Phil Anslemo
2007-Jan-11 23:19 UTC
[Dovecot] Configuring Dovecot for use with Active Directory
Hello, My server is configured as follows: FreeBSD 6.1 OpenLDAP 2.3.27 Cyrus SASL 2.1.21 Dovecot 1.0.rc15 I have PostFix configured to use SASL for SMTP AUTH, which in turn leverages OpenLDAP to verify users in Active Directory. I do not have, nor want to in the future, local users in FreeBSD, so I've configured PostFix for Virtual Mailboxes. Everything is working and I'm getting ready to configure Dovecot, but need clarification. I want to make sure my dovecot-ldap.conf is properly configured and need another set of eyes to look at it (of course dovecot.conf should also be correct, but one thing at a time). Here's my dovecot-ldap.conf file: hosts = 192.168.0.240 #uris = dn = cn=<BINDUSER>,ou=IT,ou=Central Office,dc=<DOMAIN>,dc=local dnpass = <>PASSWORD #sasl_bind = no #sasl_mech #sasl_realm #sasl_authz_id auth_bind = yes #auth_bind_userdn ldap_version = 3 base = dc=<DOMAIN>, dc=local deref = never scope = subtree #user_filter = (&(objectClass=posixAccount)(uid=%u)) #pass_attrs = uid=user,userPassword=password #pass_attrs = uid=user,userPassword=password,homeDirectory=userdb_home,uidNumber=userdb_uid,gidNumber=userdb_gid #pass_filter = (&(objectClass=posixAccount)(uid=%u)) #default_pass_scheme = CRYPT user_global_uid = 101 user_global_gid = 101 Your help is appreciated. Thanks, uxphreak ____________________________________________________________________________________ Do you Yahoo!? Everyone is raving about the all-new Yahoo! Mail beta. http://new.mail.yahoo.com
Phil Anslemo
2007-Jan-12 23:04 UTC
[Dovecot] Configuring Dovecot for use with Active Directory
Here's my updated dovecot-ldap.conf file. I made some slight changes after starting dovecot and receiving errors. hosts = 192.168.0.240:389 #uris = dn = cn=<BINDUSER>,ou=IT,ou=Central Office,dc=<DOMAIN>,dc=local dnpass = <PASSWORD> #sasl_bind = no #sasl_mech #sasl_realm #sasl_authz_id auth_bind = yes #auth_bind_userdn ldap_version = 3 base = dc=<DOMAIN>, dc=local deref = never scope = subtree user_filter = (&(objectClass=user)(sAMAccountName=%n)) #pass_attrs = uid=user #pass_attrs = uid=user,userPassword=password,homeDirectory=userdb_home,uidNumber=userdb_uid,gidNumber=userdb_gid pass_filter = (&(objectClass=user)(sAMAccountName=%n)) #default_pass_scheme = CRYPT user_global_uid = 101 user_global_gid = 101 Now that I've cleaned up most of the problems, the next issue I'm having is actually authenticating the users from dovecot through ldap in active directory. When it attempts to authenticate, dovecot hangs and then timesout. The only thing I can think of is ldap needs to send the password to Active Directory in a format it can understand. Has anyone run into this? Thanks, uxphreak ----- Original Message ---- From: Phil Anslemo <uxphreak at yahoo.com> To: dovecot at dovecot.org Sent: Thursday, January 11, 2007 4:19:46 PM Subject: Configuring Dovecot for use with Active Directory Hello, My server is configured as follows: FreeBSD 6.1 OpenLDAP 2.3.27 Cyrus SASL 2.1.21 Dovecot 1.0.rc15 I have PostFix configured to use SASL for SMTP AUTH, which in turn leverages OpenLDAP to verify users in Active Directory. I do not have, nor want to in the future, local users in FreeBSD, so I've configured PostFix for Virtual Mailboxes. Everything is working and I'm getting ready to configure Dovecot, but need clarification. I want to make sure my dovecot-ldap.conf is properly configured and need another set of eyes to look at it (of course dovecot.conf should also be correct, but one thing at a time). Here's my dovecot-ldap.conf file: hosts = 192.168.0.240 #uris = dn = cn=<BINDUSER>,ou=IT,ou=Central Office,dc=<DOMAIN>,dc=local dnpass = <>PASSWORD #sasl_bind = no #sasl_mech #sasl_realm #sasl_authz_id auth_bind = yes #auth_bind_userdn ldap_version = 3 base = dc=<DOMAIN>, dc=local deref = never scope = subtree #user_filter = (&(objectClass=posixAccount)(uid=%u)) #pass_attrs = uid=user,userPassword=password #pass_attrs = uid=user,userPassword=password,homeDirectory=userdb_home,uidNumber=userdb_uid,gidNumber=userdb_gid #pass_filter = (&(objectClass=posixAccount)(uid=%u)) #default_pass_scheme = CRYPT user_global_uid = 101 user_global_gid = 101 Your help is appreciated. Thanks, uxphreak ____________________________________________________________________________________ Do you Yahoo!? Everyone is raving about the all-new Yahoo! Mail beta. http://new.mail.yahoo.com __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com