On Tue, 24 Nov 2020 at 14:51, Aki Tuomi <aki.tu...@open-xchange.com> wrote:
> > > On 24/11/2020 13:20 Odhiambo Washington <odhia...@gmail.com> wrote: > > > > > > > > > > > > On Sun, 22 Nov 2020 at 15:08, Odhiambo Washington <odhia...@gmail.com> > wrote: > > > Hi, > > > > > > I have setup samba4 as AD and hoping to have dovecot authenticate > users against it. I am facing challenges though and I am unable to figure > it out. > > > I could do with a third eye to help me spot what is wrong. > > > > > > > > > > > > root@adc0:/etc# doveadm auth test -x service=imap > odhiambo@newideatest.local > > > Password: > > > passdb: odhiambo@newideatest.local auth failed > > > extra fields: > > > > > > info.log: > > > > > > Nov 22 14:31:08 auth: Info: > > > > > > > > Here is my doveconf -n: > > > > > > https://paste.ubuntu.com/p/SPmrxZxHPx/ > > > > > > My dovecot-ldap.cont.ext: > > > > > > uris = ldap://localhost/ > > > dn = "dovecot@newideatest.local" > > > dnpass = "XXXXXXXX" > > > sasl_bind = no > > > tls = no > > > ldap_version = 3 > > > deref = never > > > scope = subtree > > > base = cn=Users,dc=NEWIDEATEST,dc=LOCAL > > > auth_bind = yes > > > user_filter = > (&(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(|(mail=%u)(sAMAccountName=%u)(otherMailbox=%u))) > > > user_attrs = > sAMAccountName=user,userPassword=password,=mail=maildir:/home/%n/Maildir/ > > > pass_filter = > (&(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(sAMAccountName=%u)) > > > pass_attrs = sAMAccountName=user,userPassword=password > > > > > > The use exists in the database: > > > > > > > > > For the record, this is what I finally came up with that worked - > dovecot-ldap.conf.ext: > > > > > > ##### BEGIN > > uris = ldap://localhost/ > > dn = "dovecot@newideatest.local" > > dnpass = "verystupid" > > sasl_bind = no > > tls = no > > ldap_version = 3 > > deref = never > > scope = subtree > > base = cn=Users,dc=NEWIDEATEST,dc=LOCAL > > auth_bind = yes > > You probably would want to set this to 'no', it causes dovecot to rebind > after authentication. This is not required when you can return password from LDAP, it is only required when you have to do first a lookup and then > authenticate as the user to verify password. > Hello Aki, Thanks for looking at this. In my case, when I change to "auth_bind = no", then this happens: root@adc0:/etc/dovecot# telnet 0 143 Trying 0.0.0.0... Connected to 0. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot (Ubuntu) ready. 1 login odhiambo@newideatest.local XXXXXXX 1 NO [AUTHENTICATIONFAILED] Authentication failed. 1 logout Auth succeeds though when I have it set to "yes". My conf.d/auth-ldap.conf.ext contains: passdb { driver = ldap args = /etc/dovecot/dovecot-ldap.conf.ext } userdb { driver = static args = uid=Debian-exim gid=Debian-exim home=/var/spool/virtual/%Ld/%Ln } How can I return the password from LDAP? I'd be happy to know what I need to do so that I can use your suggestion. This LDAP stuff is still quite some "greek" to me. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", grep ^[^#] :-)
