dovecot - Apr 2009 - Active Directory LDAP authentication fails after a time

Hi - 

I've got Dovecot version 1.0.7 running on a CentOS 5.2 machine.  It's
serving pop, imap and imaps and authenticating against an Active Directory
machine.  This all works fine at first, but after about two weeks or so,
dovecot's authentication against AD starts to fail.  All of dovecot's
authentication attempts time out.  I also have postfix on the same machine
authenticating against the same AD, and it does not seem to experience this
issue.  If I restart dovecot, the authentication starts working again.  

I've gone over /var/log/maillog, but I don't see anything particularly
useful.  The only thing I really see is:
dovecot: IMAP(noah): Disconnected for inactivity

Here's some of the relevant portions of my configs:

dovecot.conf
auth default {
  mechanisms = plain
  passdb ldap {
    args = /etc/dovecot-ldap.conf
  }
  passdb passwd-file {
    args = /etc/dovecot/passdb
    master = yes
  }
  userdb static {
    args = uid=vmail gid=vmail home=/home/vmail/%u
  }
  user = root
}

dovecot-ldap.conf
hosts = admachine.domain.com
base = dc=domain,dc=com
ldap_version = 3
auth_bind = yes
auth_bind_userdn = DOMAIN\%u


Does anybody have any ideas about why this is happening, or maybe just an
idea about how to better troubleshoot it?  If you need any more info, I'll
be happy to provide it.  Can I tell dovecot to be a little more verbose with
it's log entries (I've already got auth_debug set to yes, but I'm
not
getting very much info)?


Thanks!
Noah
-- 
View this message in context:
http://www.nabble.com/Active-Directory-LDAP-authentication-fails-after-a-time-tp23102450p23102450.html
Sent from the Dovecot mailing list archive at Nabble.com.

i run dovecot 1.1.7 and i have the ldap.conf like this:

base = ou=DOMAIN-Users,dc=domain,dc=com
ldap_version = 3
auth_bind = yes
dn = cn=ldap,cn=Users,dc=domain,dc=com
dnpass = password

I am authenticating against AD2003 and have not have and issue since  
it went live back in december... I would say it may be time for you  
to update...


On Apr 17, 2009, at 12:40 PM, noahisaac wrote:
>
> Hi -
>
> I've got Dovecot version 1.0.7 running on a CentOS 5.2 machine. 
It's
> serving pop, imap and imaps and authenticating against an Active  
> Directory
> machine.  This all works fine at first, but after about two weeks  
> or so,
> dovecot's authentication against AD starts to fail.  All of
dovecot's
> authentication attempts time out.  I also have postfix on the same  
> machine
> authenticating against the same AD, and it does not seem to  
> experience this
> issue.  If I restart dovecot, the authentication starts working again.
>
> I've gone over /var/log/maillog, but I don't see anything
particularly
> useful.  The only thing I really see is:
> dovecot: IMAP(noah): Disconnected for inactivity
>
> Here's some of the relevant portions of my configs:
>
> dovecot.conf
> auth default {
>   mechanisms = plain
>   passdb ldap {
>     args = /etc/dovecot-ldap.conf
>   }
>   passdb passwd-file {
>     args = /etc/dovecot/passdb
>     master = yes
>   }
>   userdb static {
>     args = uid=vmail gid=vmail home=/home/vmail/%u
>   }
>   user = root
> }
>
> dovecot-ldap.conf
> hosts = admachine.domain.com
> base = dc=domain,dc=com
> ldap_version = 3
> auth_bind = yes
> auth_bind_userdn = DOMAIN\%u
>
>
> Does anybody have any ideas about why this is happening, or maybe  
> just an
> idea about how to better troubleshoot it?  If you need any more  
> info, I'll
> be happy to provide it.  Can I tell dovecot to be a little more  
> verbose with
> it's log entries (I've already got auth_debug set to yes, but
I'm not
> getting very much info)?
>
>
> Thanks!
> Noah
> -- 
> View this message in context: http://www.nabble.com/Active- 
> Directory-LDAP-authentication-fails-after-a-time- 
> tp23102450p23102450.html
> Sent from the Dovecot mailing list archive at Nabble.com.
>

On 4/17/2009, noahisaac (noah at miller.cc) wrote:
> I've got Dovecot version 1.0.7
Best bet is to upgrade... lits of fixes and improvements since this
version...

1.1.14 is current stable version, and is available (well, maybe not
quite yet since it was only released yesterday, but at least 1.1.13 is)
via atrpms...

-- 

Best regards,

Charles