David Scheele
2015-Feb-24 08:36 UTC
"Temporary authentication failure" ? Cant connect with ldap user
@Steffen Kaiser: Sorry I wrote that wrong. I did indeed *grep -v '^ *\(#.*\)\?$' dovecot-ldap.conf.ext* to get those results. @Bob Miller: And how would that look like? I added a auth_bind_userdn looking like this: *auth_bind_userdn = uid=%u,dc=[hostname],o=de* And restartet dovecot, no use. Any other ideas? Best, David 2015-02-24 8:05 GMT+01:00 Steffen Kaiser <skdovecot at smail.inf.fh-brs.de>:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Mon, 23 Feb 2015, David Scheele wrote: > > So, I set up the Server, installed and configured postfix, ldap and >> dovecot >> (in that order) and now simply try to log into the mail account with a >> used >> from the LDAP over telnet. >> >> The test looks like this: >> >> *|> telnet localhost 143* >> *| a bunch of stuff ending with:* >> *| OK [**] Dovecot ready.* >> *|> a login username userpassword* >> *| a NO [UNAVAILABLE] Temporary authentication failure. [host and date >> here]* >> >> In the logs it says >> >> *|[date] mailserver dovecot: auth: Error: LDAP: binding failed (dn >> cn=admin): Invalid credentials* >> >> But I KNOW the admin password I entered into the dovecot-lda.conf.ext is >> correct as I use it to log into the LDAP directory over jxplorer >> >> I also know the password for the user i try to log in with is correct as i >> set it myself over and over just to be sure there are no typos. >> I'm at a loss, I've been at this end for a few days now and can't find >> good >> tutorials online because its either always an old dovecot, postfix, ldap >> or >> debian version and somewhere in the middle it just stops because some file >> is completely missing. I get the impression I'm just not able-brained for >> linux useage. >> >> Anyway, here are a few more informations about the system: >> >> *Dovecot version 2.1.7* >> >> Output of grep -v '^ *\(#.*\)\?$' dovecot-sql.conf: >> > ^^^^^^^^^^^^^^^^ > >> >> *hosts = localhost* >> *dn = cn=admin* >> *dnpass = [password]* >> *sasl_bind = no* >> *tls = no* >> *auth_bind = yes* >> *ldap_version = 3* >> *base = dc=[domainname],dc=de* >> *user_attrs = uidNumber=uid,gidNumber=gid* >> *user_filter = (&(objectClass=posixAccount)(uid=%u))* >> *pass_attrs = uid=user,userPassword=password* >> >> Output of dovecot -n: >> >> *disable_plaintest_auth = no* >> *mail_location = mbox:~/mail:INBOX=/var/mail/%u* >> *[namespace config here]* >> >> *passdb {* >> *args = /etc/dovecot/dovecot-ldap.conf.ext* >> > ^^^^^^^^^^^^^^^^^^^^ > > filename mismatch > > *driver = ldap* >> *}* >> *plugin {* >> *sieve = ~/.dovecot.sieve* >> *sieve_dir = ~/sieve* >> *}* >> >> *protocols = " imap pop3"* >> *ssl_cert = </etc/dovecot/dovecot.pem* >> *ssl_key = </etc/dovecot/private/dovecot.pem* >> *userdb {* >> *args = /etc/dovecot/dovecot-ldap.conf.ext* >> *driver =ldap* >> *}* >> *protocol pop3 {* >> *pop3_client_workarounds = outlook-no-nuls oe-ns-eoh* >> *pop3_uidl_format = %08Xu%08Xv* >> *}* >> >> Any help would be greatly apprechiated.... I'm going crazy over here. >> >> Thanks in advance, >> David >> >> > - -- Steffen Kaiser > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > > iQEVAwUBVOwixXz1H7kL/d9rAQJxAgf/dNt0dBGANbIGvm6B0Oeuna/+uY5/7MR8 > 9EpFwss94eu4PyFgAfOm2Al+IOT98LP1N9OHs3Za2r/2W7LKaesgjCa3vBfH9IjZ > okUj7fsQXsTAM+UqtF+ne3f5Vp6Ng36Irabr5HLptlbIu3lq8ALMm/E/72TabVLl > Lln7bB/YFftnrTlI2HheRLnAwSOMHu4rNE7G9zLqiPEipD5XsqgDBPpAM6PwPmbi > k/irSUgq8h4b66LCzo6Ekv6lvKzWxQpzJo0MC99HT0syAP/qpyLbPARhQvDXCH7J > wvf/T19EAt+OC4zzfIPgL2YxRP5ZN5efr82NLYdiMVfAcBaDHaFWTA=> =8upy > -----END PGP SIGNATURE----- >
Steffen Kaiser
2015-Feb-24 09:02 UTC
"Temporary authentication failure" ? Cant connect with ldap user
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 24 Feb 2015, David Scheele wrote:> 2015-02-24 8:05 GMT+01:00 Steffen Kaiser <skdovecot at smail.inf.fh-brs.de>: >> On Mon, 23 Feb 2015, David Scheele wrote: >> >> So, I set up the Server, installed and configured postfix, ldap and >>> dovecot >>> (in that order) and now simply try to log into the mail account with a >>> used >>> from the LDAP over telnet. >>> >>> The test looks like this: >>> >>> *|> telnet localhost 143* >>> *| a bunch of stuff ending with:* >>> *| OK [**] Dovecot ready.* >>> *|> a login username userpassword* >>> *| a NO [UNAVAILABLE] Temporary authentication failure. [host and date >>> here]* >>> >>> In the logs it says >>> >>> *|[date] mailserver dovecot: auth: Error: LDAP: binding failed (dn >>> cn=admin): Invalid credentials* >>> >>> But I KNOW the admin password I entered into the dovecot-lda.conf.ext is >>> correct as I use it to log into the LDAP directory over jxplorer >>> >>> I also know the password for the user i try to log in with is correct as i >>> set it myself over and over just to be sure there are no typos. >>> I'm at a loss, I've been at this end for a few days now and can't find >>> good >>> tutorials online because its either always an old dovecot, postfix, ldap >>> or >>> debian version and somewhere in the middle it just stops because some file >>> is completely missing. I get the impression I'm just not able-brained for >>> linux useage. >>> >>> Anyway, here are a few more informations about the system: >>> >>> *Dovecot version 2.1.7* >>> >>> Output of grep -v '^ *\(#.*\)\?$' dovecot-ldap.conf.ext: >>> *hosts = localhost* >>> *dn = cn=admin* >>> *dnpass = [password]*install the ldap-utils package - that one containing ldapsearch - and execute: ldapsearch -W -D cn=admin -b 'dc=[domainname],dc=de' \ '(&(objectClass=posixAccount)(uid=<<uid>>))' then enter your password. 1) I suppose, cn=admin is missing a domain name, e.g. dc=[domainname],dc=de . 2) does your dnpass contain "funny" characters?>>> *sasl_bind = no* >>> *tls = no* >>> *auth_bind = yes* >>> *ldap_version = 3* >>> *base = dc=[domainname],dc=de* >>> *user_attrs = uidNumber=uid,gidNumber=gid* >>> *user_filter = (&(objectClass=posixAccount)(uid=%u))* >>> *pass_attrs = uid=user,userPassword=password*BTW: You do not habe no pass_filter or I deleted it last time.>>> >>> Output of dovecot -n: >>> >>> *disable_plaintest_auth = no* >>> *mail_location = mbox:~/mail:INBOX=/var/mail/%u* >>> *[namespace config here]* >>> >>> *passdb {* >>> *args = /etc/dovecot/dovecot-ldap.conf.ext* >>> >> ^^^^^^^^^^^^^^^^^^^^ >> >> filename mismatch >> >> *driver = ldap* >>> *}* >>> *plugin {* >>> *sieve = ~/.dovecot.sieve* >>> *sieve_dir = ~/sieve* >>> *}* >>> >>> *protocols = " imap pop3"* >>> *ssl_cert = </etc/dovecot/dovecot.pem* >>> *ssl_key = </etc/dovecot/private/dovecot.pem* >>> *userdb {* >>> *args = /etc/dovecot/dovecot-ldap.conf.ext* >>> *driver =ldap* >>> *}* >>> *protocol pop3 {* >>> *pop3_client_workarounds = outlook-no-nuls oe-ns-eoh* >>> *pop3_uidl_format = %08Xu%08Xv* >>> *}* >>> >>> Any help would be greatly apprechiated.... I'm going crazy over here. >>> >>> Thanks in advance, >>> David >>> >>> >> - -- Steffen Kaiser >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1 >> >> iQEVAwUBVOwixXz1H7kL/d9rAQJxAgf/dNt0dBGANbIGvm6B0Oeuna/+uY5/7MR8 >> 9EpFwss94eu4PyFgAfOm2Al+IOT98LP1N9OHs3Za2r/2W7LKaesgjCa3vBfH9IjZ >> okUj7fsQXsTAM+UqtF+ne3f5Vp6Ng36Irabr5HLptlbIu3lq8ALMm/E/72TabVLl >> Lln7bB/YFftnrTlI2HheRLnAwSOMHu4rNE7G9zLqiPEipD5XsqgDBPpAM6PwPmbi >> k/irSUgq8h4b66LCzo6Ekv6lvKzWxQpzJo0MC99HT0syAP/qpyLbPARhQvDXCH7J >> wvf/T19EAt+OC4zzfIPgL2YxRP5ZN5efr82NLYdiMVfAcBaDHaFWTA=>> =8upy >> -----END PGP SIGNATURE----- >> >- -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBVOw+O3z1H7kL/d9rAQIaZAf+MTnOlpm92TbjdWLCNp3THyjUHMaHDmHt /EuAXa7P0r16tuBHXNuWAohSzG80ZF6ALxg1EhtFkFdH/VtrnyqZ0L6imahcXbhe QnwMA1R4PK1+K7ckUisg8Pkv+3hXPrMyjvOyqMUwOTmlwG6PjHNaX7LxthDQNTu4 0PjXVZ0IBGlBPTyra/9l81K5j/vw0qfvVF4ycWAFV7An/dqM3nYBnqkBTziqozNs wdhYWFQqApE/pGOe6TbFGeDEiE9PXVTue4G/H9VGe8GKu/ctlp0mtaRN7x84h5dO bqshRfVouSIOhK5jynJMH/T142URGKYGGaS7evCVfwNsRkOcdWJm+g==W7kX -----END PGP SIGNATURE-----
David Scheele
2015-Feb-24 09:23 UTC
"Temporary authentication failure" ? Cant connect with ldap user
The ldap-utils were already installed. I did the ldapsearch you gave me, but after inputting my admin password it gives me *ldap_bind: Invalid credentials (49)* I logged into the ldap server with my admin credentials (which worked fine) and changed my password to '12345', Trying that, still *Invalid credentials* . 1.) I tried that already. The error switches to syntax error then. 2.) Not really. An upper case letter and a number + various lowercase letters. Not very exotic. Is the pass_filter neccessary? I just wanted to make the installation as basic as possible, to not get any unwanted errors. Best, David 2015-02-24 10:02 GMT+01:00 Steffen Kaiser <skdovecot at smail.inf.fh-brs.de>:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Tue, 24 Feb 2015, David Scheele wrote: > >> 2015-02-24 8:05 GMT+01:00 Steffen Kaiser <skdovecot at smail.inf.fh-brs.de>: >> >>> On Mon, 23 Feb 2015, David Scheele wrote: >>> >>> So, I set up the Server, installed and configured postfix, ldap and >>> >>>> dovecot >>>> (in that order) and now simply try to log into the mail account with a >>>> used >>>> from the LDAP over telnet. >>>> >>>> The test looks like this: >>>> >>>> *|> telnet localhost 143* >>>> *| a bunch of stuff ending with:* >>>> *| OK [**] Dovecot ready.* >>>> *|> a login username userpassword* >>>> *| a NO [UNAVAILABLE] Temporary authentication failure. [host and date >>>> here]* >>>> >>>> In the logs it says >>>> >>>> *|[date] mailserver dovecot: auth: Error: LDAP: binding failed (dn >>>> cn=admin): Invalid credentials* >>>> >>>> But I KNOW the admin password I entered into the dovecot-lda.conf.ext is >>>> correct as I use it to log into the LDAP directory over jxplorer >>>> >>>> I also know the password for the user i try to log in with is correct >>>> as i >>>> set it myself over and over just to be sure there are no typos. >>>> I'm at a loss, I've been at this end for a few days now and can't find >>>> good >>>> tutorials online because its either always an old dovecot, postfix, ldap >>>> or >>>> debian version and somewhere in the middle it just stops because some >>>> file >>>> is completely missing. I get the impression I'm just not able-brained >>>> for >>>> linux useage. >>>> >>>> Anyway, here are a few more informations about the system: >>>> >>>> *Dovecot version 2.1.7* >>>> >>>> Output of grep -v '^ *\(#.*\)\?$' dovecot-ldap.conf.ext: >>>> *hosts = localhost* >>>> *dn = cn=admin* >>>> *dnpass = [password]* >>>> >>> > install the ldap-utils package - that one containing ldapsearch - and > execute: > > ldapsearch -W -D cn=admin -b 'dc=[domainname],dc=de' \ > '(&(objectClass=posixAccount)(uid=<<uid>>))' > > then enter your password. > > 1) I suppose, cn=admin is missing a domain name, e.g. > dc=[domainname],dc=de . > > 2) does your dnpass contain "funny" characters? > > *sasl_bind = no* >>>> *tls = no* >>>> *auth_bind = yes* >>>> *ldap_version = 3* >>>> *base = dc=[domainname],dc=de* >>>> *user_attrs = uidNumber=uid,gidNumber=gid* >>>> *user_filter = (&(objectClass=posixAccount)(uid=%u))* >>>> *pass_attrs = uid=user,userPassword=password* >>>> >>> > BTW: You do not habe no pass_filter or I deleted it last time. > > > >>>> Output of dovecot -n: >>>> >>>> *disable_plaintest_auth = no* >>>> *mail_location = mbox:~/mail:INBOX=/var/mail/%u* >>>> *[namespace config here]* >>>> >>>> *passdb {* >>>> *args = /etc/dovecot/dovecot-ldap.conf.ext* >>>> >>>> ^^^^^^^^^^^^^^^^^^^^ >>> >>> filename mismatch >>> >>> *driver = ldap* >>> >>>> *}* >>>> *plugin {* >>>> *sieve = ~/.dovecot.sieve* >>>> *sieve_dir = ~/sieve* >>>> *}* >>>> >>>> *protocols = " imap pop3"* >>>> *ssl_cert = </etc/dovecot/dovecot.pem* >>>> *ssl_key = </etc/dovecot/private/dovecot.pem* >>>> *userdb {* >>>> *args = /etc/dovecot/dovecot-ldap.conf.ext* >>>> *driver =ldap* >>>> *}* >>>> *protocol pop3 {* >>>> *pop3_client_workarounds = outlook-no-nuls oe-ns-eoh* >>>> *pop3_uidl_format = %08Xu%08Xv* >>>> *}* >>>> >>>> Any help would be greatly apprechiated.... I'm going crazy over here. >>>> >>>> Thanks in advance, >>>> David >>>> >>>> >>>> - -- Steffen Kaiser >>> -----BEGIN PGP SIGNATURE----- >>> Version: GnuPG v1 >>> >>> iQEVAwUBVOwixXz1H7kL/d9rAQJxAgf/dNt0dBGANbIGvm6B0Oeuna/+uY5/7MR8 >>> 9EpFwss94eu4PyFgAfOm2Al+IOT98LP1N9OHs3Za2r/2W7LKaesgjCa3vBfH9IjZ >>> okUj7fsQXsTAM+UqtF+ne3f5Vp6Ng36Irabr5HLptlbIu3lq8ALMm/E/72TabVLl >>> Lln7bB/YFftnrTlI2HheRLnAwSOMHu4rNE7G9zLqiPEipD5XsqgDBPpAM6PwPmbi >>> k/irSUgq8h4b66LCzo6Ekv6lvKzWxQpzJo0MC99HT0syAP/qpyLbPARhQvDXCH7J >>> wvf/T19EAt+OC4zzfIPgL2YxRP5ZN5efr82NLYdiMVfAcBaDHaFWTA=>>> =8upy >>> -----END PGP SIGNATURE----- >>> >>> >> > - -- Steffen Kaiser > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > > iQEVAwUBVOw+O3z1H7kL/d9rAQIaZAf+MTnOlpm92TbjdWLCNp3THyjUHMaHDmHt > /EuAXa7P0r16tuBHXNuWAohSzG80ZF6ALxg1EhtFkFdH/VtrnyqZ0L6imahcXbhe > QnwMA1R4PK1+K7ckUisg8Pkv+3hXPrMyjvOyqMUwOTmlwG6PjHNaX7LxthDQNTu4 > 0PjXVZ0IBGlBPTyra/9l81K5j/vw0qfvVF4ycWAFV7An/dqM3nYBnqkBTziqozNs > wdhYWFQqApE/pGOe6TbFGeDEiE9PXVTue4G/H9VGe8GKu/ctlp0mtaRN7x84h5dO > bqshRfVouSIOhK5jynJMH/T142URGKYGGaS7evCVfwNsRkOcdWJm+g=> =W7kX > -----END PGP SIGNATURE----- >
Possibly Parallel Threads
- "Temporary authentication failure" ? Cant connect with ldap user
- "Temporary authentication failure" ? Cant connect with ldap user
- "Temporary authentication failure" ? Cant connect with ldap user
- "Temporary authentication failure" ? Cant connect with ldap user
- "Temporary authentication failure" ? Cant connect with ldap user