Hi,
Not much time to reply now.
On 12/05/2017 05:21 AM, Mark Foley wrote:
mj - thanks! That the first useful example I've received from any forum/list.
I'm getting ready
to try my config (have to do so after hours), but I have some probably
simple-minded questions:
Well, that looks as if you are testing/trying out on your production
machine. Why not setup a seperate (virtual?) test server to play with..?
Use the same os version, with the same dovecot version.
Or clone your production machine, so you can test as much as you like,
without time pressure, at any given time.
Your example is not the complete dovecot-ldap.conf.ext file, right? Have you
just given me
differences in your config from the "original"? You've kept the hosts, base,
ldap_version,
scope, deref, debug_level, and auth_bind_userdn settings in your config, right?
Not the complete file, no. I just provided the essentials.
Your dn is:
dn = cn=search_dovecit,cn=users,dc=company,dc=com
Mine (original) is:
dn = cn=user_for_bind,cn=Users,dc=dom
Can you tell me why you have "search_dovecit" versus "user_for_bind"? Is that
something I need
in order to make this work?
It's the user that dovecot uses to search for your user, Can be
anything, as long as it can authenticate using the password in:
My dnpass (original) is:
dnpass = ************
your example is:
dnpass = top_secret
Use the password of whatever user you use.
If meta, what is actually supposed to go there?
The password of user_for_bind
With your "this user/passwd filter". Can you tell me why you have
"userAccountControl=514"? Is
that 514 bit documented somewhere? Your user_filer/pass_filter is *completely*
different from
my installed original.
https://social.msdn.microsoft.com/Forums/vstudio/en-US/77f48af7-bbef-4cd7-9c83-d9359b255534/ldap-query-get-nonlockeddisabled-accounts?forum=netfxbcl
For the rest: my advise is that you *really* need to pay around with
this much more. Get yourself a test environment, and play and test.
Plus: read some dovecot/ad howto's, and try things in your own environment.
Quick google returns:
https://www.howtoforge.com/postfix-dovecot-authentication-against-active-directory-on-centos-5.x
Enjoy :-)
MJ
