-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sun, 20 Nov 2016, Nikolai Lusan wrote:
# grep -v '^ *\(#.*\)\?$' /etc/dovecot/ldap/maliuta.org-ldap.conf.ext uris = ldap://localhost dn = cn=admin,dc=maliuta,dc=org dnpass = <secret> tls = yes tls_ca_cert_dir = /etc/ssl/certs auth_bind = no ldap_version = 3 base = ou=mail,dc=mailuta,dc=org scope = subtree default_pass_scheme = SSHA deref = never user_attrs = postfixDeliveryAddress=user user_filter = (&(postfixDeliveryEnabled=TRUE)(objectClass=postfixMailPerson)) pass_attrs = postfixDeliveryAddress=user,userPassword=password pass_filter = (&(postfixDeliveryEnabled=TRUE)(objectClass=postfixMailPerson)(postfixD eliveryAddress=%u))
Your userdb and passdb filter differ, user_filter is missing the (a / some) %u part
iterate_attrs = uid=user iterate_filter = (objectClass=postfixMailPerson) # ldapsearch -H ldap://localhost:389 -x -D 'cn=admin,dc=maliuta,dc=org' -W -b "ou=mail,dc=maliuta,dc=org" -s sub -LLL -ZZ '(&(postfixDeliveryEnabled=TRUE)(objectClass=postfixMailPerson)(postfixDeliveryAddress=niko...@test.maliuta.org))' uid userPassword Enter LDAP Password: dn: mail=niko...@test.maliuta.org,ou=mail,dc=maliuta,dc=org uid: nikolai userPassword:: e1NTSEF9QVBZMTlaeGw1cWd0a25XeGxURXdqM2g5Yk5YL3BxOGY= ## From /var/log/mail.log Nov 20 07:24:20 kiliya dovecot: auth: Debug: auth client connected (pid=27086) Nov 20 07:24:20 kiliya dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=imap#011secured#011session=1kW2C65BFI2WZbl8#011lip=<local_ip>#011rip=<remote_ip>#011lport=143#011rport=36116#011local_name=<hostname>#011resp=AG5pa29sYWlAdGVzdC5tYWxpdXRhLm9yZwBmb29iYXIzMzQ0 (previous base64 data may contain sensitive data) Nov 20 07:24:20 kiliya dovecot: auth: Debug: ldap(niko...@test.maliuta.org,<remote_ip>,<1kW2C65BFI2WZbl8>): cache miss Nov 20 07:24:20 kiliya dovecot: auth: Debug: ldap(niko...@test.maliuta.org,<remote_ip,<1kW2C65BFI2WZbl8>): pass search: base=ou=mail,dc=mailuta,dc=org scope=subtree filter=(&(postfixDeliveryEnabled=TRUE)(objectClass=postfixMailPerson)(postfixDeliveryAddress=niko...@test.maliuta.org)) fields=postfixDeliveryAddress,userPassword Nov 20 07:24:20 kiliya dovecot: auth: ldap(niko...@test.maliuta.org,<remote_ip>,<1kW2C65BFI2WZbl8>): unknown user (given password: <correct_password>) Nov 20 07:24:22 kiliya dovecot: auth: Debug: client passdb out: FAIL#0111#011user=niko...@test.maliuta.org
- -- Steffen Kaiser
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBWDROvHz1H7kL/d9rAQIujAgAumoghZV5Wo7ONK/Uncoa6iVB30NP0D5m SdU/a++El5bLeiyKcdKoLkIqD74ZcFGjwImhRtd2Y8jroaGA15lK8HRRgJCERBKf Nr/ZQ5B4Nhbig8ETwYYrJi2KOGkKMGQyXaSHxxlXmVKNFBrWmxo8SRqa0V39KYUB pH9hVSNheHCkqpV6iS6JXnOmjXvguVtyB8ezA1zdrVfytMLL04oRKmK3Zn5s5JrO M3mfArDdVitTad5r7stf9QOBR6xMG6rNBs+2WaEuJZV7/Dlln6fcd5IbhO/X0poN pJIJ42VLirIMqAMLCRA7OWDjQcxbBFEAPAbaDh3O/pPRL/IXPJxjyw== =AxPt -----END PGP SIGNATURE-----
