Connecting to multiple ldaps AD from Dovecot 2.4.1

[Grepl Zbynek via dovecot]

   Hello List!
   I am testing auth-ldap.conf.ext on Dovecot 2.4.1
   Debian 13 (trixie)
   Postfix 3.10.4
   Dovecot 2.4.1-4 (7d8c0e5759)

   Everything works fine when I use only one ldap AD for authentication.
   I need to connect multiple ADs of our organizations which have separate
   ADs.

   The problem is that it always takes the last ldap_uris as working even if
   I put them in separate files.

   configuration - auth-ldap.conf.ext

   ### AD - ORG_ONE

   ldap_uris = [1]ldap://XX.YY.ZZ.CZ
   ldap_auth_dn = CN=ReaderAD,CN=Users,DC=domain1,DC=local
   ldap_auth_dn_password = secret_password_1
   ldap_base = OU=ALFA,dc=domain1,dc=local
   ldap_version = 3

   ### domena subdomain1.domain1.cz
   passdb ldap {
       ldap_filter =
   (&(objectClass=user)(mail=%{user|username}@%{user|domain}))
       ldap_bind = yes
       result_internalfail = return-fail
   }

   userdb ldap {
       driver = ldap
           ldap_filter =
   (&(objectClass=user)(mail=%{user|username}@%{user|domain}))
               fields {

   mail_path=/home/vmail/%{user|domain}/%{[2]ldap:mail}/Maildir

   mail_inbox_path=/home/vmail/%{user|domain}/%{[3]ldap:mail}/Maildir/
       }
   }

   ### AD - ORG_SECOND
   ldap_uris = [4]ldap://AXX.AYY.AZZ.ACZ [5]ldap://BXX.BYY.BZZ.BCZ
   ldap_auth_dn =
   
CN=ReaderAD,OU=ServiceAccount,OU=DELTA,OU=GAMA,OU=ALFA,OU=BETA,DC=domain2,DC=cz
   ldap_auth_dn_password = secret_password_2
   ldap_base = OU=BETA,dc=domain2,dc=cz
   ldap_version = 3

   ### domena subdomain2.domain1.cz
   passdb ldap {
       ldap_filter =
   (&(objectClass=user)(mail=%{user|username}@%{user|domain}))
       ldap_bind = yes
       result_internalfail = return-fail
   }

   userdb ldap {
       driver = ldap
           ldap_filter =
   (&(objectClass=user)(mail=%{user|username}@%{user|domain}))
               fields {

   mail_path=/home/vmail/%{user|domain}/%{[6]ldap:mail}/Maildir

   mail_inbox_path=/home/vmail/%{user|domain}/%{[7]ldap:mail}/Maildir/
       }
   }

   --- doveadm auth test ---
   [8]root@SERVER:/etc/dovecot/conf.d# doveadm auth test
   [9]name.surn...@subdomain2.domain2.cz
   Password:
   passdb: [10]name.surn...@subdomain2.domain1.cz auth succeeded
   extra fields:
     [11]user=name.surn...@subdomain2.domain1.cz

   [12]root@SERVER:/etc/dovecot/conf.d# doveadm auth test
   [13]name.surn...@subdomain1.domain1.cz
   Password:
   passdb: [14]name.surn...@subdomain2.domain2.cz auth failed
   extra fields:
     [15]user=name.surn...@subdomain2.domain2.cz
   -----
   I couldn't find any solution in the 2.4.1 documentation or on the
   Internet. AI didn't help.

   Thank you for your time and reply.

   Kind regards,
   Zbynek Grepl

References

   Visible links
   1. file:///tmp/tmpy9tgc9z4/ldap:/XX.YY.ZZ.CZ
   2. file:///tmp/tmpy9tgc9z4/ldap:mail
   3. file:///tmp/tmpy9tgc9z4/ldap:mail
   4. file:///tmp/tmpy9tgc9z4/ldap:/AXX.AYY.AZZ.ACZ
   5. file:///tmp/tmpy9tgc9z4/ldap:/BXX.BYY.BZZ.BCZ
   6. file:///tmp/tmpy9tgc9z4/ldap:mail
   7. file:///tmp/tmpy9tgc9z4/ldap:mail
   8. mailto:root@server/etc/dovecot/conf.d#
   9. mailto:name.surn...@subdomain2.domain2.cz
  10. mailto:name.surn...@subdomain2.domain1.cz
  11. mailto:user=name.surn...@subdomain2.domain1.cz
  12. mailto:root@server/etc/dovecot/conf.d#
  13. mailto:name.surn...@subdomain1.domain1.cz
  14. mailto:name.surn...@subdomain2.domain2.cz
  15. mailto:user=name.surn...@subdomain2.domain2.cz

_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org