1: SSLv3 read client certificate A [<clientLAN_IP>]
>>> Sep  7 19:02:05 <dovecotServer> dovecot: imap-login: Debug: SSL:
>>> where=0x2001, ret=1: SSLv3 read client key exchange A [<clientLAN_IP>]
>>> Sep  7 19:02:05 <dovecotServer> dovecot: imap-login: Debug: SSL:
>>> where=0x2001, ret=1: SSLv3 read finished A [<clientLAN_IP>]
>>> Sep  7 19:02:05 <dovecotServer> dovecot: imap-login: Debug: SSL:
>>> where=0x2001, ret=1: SSLv3 write session ticket A [<clientLAN_IP>]
>>> Sep  7 19:02:05 <dovecotServer> dovecot: imap-login: Debug: SSL:
>>> where=0x2001, ret=1: SSLv3 write change cipher spec A [<clientLAN_IP>]
>>> Sep  7 19:02:05 <dovecotServer> dovecot: imap-login: Debug: SSL:
>>> where=0x2001, ret=1: SSLv3 write finished A [<clientLAN_IP>]
>>> Sep  7 19:02:05 <dovecotServer> dovecot: imap-login: Debug: SSL:
>>> where=0x2001, ret=1: SSLv3 flush data [<clientLAN_IP>]
>>> Sep  7 19:02:05 <dovecotServer> dovecot: imap-login: Debug: SSL:
>>> where=0x20, ret=1: SSL negotiation finished successfully
>>> [<clientLAN_IP>] Sep  7 19:02:05 <dovecotServer> dovecot: imap-login:
>>> Debug: SSL: where=0x2002, ret=1: SSL negotiation finished
>>> successfully [<clientLAN_IP>] Sep  7 19:02:06 <dovecotServer>
>>> dovecot: auth: Debug: client in: AUTH 1       PLAIN   service=imap
>>> secured session=ZjyONSsf6QAKHyZV lip=<dovecotServer_IP>
>>> rip=<clientLAN_IP> lport=993       rport=59881 Sep  7 19:02:06
>>> <dovecotServer> dovecot: auth: Debug: client passdb out: CONT  1
>>> Sep  7 19:02:06 <dovecotServer> dovecot: auth: Debug: client in: CONT 
>>> 1       AEN1bWMtNDM2MS0yLXBydWViYQBDb3JyZW9DaGcuMTIzNDU2 (previous
>>> base64 data may contain sensitive data)
>>> Sep  7 19:02:06 <dovecotServer> dovecot: auth: Error:
>>> ldap(<username>,<clientLAN_IP>,<ZjyONSsf6QAKHyZV>): Connection appears
>>> to be hanging, reconnecting
>>> Sep  7 19:02:06 <dovecotServer> dovecot: auth: Error:
>>> ldap(<username>,<clientLAN_IP>,<T+grMCsfqgAKHyZV>): LDAP search
>>> returned multiple entries
>>>
>>> Sep  7 19:03:10 <dovecotServer> dovecot: imap: Error: Auth server
>>> request timed out after 155 secs (client-pid=4846 client-id=1)
>>>
>>> Sep  7 19:04:18 <dovecotServer> dovecot: imap-login: Debug: SSL alert:
>>> close notify [<clientLAN_IP>]
>>> Sep  7 19:04:18 <dovecotServer> dovecot: imap-login: Debug: SSL alert:
>>> close notify [<clientLAN_IP>]
>>>
>>> Sep  7 19:04:36 <dovecotServer> dovecot: auth: Error:
>>> PLAIN(<username>,<clientLAN_IP>,<ZjyONSsf6QAKHyZV>): Request 4868.1
>>> timed out after 150 secs, state=1
>>>
>>> Sep  7 19:05:05 <dovecotServer> dovecot: imap-login: Disconnected:
>>> Inactivity during authentication (disconnected while authenticating,
>>> waited 179 secs): user=<>, method=PLAIN, rip=<clientLAN_IP>,
>>> lip=<dovecotServer_IP>, TLS, session=<ZjyONSsf6QAKHyZV>
>>> Sep  7 19:05:05 <dovecotServer> dovecot: auth: Debug: client in:
>>> CANCEL
>>>
>>> Sep  7 19:06:06 <dovecotServer> dovecot: auth:
>>> ldap(<username>,<clientLAN_IP>,<T+grMCsfqgAKHyZV>): Shutting down
>>> Sep  7 19:06:06 <dovecotServer> dovecot: auth: Debug: master userdb
>>> out: FAIL  4142792705
>>> Sep  7 19:06:06 <dovecotServer> dovecot: auth:
>>> ldap(<username>,<clientLAN_IP>,<ZjyONSsf6QAKHyZV>): Shutting down
>>> Sep  7 19:06:06 <dovecotServer> dovecot: auth: Debug: client passdb
>>> out: FAIL  1       user=<username> temp
>>>
>>>
>>>
>>>
>>> --------------------------
>>> Log trace using PORT 3268:
>>> --------------------------
>>> Sep  7 19:33:07 <dovecotServer> dovecot: imap-login: Debug: SSL:
>>> elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges
>>> Sep  7 19:33:07 <dovecotServer> dovecot: imap-login: Debug: SSL:
>>> elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges
>>> Sep  7 19:33:07 <dovecotServer> dovecot: imap-login: Debug: SSL:
>>> where=0x10, ret=1: before/accept initialization [<clientLAN_IP>]
>>> Sep  7 19:33:07 <dovecotServer> dovecot: imap-login: Debug: SSL:
>>> where=0x2001, ret=1: before/accept initialization [<clientLAN_IP>]
>>> Sep  7 19:33:07 <dovecotServer> dovecot: imap-login: Debug: SSL:
>>> where=0x2001, ret=1: SSLv3 read client hello A [<clientLAN_IP>]
>>> Sep  7 19:33:07 <dovecotServer> dovecot: imap-login: Debug: SSL:
>>> where=0x2001, ret=1: SSLv3 write server hello A [<clientLAN_IP>]
>>> Sep  7 19:33:07 <dovecotServer> dovecot: imap-login: Debug: SSL:
>>> where=0x2001, ret=1: SSLv3 write certificate A [<clientLAN_IP>]
>>> Sep  7 19:33:07 <dovecotServer> dovecot: auth: Debug: Loading modules
>>> from directory: /usr/lib64/dovecot/auth
>>> Sep  7 19:33:07 <dovecotServer> dovecot: auth: Debug: Module loaded:
>>> /usr/lib64/dovecot/auth/libdriver_sqlite.so
>>> Sep  7 19:33:07 <dovecotServer> dovecot: auth: Debug: Loading modules
>>> from directory: /usr/lib64/dovecot/auth
>>> Sep  7 19:33:07 <dovecotServer> dovecot: auth: Debug: Module loaded:
>>> /usr/lib64/dovecot/auth/libauthdb_ldap.so
>>> Sep  7 19:33:07 <dovecotServer> dovecot: auth: Debug: Read auth token
>>> secret from /var/run/dovecot/auth-token-secret.dat
>>> Sep  7 19:33:07 <dovecotServer> dovecot: imap-login: Debug: SSL:
>>> where=0x2001, ret=1: SSLv3 write key exchange A [<clientLAN_IP>]
>>> Sep  7 19:33:07 <dovecotServer> dovecot: imap-login: Debug: SSL:
>>> where=0x2001, ret=1: SSLv3 write server done A [<clientLAN_IP>]
>>> Sep  7 19:33:07 <dovecotServer> dovecot: imap-login: Debug: SSL:
>>> where=0x2001, ret=1: SSLv3 flush data [<clientLAN_IP>]
>>> Sep  7 19:33:07 <dovecotServer> dovecot: imap-login: Debug: SSL:
>>> where=0x2002, ret=-1: SSLv3 read client certificate A [<clientLAN_IP>]
>>> Sep  7 19:33:07 <dovecotServer> dovecot: imap-login: Debug: SSL:
>>> where=0x2002, ret=-1: SSLv3 read client certificate A [<clientLAN_IP>]
>>> Sep  7 19:33:07 <dovecotServer> dovecot: auth: Debug: auth client
>>> connected (pid=4971)
>>> Sep  7 19:33:07 <dovecotServer> dovecot: imap-login: Debug: SSL:
>>> where=0x2001, ret=1: SSLv3 read client key exchange A [<clientLAN_IP>]
>>> Sep  7 19:33:07 <dovecotServer> dovecot: imap-login: Debug: SSL:
>>> where=0x2001, ret=1: SSLv3 read finished A [<clientLAN_IP>]
>>> Sep  7 19:33:07 <dovecotServer> dovecot: imap-login: Debug: SSL:
>>> where=0x2001, ret=1: SSLv3 write session ticket A [<clientLAN_IP>]
>>> Sep  7 19:33:07 <dovecotServer> dovecot: imap-login: Debug: SSL:
>>> where=0x2001, ret=1: SSLv3 write change cipher spec A [<clientLAN_IP>]
>>> Sep  7 19:33:07 <dovecotServer> dovecot: imap-login: Debug: SSL:
>>> where=0x2001, ret=1: SSLv3 write finished A [<clientLAN_IP>]
>>> Sep  7 19:33:07 <dovecotServer> dovecot: imap-login: Debug: SSL:
>>> where=0x2001, ret=1: SSLv3 flush data [<clientLAN_IP>]
>>> Sep  7 19:33:07 <dovecotServer> dovecot: imap-login: Debug: SSL:
>>> where=0x20, ret=1: SSL negotiation finished successfully
>>> [<clientLAN_IP>] Sep  7 19:33:07 <dovecotServer> dovecot: imap-login:
>>> Debug: SSL: where=0x2002, ret=1: SSL negotiation finished
>>> successfully [<clientLAN_IP>] Sep  7 19:33:08 <dovecotServer>
>>> dovecot: auth: Debug: client in: AUTH 1       PLAIN   service=imap
>>> secured session=FAKKpCsf0AAKHyZV lip=<dovecotServer_IP>
>>> rip=<clientLAN_IP> lport=993       rport=61648 Sep  7 19:33:08
>>> <dovecotServer> dovecot: auth: Debug: client passdb out: CONT  1
>>> Sep  7 19:33:08 <dovecotServer> dovecot: auth: Debug: client in: CONT 
>>> 1       AEN1bWMtNDM2MS0yAGZvcnRpbmV0LjIwMTQ= (previous base64 data may
>>> contain sensitive data)
>>> Sep  7 19:33:08 <dovecotServer> dovecot: auth: Debug: client passdb
>>> out: OK    1       user=<username>
>>> Sep  7 19:33:08 <dovecotServer> dovecot: auth: Debug: master in:
>>> REQUEST       3261071361      4971    1      
>>> 4755688f0bdd33a0fadcc5d3b8664e61       session_pid=4974       
>>> request_auth_token
>>> Sep  7 19:33:08 <dovecotServer> dovecot: auth: Debug:
>>> ldap(<username>,<clientLAN_IP>,<FAKKpCsf0AAKHyZV>): user search:
>>> base=DC=domain scope=subtree
>>> filter=(&(userPrincipalName=<username>@domain)(objectClass=person)(|(mail=<username>@<domain>)(othermailbox=<username>@<domain>)))
>>> fields=Initials
>>>
>>> [Here start the difference between 389 and 3268 ports]
>>>
>>> Sep  7 19:33:08 <dovecotServer> dovecot: auth: Debug:
>>> ldap(<username>,<clientLAN_IP>,<FAKKpCsf0AAKHyZV>): no fields returned
>>> by the server
>>>
>>> [Next line you can see missing attributes, due to I'm using port 3268]
>>>
>>> Sep  7 19:33:08 <dovecotServer> dovecot: auth: Debug:
>>> ldap(<username>,<clientLAN_IP>,<FAKKpCsf0AAKHyZV>): result:  Initials
>>> missing    
>>> Sep  7 19:33:08 <dovecotServer> dovecot: auth: Debug: master userdb
>>> out: USER  3261071361      <username>     uid=1000
>>> gid=1000 home=/home/mailstorage/<domain>/<username> 
>>> auth_token=9191cdf475600f0a47e185bb65817c0e0f495894
>>> Sep  7 19:33:08 <dovecotServer> dovecot: imap-login: Login:
>>> user=<<username>>, method=PLAIN, rip=<clientLAN_IP>,
>>> lip=<dovecotServer_IP>, mpid=4974, TLS, session=<FAKKpCsf0AAKHyZV>
>>> Sep  7 19:33:08 <dovecotServer> dovecot: imap: Debug: Loading modules
>>> from directory: /usr/lib64/dovecot
>>> Sep  7 19:33:08 <dovecotServer> dovecot: imap: Debug: Module loaded:
>>> /usr/lib64/dovecot/lib10_quota_plugin.so
>>> Sep  7 19:33:08 <dovecotServer> dovecot: imap: Debug: Module loaded:
>>> /usr/lib64/dovecot/lib11_imap_quota_plugin.so
>>> Sep  7 19:33:08 <dovecotServer> dovecot: imap(<username>): Debug:
>>> Effective uid=1000, gid=1000,
>>> home=/home/mailstorage/<domain>/<username> Sep  7 19:33:08
>>> <dovecotServer> dovecot: imap(<username>): Debug: Quota root:
>>> name=CuotaUsuario backend=maildir args= Sep  7 19:33:08
>>> <dovecotServer> dovecot: imap(<username>): Debug: Quota rule:
>>> root=CuotaUsuario mailbox=* bytes=2097152 messages=0 Sep  7 19:33:08
>>> <dovecotServer> dovecot: imap(<username>): Debug: Quota grace:
>>> root=CuotaUsuario bytes=209715 (10%) Sep  7 19:33:08 <dovecotServer>
>>> dovecot: imap(<username>): Debug: Namespace inbox: type=private,
>>> prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes
>>> location=maildir:~/Maildir Sep  7 19:33:08 <dovecotServer> dovecot:
>>> imap(<username>): Debug: maildir++:
>>> root=/home/mailstorage/<domain>/<username>/Maildir, index=,
>>> indexpvt=, control=,
>>> inbox=/home/mailstorage/<domain>/<username>/Maildir, alt=

-- 
Fran Márquez
Servicio de Informática - Sistemas y Comunicaciones
Confederación Hidrográfica del Guadalquivir
Tel.: 955.637.616
E-mail: cumc-436...@chguadalquivir.es
www.chguadalquivir.es

hosts = dc03.dom dc04.dom dc05.dom

base = dc=dom

ldap_version = 3 
scope           = subtree
deref           = never

debug_level = -1

auth_bind = yes
auth_bind_userdn = %n@dom
dn = cn=user_for_bind,cn=Users,dc=dom
dnpass = ************

user_filter     = 
(&(userPrincipalName=%u@dom)(objectClass=person)(|(mail=%u...@name.dom)(othermailbox=%u...@name.dom)))
user_attrs      = quotaFieldAD=quota_rule=*:storage=%$MB

pass_filter     = 
(&(userPrincipalName=%u@dom)(objectClass=person)(|(mail=%u...@name.dom)(othermailbox=%u...@name.dom)))
pass_attrs      = userPassword=password

# 2.2.10: /etc/dovecot/dovecot.conf
# OS: Linux 3.10.0-229.11.1.el7.x86_64 x86_64 CentOS Linux release 7.1.1503 
(Core)  
auth_debug = yes
auth_debug_passwords = yes
auth_mechanisms = plain login
auth_username_format = %Ln
auth_verbose = yes
auth_verbose_passwords = plain
mail_debug = yes
mail_gid = vmail
mail_home = /home/vmail/name.dom/%Lu
mail_location = maildir:~/Maildir
mail_plugins = " quota"
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character 
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy 
include variables body enotify environment mailbox date ihave
mbox_write_locks = fcntl
namespace inbox {
  inbox = yes
  location = 
  mailbox Drafts {
    auto = subscribe
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    auto = subscribe
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Spam {
    auto = subscribe
    special_use = \Junk
  }
  mailbox Trash {
    auto = subscribe
    special_use = \Trash
  }
  prefix = 
  type = private
}
passdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
plugin {
  quota = maildir:UserQuote
  quota_exceeded_message = Quota exceeded, please go to 
http://www.example.com/over_quota_help for instructions on how to fix this.
  quota_grace = 10%%
  quota_rule = *:storage=2MB
  quota_status_nouser = DUNNO
  quota_status_overquota = 552 5.2.2 Mailbox is full
  quota_status_success = DUNNO
  sieve = ~/.dovecot.sieve
  sieve_dir = ~/sieve
}
protocols = imap lmtp
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0666
    user = postfix
  }
}
service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
    group = postfix
    mode = 0666
    user = postfix
  }
}
service quota-status {
  client_limit = 1
  executable = quota-status -p postfix
  inet_listener {
    port = 37555
  }
}
ssl = required
ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
ssl_key = </etc/pki/dovecot/private/dovecot.pem
ssl_protocols = !SSLv2 !SSLv3
userdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
verbose_ssl = yes
protocol imap {
  mail_plugins = " quota imap_quota"
}

Re: My dovecot works fine against Active Directory 2003, but not against AD2008

Reply via email to