dovecot - Jun 2012 - Problem with Dovecot and AD LDAP auth

Hi.

Seems it's a bug in dovecot auth. I have??FreeBSD 8.1-RELEASE-p1 and I tried
1.2.17 and 2.1.7 versions of Dovecot, and still no luck.

The problem: when I set in dovecot-ldap.conf:?base = CN=Users,DC=domain,DC=local

everything works fine. But if I set:?base = DC=domain,DC=local

mail client can't authorize. /var/log/dovecot.log says:
===============================================?
Jun 07 18:07:17 auth: Debug: auth client connected (pid=14611)
Jun 07 18:08:11 auth: Debug: client in: AUTH 1 PLAIN service=imap
session=G1//aeLB6wAKAABu lip=10.0.0.3 rip=10.0.0.110 lport=143 rport=55787
resp=AGdhdGV3YXkAVU82eUpuUXQJun 07 18:08:11 auth: Debug:
ldap(gateway,10.0.0.110,<G1//aeLB6wAKAABu>): bind search:
base=DC=domain,DC=local
filter=(&(objectClass=person)(sAMAccountName=gateway))
Jun 07 18:08:11 auth: Debug: ldap(gateway,10.0.0.110,<G1//aeLB6wAKAABu>):
result: uid missing
Jun 07 18:10:18 imap-login: Info: Disconnected: Inactivity during authentication
(disconnected while authenticating, waited 127 secs): user=<>,
method=PLAIN, rip=10.0.0.110, lip=10.0.0.3, session=<G1//aeLB6wAKAABu>
Jun 07 18:10:18 auth: Debug: client in: CANCEL 1
Jun 07 18:10:18 auth: Debug: auth client connected (pid=14706)
Jun 07 18:10:26 auth: Debug: client in: AUTH 1 PLAIN service=imap
session=n6IBcuLB7AAKAABu lip=10.0.0.3 rip=10.0.0.110 lport=143 rport=55788
resp=AGdhdGV3YXkAVU82eUpuUXQJun 07 18:10:26 auth: Debug:
ldap(gateway,10.0.0.110,<n6IBcuLB7AAKAABu>): bind search:
base=DC=domain,DC=local
filter=(&(objectClass=person)(sAMAccountName=gateway))
Jun 07 18:10:26 auth: Error: ldap(gateway,10.0.0.110,<n6IBcuLB7AAKAABu>):
Connection appears to be hanging, reconnecting
Jun 07 18:10:26 auth: Debug: ldap(gateway,10.0.0.110,<n6IBcuLB7AAKAABu>):
result: uid missing
Jun 07 18:10:26 auth: Error: ldap(gateway,10.0.0.110,<G1//aeLB6wAKAABu>):
Request lost
Jun 07 18:10:26 auth: Error: ldap(gateway,10.0.0.110,<n6IBcuLB7AAKAABu>):
ldap_search(base=DC=domain,DC=local
filter=(&(objectClass=person)(sAMAccountName=gateway))) failed: Operations
error
Jun 07 18:10:26 auth: Error: LDAP: Reply with unknown msgid 2
Jun 07 18:10:26 auth: Error: LDAP: Reply with unknown msgid 2
Jun 07 18:10:26 auth: Error: LDAP: Reply with unknown msgid 2
Jun 07 18:10:26 auth: Error: LDAP: Reply with unknown msgid 2
Jun 07 18:10:28 auth: Debug: client out: FAIL 1 user=gateway temp
Jun 07 18:10:28 auth: Debug: client out: FAIL 1 user=gateway temp
Jun 07 18:13:18 imap-login: Info: Disconnected: Inactivity (auth failed, 1
attempts in 172 secs): user=<gateway>, method=PLAIN, rip=10.0.0.110,
lip=10.0.0.3, session=<n6IBcuLB7AAKAABu>
===========================================
My dovecot-ldap.conf:

==============================ldap_version = 3
hosts = ad.domain.local
base = DC=hrom,DC=local
scope = subtree

dn = CN=mailserver,CN=Users,DC=domain,DC=local
dnpass = here_is_pass
auth_bind = yes
pass_attrs = uid=user
pass_filter = "(&(objectClass=person)(sAMAccountName=%u))"
user_attrs = name=mail=maildir:/var/mail/virtual/hrom.local/%n
user_filter = "(&(objectClass=person)(sAMAccountName=%u))"
===================================================?
?
?I need base = DC=domain,DC=local for searching for user's accounts in
different OU of my AD. If I set base = CN=Users,DC=domain,DC=local, Dovecot
can't authorize user accounts from OU.

P.S.: Postfix with base = DC=domain,DC=local works perfectly, so the problem is
not with our domain controller (LDAP server as well) .