Hi,
I'm struggling to setup LDAP authentication with dovecot against an AD
server. When I attempt to bind using the same DN I use to do address lookups in
exim and to do searches using ldap search on the command line I get the
following in my logs:
Aug 7 08:55:58 mail-dev dovecot: auth: Debug: Loading modules from directory:
/usr/lib64/dovecot/auth
Aug 7 08:55:58 mail-dev dovecot: auth: Debug: Module loaded:
/usr/lib64/dovecot/auth/libauthdb_ldap.so
Aug 7 08:55:58 mail-dev dovecot: auth: Debug: Module loaded:
/usr/lib64/dovecot/auth/libdriver_sqlite.so
Aug 7 08:55:58 mail-dev dovecot: auth: Debug: Module loaded:
/usr/lib64/dovecot/auth/libmech_gssapi.so
Aug 7 08:55:58 mail-dev dovecot: auth: Debug: auth client connected (pid=1523)
Aug 7 08:55:58 mail-dev dovecot: auth: Error: LDAP: binding failed (dn CN=Linux
Sync,CN=Users,DC=RTT,DC=co,DC=za): Invalid credentials, 80090308: LdapErr:
DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1?
I'm running CentOS 6 and connect to a Windows 2008 R2 domain.
The output from dovecot -n:
# 2.0.9: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-279.2.1.el6.x86_64 x86_64 CentOS release 6.3 (Final)
auth_debug = yes
auth_verbose = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date
mbox_write_locks = fcntl
passdb {
driver = pam
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
plugin {
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
}
ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
ssl_key = </etc/pki/dovecot/private/dovecot.pem
userdb {
driver = passwd
}
userdb {
args = uid=exim gid=exim home=/var/spool/mail/%Ld/%Ln
driver = static
}
And my /etc/dovecot/dovecot-ldap.conf.ext:
hosts = dc01.mydomain.com
base = dc=mydomain,dc=com
dn = CN=Linux Sync,CN=Users,DC=mydomain,DC=com
dnpass = mypass
deref = never
scope = subtree
ldap_version = 3
auth_bind = no
pass_filter = (&(objectClass=person)(mail=%u))
Chris Visser
Linux/Network Infrastructure?
=================Please read our Email Disclaimer :
http://www.rtt.co.za/disclaimer.html
