Hi, I'm struggling to setup LDAP authentication with dovecot against an AD server. When I attempt to bind using the same DN I use to do address lookups in exim and to do searches using ldap search on the command line I get the following in my logs: Aug 7 08:55:58 mail-dev dovecot: auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth Aug 7 08:55:58 mail-dev dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libauthdb_ldap.so Aug 7 08:55:58 mail-dev dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so Aug 7 08:55:58 mail-dev dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libmech_gssapi.so Aug 7 08:55:58 mail-dev dovecot: auth: Debug: auth client connected (pid=1523) Aug 7 08:55:58 mail-dev dovecot: auth: Error: LDAP: binding failed (dn CN=Linux Sync,CN=Users,DC=RTT,DC=co,DC=za): Invalid credentials, 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1? I'm running CentOS 6 and connect to a Windows 2008 R2 domain. The output from dovecot -n: # 2.0.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-279.2.1.el6.x86_64 x86_64 CentOS release 6.3 (Final) auth_debug = yes auth_verbose = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date mbox_write_locks = fcntl passdb { driver = pam } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } ssl_cert = </etc/pki/dovecot/certs/dovecot.pem ssl_key = </etc/pki/dovecot/private/dovecot.pem userdb { driver = passwd } userdb { args = uid=exim gid=exim home=/var/spool/mail/%Ld/%Ln driver = static } And my /etc/dovecot/dovecot-ldap.conf.ext: hosts = dc01.mydomain.com base = dc=mydomain,dc=com dn = CN=Linux Sync,CN=Users,DC=mydomain,DC=com dnpass = mypass deref = never scope = subtree ldap_version = 3 auth_bind = no pass_filter = (&(objectClass=person)(mail=%u)) Chris Visser Linux/Network Infrastructure? =================Please read our Email Disclaimer : http://www.rtt.co.za/disclaimer.html