Hi All,
Can anyone help me with this?
Regards,
Sandeep
On Thu, Jul 11, 2024 at 11:34 AM hkhk_exact10 <hkhkex...@gmail.com> wrote:
> Hi All,
>
> I am trying to setup AD auth with dovecot and have tried a lot of options
> but still no success.
>
> I am using a bind account for AD authentication and the users are not
> posix accounts. I am not using the ssl cert as its not available, so
> disabling it. I have used the similar settings with saslauthd+postfix and
> it worked, not sure what am I doing wrong with configurations..
>
> My configuration is as follows:
>
> # dovecot --version
> 2.3.16 (7e2e900c1a)
> # dovecot -n
> # 2.3.16 (7e2e900c1a): /etc/dovecot/dovecot.conf
> # OS: Linux 5.14.0-474.el9.x86_64 x86_64 CentOS Stream release 9
> # Hostname: mail-centos.example.com
> auth_mechanisms = plain login
> first_valid_uid = 1000
> listen = *
> mail_location = maildir:~/Maildir
> mbox_write_locks = fcntl
> namespace inbox {
> inbox = yes
> location =
> mailbox Drafts {
> special_use = \Drafts
> }
> mailbox Junk {
> special_use = \Junk
> }
> mailbox Sent {
> special_use = \Sent
> }
> mailbox "Sent Messages" {
> special_use = \Sent
> }
> mailbox Trash {
> special_use = \Trash
> }
> prefix =
> }
> passdb {
> args = /etc/dovecot/dovecot-ldap.conf.ext
> driver = ldap
> }
> service auth {
> unix_listener /var/spool/postfix/private/auth {
> mode = 0666
> }
> }
> service pop3-login {
> process_limit = 500
> }
> service submission-login {
> inet_listener submission {
> port = 587
> }
> }
> ssl_cert = </etc/ssl/example.com/server.pem
> ssl_cipher_list = PROFILE=SYSTEM
> ssl_key = # hidden, use -P to show it
> userdb {
> args = /etc/dovecot/dovecot-ldap.conf.ext
> driver = ldap
> }
>
> ------------------
> # cat /etc/dovecot/dovecot-ldap.conf.ext
> uris = ldaps://10.1.85.11
> dn =
> CN=s_linux_bind,OU=Global,OU=Services,OU=Accounts,OU=root,DC=example,DC=com
> dnpass = xxxxx
> auth_bind = yes
> tls_require_cert = never
> debug_level = 1
> ldap_version = 3
> base = dc=example,dc=com
> scope = subtree
> deref = never
> user_filter = (&(objectClass=user)(sAMAccountName=%u))
>
> ---------------
>
> Error logs:
> dovecot[6600]: auth: Error: ** ld 0x556695138d90 Outstanding Requests:
> dovecot[6600]: auth: Error: * msgid 2, origid 2, status RequestCompleted
> dovecot[6600]: auth: Error: outstanding referrals 2, parent count 2
> dovecot[6600]: auth: Error: * msgid 3, origid 2, status InProgress
> dovecot[6600]: auth: Error: outstanding referrals 0, parent count 2
> dovecot[6600]: auth: Error: * msgid 5, origid 2, status InProgress
> dovecot[6600]: auth: Error: outstanding referrals 0, parent count 1
> dovecot[6600]: auth: Error: ld 0x556695138d90 request count 3
> (abandoned 0)
> dovecot[6600]: auth: Error: ** ld 0x556695138d90 Response Queue:
> dovecot[6600]: auth: Error: Empty
> dovecot[6600]: auth: Error: ld 0x556695138d90 response count 0
> dovecot[6600]: auth: Error: ldap_chkResponseList ld 0x556695138d90 msgid
> -1 all 0
> dovecot[6600]: auth: Error: ldap_chkResponseList returns ld
> 0x556695138d90 NULL
> dovecot[6600]: auth: Error: ldap_int_select
> postfix/submission/smtpd[6602]: warning: unknown[10.1.70.75]: SASL LOGIN
> authentication failed: Connection lost to authentication server
> postfix/submission/smtpd[6602]: disconnect from unknown[10.1.70.75]
> ehlo=2 starttls=1 auth=0/1 quit=1 commands=4/5
>
>
> Attaching the detailed error logs.
>
> ---------
> saslauthd settings which worked:
> # cat /etc/saslauthd.conf
> ldap_servers: ldaps://10.1.85.11
> ldap_search_base: dc=wtg,dc=zone
> ldap_filter: (sAMAccountName=%u)
> ldap_bind_dn:
> CN=s_linux_bind,OU=Global,OU=Services,OU=Accounts,OU=root,DC=example,DC=com
> ldap_password: xxxx
> ldap_tls_reqcert: never
>
>
> Regards,
> Sandeep
>
>
>
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
