Hi,
On 11.07.24 03:34, hkhk_exact10 via dovecot wrote:
I am using a bind account for AD authentication and the users are not posix
accounts. I am not using the ssl cert as its not available, so disabling
it. I have used the similar settings with saslauthd+postfix and it worked,
not sure what am I doing wrong with configurations..
My configuration is as follows:
# cat /etc/dovecot/dovecot-ldap.conf.ext
uris = ldaps://10.1.85.11
dn =
CN=s_linux_bind,OU=Global,OU=Services,OU=Accounts,OU=root,DC=example,DC=com
dnpass = xxxxx
auth_bind = yes
tls_require_cert = never
debug_level = 1
ldap_version = 3
base = dc=example,dc=com
scope = subtree
deref = never
user_filter = (&(objectClass=user)(sAMAccountName=%u))
Just a quick look (probably not the only issue but a start)
1) maybe a missing
pass_filter = (&(objectClass=user)(sAMAccountName=%u))
? See
https://doc.dovecot.org/configuration_manual/authentication/ldap_settings_auth/#user-filter
and
https://doc.dovecot.org/configuration_manual/authentication/ldap_settings_auth/#ldap-settings-auth-pass-filter
2) dn = <linebreak> comes from mail formatting? If not, strip it:
dn = CN=[...]
--
Regards,
Andreas Haerter
foundata GmbH
Steinhäuserstr. 20
76135 Karlsruhe
Sitz der Gesellschaft: Karlsruhe
Registergericht: Amtsgericht Mannheim, HRB 714807
Geschäftsführung: Andreas Haerter
USt-IdNr.: DE284122682
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
