thr3ads.net - dovecot - AD LDAP auth shows unknown results [Apr 2016]

If this information is useful, please help other people find it:
Share via:
victorpictor at mailbox.hu
2016-Apr-15 16:53 UTC
AD LDAP auth shows unknown results

Hi List! 

Been struggling with AD LDAP auth, ldapsearch shows everything fine, but
when I try to telnet, the log shows unknown attributes. 

Dovecot 2.0.19 

dovecot -n: 

# 2.0.19: /etc/dovecot/dovecot.conf
# OS: Linux 3.5.0-23-generic x86_64 Ubuntu 12.04.5 LTS ext4
auth_debug = yes
auth_mechanisms = plain login
auth_username_format = %n
auth_verbose = yes
disable_plaintext_auth = no
listen = *
mail_location = maildir:/var/mail/%u%d/Maildir
namespace inbox {
inbox = yes
location = 
prefix = 
}
passdb {
args = /etc/dovecot/dovecot-ldap-passdb.conf
driver = ldap
}
plugin {
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
sieve_global_dir = /var/lib/dovecot/sieve/
}
protocols = " imap lmtp pop3"
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
user = vmail
}
ssl = no
ssl_cert = </etc/ssl/certs/dovecot.pem
ssl_key = </etc/ssl/private/dovecot.pem
userdb {
args = /etc/dovecot/dovecot-ldap-userdb.conf
driver = ldap
}
protocol lmtp {
mail_plugins = " sieve"
postmaster_address = postmaster at domain.hu
} 

Contents of passdb.conf: 

hosts = 1.2.3.4
auth_bind = yes
auth_bind_userdn = DOMAIN\%u
ldap_version = 3
base = dc=domain,dc=in
scope = subtree
deref = never
pass_filter = (&(objectClass=person)(sAMAccountName=%u)(mail=*)) 

Contents of userdb.conf: 

hosts = 1.2.3.4
dn = DOMAIN\user
dnpass = xxx
ldap_version = 3
base = dc=domain,dc=in
user_attrs
=uid=108,=gid=115,=home=/var/mail/%Lu,=mail=maildir:/var/mail/%Lu/Maildir/
user_filter = (&(objectClass=person)(sAMAccountName=%u)(mail=*)) 

# Attributes and filter to get a list of all users
iterate_attrs = sAMAccountName=user
iterate_filter = (objectClass=person) 

And the log after a test login: 

Apr 15 18:10:52 ubuntutest2 dovecot: auth: Debug: ldap(user,127.0.0.1):
user search: base=dc=domain,dc=in scope=subtree
filter=(&(objectClass=person)(sAMAccountName=user)(mail=*)) fields= 

Apr 15 18:10:52 ubuntutest2 dovecot: auth: Debug: ldap(user,127.0.0.1):
result: objectClass(?unknown?)= cn(?unknown?)=
instanceType(?unknown?)whenCreated(?unknown?)= uSNCreated(?unknown?)=
name(?unknown?)objectGUID(?unknown?)= badPwdCount(?unknown?)=
codePage(?unknown?)countryCode(?unknown?)=
badPasswordTime(?unknown?)lastLogoff(?unknown?)= lastLogon(?unknown?)=
primaryGroupID(?unknown?)objectSid(?unknown?)= accountExpires(?unknown?)=
logonCount(?unknown?)sAMAccountName(?unknown?)=
sAMAccountType(?unknown?)userPrincipalName(?unknown?)=
objectCategory(?unknown?)givenName(?unknown?)= initials(?unknown?)=
sn(?unknown?)displayName(?unknown?)=
description(?unknown?)physicalDeliveryOfficeName(?unknown?)=
userAccountControl(?unknown?)msDS-SupportedEncryptionTypes(?unknown?)=
pwdLastSet(?unknown?)homeDrive(?unknown?)= homeDirectory(?unknown?)=
memberOf(?unknown?)mail(?unknown?)= whenChanged(?unknown?)=
uSNChanged(?unknown?)distinguishedName(?unknown?)=

Any idea? 

Thanks for advance! 

Victorpictor
dovecot - Apr 2016 - AD LDAP auth shows unknown results

AD LDAP auth shows unknown results
