dovecot - Feb 2015 - "Temporary authentication failure" ? Cant connect with ldap user

Hmm...

*ldapsearch -x cn=admin* gives me:

| # A bunch of information not really interesting
| # search result
| search: 2
| result: 32 No such object
|
| numResponses: 1

*ldapsearch -x cn=admin* gives the same.
Did i configure the ldap wrong?


2015-02-24 10:42 GMT+01:00 Steffen Kaiser <skdovecot at
smail.inf.fh-brs.de>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Tue, 24 Feb 2015, David Scheele wrote:
>
>
>> The ldap-utils were already installed.
>> I did the ldapsearch you gave me, but after inputting my admin password
it
>> gives me
>> *ldap_bind: Invalid credentials (49)*
>> I logged into the ldap server with my admin credentials (which worked
>> fine)
>> and changed my password to '12345', Trying that, still *Invalid
>> credentials*
>> .
>>
>
> Oh forgot:
>
> ldapsearch -x  ..
>
> Also try:
>
> ldapsearch -x cn=admin
>
>
> to get the full DN of the admin
>
>
>  1.) I tried that already. The error switches to syntax error then.
>> 2.) Not really. An upper case letter and a number + various lowercase
>> letters. Not very exotic.
>>
>> Is the pass_filter neccessary? I just wanted to make the installation
as
>> basic as possible, to not get any unwanted errors.
>>
>> Best,
>> David
>>
>> 2015-02-24 10:02 GMT+01:00 Steffen Kaiser <skdovecot at
smail.inf.fh-brs.de
>> >:
>>
>>  -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> On Tue, 24 Feb 2015, David Scheele wrote:
>>>
>>>  2015-02-24 8:05 GMT+01:00 Steffen Kaiser <skdovecot at
smail.inf.fh-brs.de
>>>> >:
>>>>
>>>>  On Mon, 23 Feb 2015, David Scheele wrote:
>>>>>
>>>>>  So, I set up the Server, installed and configured postfix,
ldap and
>>>>>
>>>>>  dovecot
>>>>>> (in that order) and now simply try to log into the mail
account with a
>>>>>> used
>>>>>> from the LDAP over telnet.
>>>>>>
>>>>>> The test looks like this:
>>>>>>
>>>>>> *|> telnet localhost 143*
>>>>>> *| a bunch of stuff ending with:*
>>>>>> *| OK [**] Dovecot ready.*
>>>>>> *|> a login username userpassword*
>>>>>> *| a NO [UNAVAILABLE] Temporary authentication failure.
[host and date
>>>>>> here]*
>>>>>>
>>>>>> In the logs it says
>>>>>>
>>>>>> *|[date] mailserver dovecot: auth: Error: LDAP: binding
failed (dn
>>>>>> cn=admin): Invalid credentials*
>>>>>>
>>>>>> But I KNOW the admin password I entered into the
dovecot-lda.conf.ext
>>>>>> is
>>>>>> correct as I use it to log into the LDAP directory over
jxplorer
>>>>>>
>>>>>> I also know the password for the user i try to log in
with is correct
>>>>>> as i
>>>>>> set it myself over and over just to be sure there are
no typos.
>>>>>> I'm at a loss, I've been at this end for a few
days now and can't find
>>>>>> good
>>>>>> tutorials online because its either always an old
dovecot, postfix,
>>>>>> ldap
>>>>>> or
>>>>>> debian version and somewhere in the middle it just
stops because some
>>>>>> file
>>>>>> is completely missing. I get the impression I'm
just not able-brained
>>>>>> for
>>>>>> linux useage.
>>>>>>
>>>>>> Anyway, here are a few more informations about the
system:
>>>>>>
>>>>>> *Dovecot version 2.1.7*
>>>>>>
>>>>>> Output of grep -v '^ *\(#.*\)\?$'
dovecot-ldap.conf.ext:
>>>>>> *hosts = localhost*
>>>>>> *dn = cn=admin*
>>>>>> *dnpass = [password]*
>>>>>>
>>>>>>
>>>>>  install the ldap-utils package - that one containing
ldapsearch - and
>>> execute:
>>>
>>> ldapsearch -W -D cn=admin -b 'dc=[domainname],dc=de' \
>>>
'(&(objectClass=posixAccount)(uid=<<uid>>))'
>>>
>>> then enter your password.
>>>
>>> 1) I suppose, cn=admin is missing a domain name, e.g.
>>> dc=[domainname],dc=de .
>>>
>>> 2) does your dnpass contain "funny" characters?
>>>
>>>  *sasl_bind = no*
>>>
>>>> *tls = no*
>>>>>> *auth_bind = yes*
>>>>>> *ldap_version = 3*
>>>>>> *base = dc=[domainname],dc=de*
>>>>>> *user_attrs = uidNumber=uid,gidNumber=gid*
>>>>>> *user_filter =
(&(objectClass=posixAccount)(uid=%u))*
>>>>>> *pass_attrs = uid=user,userPassword=password*
>>>>>>
>>>>>>
>>>>>  BTW: You do not habe no pass_filter or I deleted it last
time.
>>>
>>>
>>>
>>>  Output of dovecot -n:
>>>>>>
>>>>>> *disable_plaintest_auth = no*
>>>>>> *mail_location = mbox:~/mail:INBOX=/var/mail/%u*
>>>>>> *[namespace config here]*
>>>>>>
>>>>>> *passdb {*
>>>>>> *args = /etc/dovecot/dovecot-ldap.conf.ext*
>>>>>>
>>>>>>                         ^^^^^^^^^^^^^^^^^^^^
>>>>>>
>>>>>
>>>>> filename mismatch
>>>>>
>>>>>  *driver = ldap*
>>>>>
>>>>>  *}*
>>>>>> *plugin {*
>>>>>> *sieve = ~/.dovecot.sieve*
>>>>>> *sieve_dir = ~/sieve*
>>>>>> *}*
>>>>>>
>>>>>> *protocols = " imap pop3"*
>>>>>> *ssl_cert = </etc/dovecot/dovecot.pem*
>>>>>> *ssl_key = </etc/dovecot/private/dovecot.pem*
>>>>>> *userdb {*
>>>>>> *args = /etc/dovecot/dovecot-ldap.conf.ext*
>>>>>> *driver =ldap*
>>>>>> *}*
>>>>>> *protocol pop3 {*
>>>>>> *pop3_client_workarounds = outlook-no-nuls oe-ns-eoh*
>>>>>> *pop3_uidl_format = %08Xu%08Xv*
>>>>>> *}*
>>>>>>
>>>>>> Any help would be greatly apprechiated.... I'm
going crazy over here.
>>>>>>
>>>>>> Thanks in advance,
>>>>>> David
>>>>>>
>>>>>>
>>>>>>  - -- Steffen Kaiser
>>>>>>
>>>>> -----BEGIN PGP SIGNATURE-----
>>>>> Version: GnuPG v1
>>>>>
>>>>>
iQEVAwUBVOwixXz1H7kL/d9rAQJxAgf/dNt0dBGANbIGvm6B0Oeuna/+uY5/7MR8
>>>>>
9EpFwss94eu4PyFgAfOm2Al+IOT98LP1N9OHs3Za2r/2W7LKaesgjCa3vBfH9IjZ
>>>>>
okUj7fsQXsTAM+UqtF+ne3f5Vp6Ng36Irabr5HLptlbIu3lq8ALMm/E/72TabVLl
>>>>>
Lln7bB/YFftnrTlI2HheRLnAwSOMHu4rNE7G9zLqiPEipD5XsqgDBPpAM6PwPmbi
>>>>>
k/irSUgq8h4b66LCzo6Ekv6lvKzWxQpzJo0MC99HT0syAP/qpyLbPARhQvDXCH7J
>>>>>
wvf/T19EAt+OC4zzfIPgL2YxRP5ZN5efr82NLYdiMVfAcBaDHaFWTA=>>>>>
=8upy
>>>>> -----END PGP SIGNATURE-----
>>>>>
>>>>>
>>>>>
>>>>  - -- Steffen Kaiser
>>> -----BEGIN PGP SIGNATURE-----
>>> Version: GnuPG v1
>>>
>>> iQEVAwUBVOw+O3z1H7kL/d9rAQIaZAf+MTnOlpm92TbjdWLCNp3THyjUHMaHDmHt
>>> /EuAXa7P0r16tuBHXNuWAohSzG80ZF6ALxg1EhtFkFdH/VtrnyqZ0L6imahcXbhe
>>> QnwMA1R4PK1+K7ckUisg8Pkv+3hXPrMyjvOyqMUwOTmlwG6PjHNaX7LxthDQNTu4
>>> 0PjXVZ0IBGlBPTyra/9l81K5j/vw0qfvVF4ycWAFV7An/dqM3nYBnqkBTziqozNs
>>> wdhYWFQqApE/pGOe6TbFGeDEiE9PXVTue4G/H9VGe8GKu/ctlp0mtaRN7x84h5dO
>>> bqshRfVouSIOhK5jynJMH/T142URGKYGGaS7evCVfwNsRkOcdWJm+g=>>>
=W7kX
>>> -----END PGP SIGNATURE-----
>>>
>>>
>>
> - -- Steffen Kaiser
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQEVAwUBVOxHeXz1H7kL/d9rAQLm6ggAg0Aqx0d6zWxvPf7jIJ+fG9omXlLGrnHU
> DoqcLFR+PslKJcB6jsGNNzwrN2Xlfqh2ZljreOEyvgYZmD0G0U6z+WI1siGTu/Li
> Qx8qcHUbKv/fLSuwx5uV0QL4RtgHNX69/DABtHiffd4ecAeuiTL2Vgdxu5DLzgZE
> zm1ZPpdrqEFDLb28qu0jxWvfhZT8tVJ+4NH2zvgxEIZ0/O7xozIBCcp/BwRiy/JH
> iGK+J039UfBX03qGTpezEiL8AWIwnouVMx+f0Xh9R+Fah7scG2iF3AEcgpFsoLpS
> d9b/cMgKufK6qtxQvb4IIahZuxt15EBRLdYLqW7L1QaLNwVZYtK0fw=> =pJnh
> -----END PGP SIGNATURE-----
>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 24 Feb 2015, David Scheele wrote:
>
> *ldapsearch -x cn=admin* gives me:
>
> | # A bunch of information not really interesting
> | # search result
> | search: 2
> | result: 32 No such object
> |
> | numResponses: 1
>
> *ldapsearch -x cn=admin* gives the same.
> Did i configure the ldap wrong?

ldapsearch -x -h localhost cn=admin ?
>
> 2015-02-24 10:42 GMT+01:00 Steffen Kaiser <skdovecot at
smail.inf.fh-brs.de>:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> On Tue, 24 Feb 2015, David Scheele wrote:
>>
>>
>>> The ldap-utils were already installed.
>>> I did the ldapsearch you gave me, but after inputting my admin
password it
>>> gives me
>>> *ldap_bind: Invalid credentials (49)*
>>> I logged into the ldap server with my admin credentials (which
worked
>>> fine)
>>> and changed my password to '12345', Trying that, still
*Invalid
>>> credentials*
>>> .
>>>
>>
>> Oh forgot:
>>
>> ldapsearch -x  ..
>>
>> Also try:
>>
>> ldapsearch -x cn=admin
>>
>>
>> to get the full DN of the admin
>>
>>
>>  1.) I tried that already. The error switches to syntax error then.
>>> 2.) Not really. An upper case letter and a number + various
lowercase
>>> letters. Not very exotic.
>>>
>>> Is the pass_filter neccessary? I just wanted to make the
installation as
>>> basic as possible, to not get any unwanted errors.
>>>
>>> Best,
>>> David
>>>
>>> 2015-02-24 10:02 GMT+01:00 Steffen Kaiser <skdovecot at
smail.inf.fh-brs.de
>>>> :
>>>
>>>  -----BEGIN PGP SIGNED MESSAGE-----
>>>> Hash: SHA1
>>>>
>>>> On Tue, 24 Feb 2015, David Scheele wrote:
>>>>
>>>>  2015-02-24 8:05 GMT+01:00 Steffen Kaiser <skdovecot at
smail.inf.fh-brs.de
>>>>>> :
>>>>>
>>>>>  On Mon, 23 Feb 2015, David Scheele wrote:
>>>>>>
>>>>>>  So, I set up the Server, installed and configured
postfix, ldap and
>>>>>>
>>>>>>  dovecot
>>>>>>> (in that order) and now simply try to log into the
mail account with a
>>>>>>> used
>>>>>>> from the LDAP over telnet.
>>>>>>>
>>>>>>> The test looks like this:
>>>>>>>
>>>>>>> *|> telnet localhost 143*
>>>>>>> *| a bunch of stuff ending with:*
>>>>>>> *| OK [**] Dovecot ready.*
>>>>>>> *|> a login username userpassword*
>>>>>>> *| a NO [UNAVAILABLE] Temporary authentication
failure. [host and date
>>>>>>> here]*
>>>>>>>
>>>>>>> In the logs it says
>>>>>>>
>>>>>>> *|[date] mailserver dovecot: auth: Error: LDAP:
binding failed (dn
>>>>>>> cn=admin): Invalid credentials*
>>>>>>>
>>>>>>> But I KNOW the admin password I entered into the
dovecot-lda.conf.ext
>>>>>>> is
>>>>>>> correct as I use it to log into the LDAP directory
over jxplorer
>>>>>>>
>>>>>>> I also know the password for the user i try to log
in with is correct
>>>>>>> as i
>>>>>>> set it myself over and over just to be sure there
are no typos.
>>>>>>> I'm at a loss, I've been at this end for a
few days now and can't find
>>>>>>> good
>>>>>>> tutorials online because its either always an old
dovecot, postfix,
>>>>>>> ldap
>>>>>>> or
>>>>>>> debian version and somewhere in the middle it just
stops because some
>>>>>>> file
>>>>>>> is completely missing. I get the impression I'm
just not able-brained
>>>>>>> for
>>>>>>> linux useage.
>>>>>>>
>>>>>>> Anyway, here are a few more informations about the
system:
>>>>>>>
>>>>>>> *Dovecot version 2.1.7*
>>>>>>>
>>>>>>> Output of grep -v '^ *\(#.*\)\?$'
dovecot-ldap.conf.ext:
>>>>>>> *hosts = localhost*
>>>>>>> *dn = cn=admin*
>>>>>>> *dnpass = [password]*
>>>>>>>
>>>>>>>
>>>>>>  install the ldap-utils package - that one containing
ldapsearch - and
>>>> execute:
>>>>
>>>> ldapsearch -W -D cn=admin -b 'dc=[domainname],dc=de' \
>>>>
'(&(objectClass=posixAccount)(uid=<<uid>>))'
>>>>
>>>> then enter your password.
>>>>
>>>> 1) I suppose, cn=admin is missing a domain name, e.g.
>>>> dc=[domainname],dc=de .
>>>>
>>>> 2) does your dnpass contain "funny" characters?
>>>>
>>>>  *sasl_bind = no*
>>>>
>>>>> *tls = no*
>>>>>>> *auth_bind = yes*
>>>>>>> *ldap_version = 3*
>>>>>>> *base = dc=[domainname],dc=de*
>>>>>>> *user_attrs = uidNumber=uid,gidNumber=gid*
>>>>>>> *user_filter =
(&(objectClass=posixAccount)(uid=%u))*
>>>>>>> *pass_attrs = uid=user,userPassword=password*
>>>>>>>
>>>>>>>
>>>>>>  BTW: You do not habe no pass_filter or I deleted it
last time.
>>>>
>>>>
>>>>
>>>>  Output of dovecot -n:
>>>>>>>
>>>>>>> *disable_plaintest_auth = no*
>>>>>>> *mail_location = mbox:~/mail:INBOX=/var/mail/%u*
>>>>>>> *[namespace config here]*
>>>>>>>
>>>>>>> *passdb {*
>>>>>>> *args = /etc/dovecot/dovecot-ldap.conf.ext*
>>>>>>>
>>>>>>>                         ^^^^^^^^^^^^^^^^^^^^
>>>>>>>
>>>>>>
>>>>>> filename mismatch
>>>>>>
>>>>>>  *driver = ldap*
>>>>>>
>>>>>>  *}*
>>>>>>> *plugin {*
>>>>>>> *sieve = ~/.dovecot.sieve*
>>>>>>> *sieve_dir = ~/sieve*
>>>>>>> *}*
>>>>>>>
>>>>>>> *protocols = " imap pop3"*
>>>>>>> *ssl_cert = </etc/dovecot/dovecot.pem*
>>>>>>> *ssl_key = </etc/dovecot/private/dovecot.pem*
>>>>>>> *userdb {*
>>>>>>> *args = /etc/dovecot/dovecot-ldap.conf.ext*
>>>>>>> *driver =ldap*
>>>>>>> *}*
>>>>>>> *protocol pop3 {*
>>>>>>> *pop3_client_workarounds = outlook-no-nuls
oe-ns-eoh*
>>>>>>> *pop3_uidl_format = %08Xu%08Xv*
>>>>>>> *}*
>>>>>>>
>>>>>>> Any help would be greatly apprechiated.... I'm
going crazy over here.
>>>>>>>
>>>>>>> Thanks in advance,
>>>>>>> David
>>>>>>>
>>>>>>>
>>>>>>>  - -- Steffen Kaiser
>>>>>>>
>>>>>> -----BEGIN PGP SIGNATURE-----
>>>>>> Version: GnuPG v1
>>>>>>
>>>>>>
iQEVAwUBVOwixXz1H7kL/d9rAQJxAgf/dNt0dBGANbIGvm6B0Oeuna/+uY5/7MR8
>>>>>>
9EpFwss94eu4PyFgAfOm2Al+IOT98LP1N9OHs3Za2r/2W7LKaesgjCa3vBfH9IjZ
>>>>>>
okUj7fsQXsTAM+UqtF+ne3f5Vp6Ng36Irabr5HLptlbIu3lq8ALMm/E/72TabVLl
>>>>>>
Lln7bB/YFftnrTlI2HheRLnAwSOMHu4rNE7G9zLqiPEipD5XsqgDBPpAM6PwPmbi
>>>>>>
k/irSUgq8h4b66LCzo6Ekv6lvKzWxQpzJo0MC99HT0syAP/qpyLbPARhQvDXCH7J
>>>>>>
wvf/T19EAt+OC4zzfIPgL2YxRP5ZN5efr82NLYdiMVfAcBaDHaFWTA=>>>>>>
=8upy
>>>>>> -----END PGP SIGNATURE-----
>>>>>>
>>>>>>
>>>>>>
>>>>>  - -- Steffen Kaiser
>>>> -----BEGIN PGP SIGNATURE-----
>>>> Version: GnuPG v1
>>>>
>>>>
iQEVAwUBVOw+O3z1H7kL/d9rAQIaZAf+MTnOlpm92TbjdWLCNp3THyjUHMaHDmHt
>>>>
/EuAXa7P0r16tuBHXNuWAohSzG80ZF6ALxg1EhtFkFdH/VtrnyqZ0L6imahcXbhe
>>>>
QnwMA1R4PK1+K7ckUisg8Pkv+3hXPrMyjvOyqMUwOTmlwG6PjHNaX7LxthDQNTu4
>>>>
0PjXVZ0IBGlBPTyra/9l81K5j/vw0qfvVF4ycWAFV7An/dqM3nYBnqkBTziqozNs
>>>>
wdhYWFQqApE/pGOe6TbFGeDEiE9PXVTue4G/H9VGe8GKu/ctlp0mtaRN7x84h5dO
>>>>
bqshRfVouSIOhK5jynJMH/T142URGKYGGaS7evCVfwNsRkOcdWJm+g=>>>> =W7kX
>>>> -----END PGP SIGNATURE-----
>>>>
>>>>
>>>
>> - -- Steffen Kaiser
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1
>>
>> iQEVAwUBVOxHeXz1H7kL/d9rAQLm6ggAg0Aqx0d6zWxvPf7jIJ+fG9omXlLGrnHU
>> DoqcLFR+PslKJcB6jsGNNzwrN2Xlfqh2ZljreOEyvgYZmD0G0U6z+WI1siGTu/Li
>> Qx8qcHUbKv/fLSuwx5uV0QL4RtgHNX69/DABtHiffd4ecAeuiTL2Vgdxu5DLzgZE
>> zm1ZPpdrqEFDLb28qu0jxWvfhZT8tVJ+4NH2zvgxEIZ0/O7xozIBCcp/BwRiy/JH
>> iGK+J039UfBX03qGTpezEiL8AWIwnouVMx+f0Xh9R+Fah7scG2iF3AEcgpFsoLpS
>> d9b/cMgKufK6qtxQvb4IIahZuxt15EBRLdYLqW7L1QaLNwVZYtK0fw=>> =pJnh
>> -----END PGP SIGNATURE-----
>>
>
- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEVAwUBVOxOCHz1H7kL/d9rAQIpnAgAg7AppZILrbrqcclRNKc1iZc299rPuRIm
ghf2Bmv+WF21u9qKtvwHmCYFYD4v+JgmPRS1X8e+jxEFocAYkA25qESDElvjJKfD
qq3CiLQ42VLcBxGQZ70WlyJXkQK5TUBMu9tF1YuhjuGwb4lF0KMOAiowSwt8xsut
JlsgxHfDbVYa8okQ5DwEydHSfqcwBBs3GLzJcQb2UYZRN6GIq71wFqFqQuAI8QRk
knzjGUqOYrvsrjdMcp+G+5eywk/Mum/rU5+xXU/0ReyjYtlMGf8iggOzWq8J98Wv
c4brY6BegnlAlXLQfmsJnZDZn06bsovdBji88xJPCjaxjur2m8PHtQ==RCw5
-----END PGP SIGNATURE-----

Ok I completed the dn as thus:
*dn = cn=admin,dc=luenenet,dc=de*
And now wehn i try* a login Username Password *over *telnet localhost 143* I
get
*a NO [AUTHENTICATIONFAILED] Authentication failed.*

I confirmed that the user password is correct.

by the way,* ldapsearch -x -D 'cn=admin,dc=[domainname],dc=de' -w 12345
-b
'dc=[**domainname**],dc=de' cn* gives me:

*| # [**domainname*
*].de*
*| dn: dc=[**domainname**],dc=de*

*| #admin, [**domainname*
*].de*
*| dn: cn=admin,dc=[**domainname*
*],dc=de*

*| cn: admin*

*| # [User Name], [**domainname*
*].de*
*| dn: cn=[User Name],dc=[**domainname*
*],dc=de*

*| cn: [User Name]*


*| #search result*

*| search: 2*

*| result: 0 Success*


*| # numResponses: 4*
*| # numEntries: 3*


















2015-02-24 10:51 GMT+01:00 David Scheele <david.scheele2 at
googlemail.com>:
> Hmm...
>
> *ldapsearch -x cn=admin* gives me:
>
> | # A bunch of information not really interesting
> | # search result
> | search: 2
> | result: 32 No such object
> |
> | numResponses: 1
>
> *ldapsearch -x cn=admin* gives the same.
> Did i configure the ldap wrong?
>
>
> 2015-02-24 10:42 GMT+01:00 Steffen Kaiser <skdovecot at
smail.inf.fh-brs.de>:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> On Tue, 24 Feb 2015, David Scheele wrote:
>>
>>
>>> The ldap-utils were already installed.
>>> I did the ldapsearch you gave me, but after inputting my admin
password
>>> it
>>> gives me
>>> *ldap_bind: Invalid credentials (49)*
>>> I logged into the ldap server with my admin credentials (which
worked
>>> fine)
>>> and changed my password to '12345', Trying that, still
*Invalid
>>> credentials*
>>> .
>>>
>>
>> Oh forgot:
>>
>> ldapsearch -x  ..
>>
>> Also try:
>>
>> ldapsearch -x cn=admin
>>
>>
>> to get the full DN of the admin
>>
>>
>>  1.) I tried that already. The error switches to syntax error then.
>>> 2.) Not really. An upper case letter and a number + various
lowercase
>>> letters. Not very exotic.
>>>
>>> Is the pass_filter neccessary? I just wanted to make the
installation as
>>> basic as possible, to not get any unwanted errors.
>>>
>>> Best,
>>> David
>>>
>>> 2015-02-24 10:02 GMT+01:00 Steffen Kaiser <skdovecot at
smail.inf.fh-brs.de
>>> >:
>>>
>>>  -----BEGIN PGP SIGNED MESSAGE-----
>>>> Hash: SHA1
>>>>
>>>> On Tue, 24 Feb 2015, David Scheele wrote:
>>>>
>>>>  2015-02-24 8:05 GMT+01:00 Steffen Kaiser <
>>>>> skdovecot at smail.inf.fh-brs.de>:
>>>>>
>>>>>  On Mon, 23 Feb 2015, David Scheele wrote:
>>>>>>
>>>>>>  So, I set up the Server, installed and configured
postfix, ldap and
>>>>>>
>>>>>>  dovecot
>>>>>>> (in that order) and now simply try to log into the
mail account with
>>>>>>> a
>>>>>>> used
>>>>>>> from the LDAP over telnet.
>>>>>>>
>>>>>>> The test looks like this:
>>>>>>>
>>>>>>> *|> telnet localhost 143*
>>>>>>> *| a bunch of stuff ending with:*
>>>>>>> *| OK [**] Dovecot ready.*
>>>>>>> *|> a login username userpassword*
>>>>>>> *| a NO [UNAVAILABLE] Temporary authentication
failure. [host and
>>>>>>> date
>>>>>>> here]*
>>>>>>>
>>>>>>> In the logs it says
>>>>>>>
>>>>>>> *|[date] mailserver dovecot: auth: Error: LDAP:
binding failed (dn
>>>>>>> cn=admin): Invalid credentials*
>>>>>>>
>>>>>>> But I KNOW the admin password I entered into the
>>>>>>> dovecot-lda.conf.ext is
>>>>>>> correct as I use it to log into the LDAP directory
over jxplorer
>>>>>>>
>>>>>>> I also know the password for the user i try to log
in with is correct
>>>>>>> as i
>>>>>>> set it myself over and over just to be sure there
are no typos.
>>>>>>> I'm at a loss, I've been at this end for a
few days now and can't
>>>>>>> find
>>>>>>> good
>>>>>>> tutorials online because its either always an old
dovecot, postfix,
>>>>>>> ldap
>>>>>>> or
>>>>>>> debian version and somewhere in the middle it just
stops because some
>>>>>>> file
>>>>>>> is completely missing. I get the impression I'm
just not able-brained
>>>>>>> for
>>>>>>> linux useage.
>>>>>>>
>>>>>>> Anyway, here are a few more informations about the
system:
>>>>>>>
>>>>>>> *Dovecot version 2.1.7*
>>>>>>>
>>>>>>> Output of grep -v '^ *\(#.*\)\?$'
dovecot-ldap.conf.ext:
>>>>>>> *hosts = localhost*
>>>>>>> *dn = cn=admin*
>>>>>>> *dnpass = [password]*
>>>>>>>
>>>>>>>
>>>>>>  install the ldap-utils package - that one containing
ldapsearch - and
>>>> execute:
>>>>
>>>> ldapsearch -W -D cn=admin -b 'dc=[domainname],dc=de' \
>>>>
'(&(objectClass=posixAccount)(uid=<<uid>>))'
>>>>
>>>> then enter your password.
>>>>
>>>> 1) I suppose, cn=admin is missing a domain name, e.g.
>>>> dc=[domainname],dc=de .
>>>>
>>>> 2) does your dnpass contain "funny" characters?
>>>>
>>>>  *sasl_bind = no*
>>>>
>>>>> *tls = no*
>>>>>>> *auth_bind = yes*
>>>>>>> *ldap_version = 3*
>>>>>>> *base = dc=[domainname],dc=de*
>>>>>>> *user_attrs = uidNumber=uid,gidNumber=gid*
>>>>>>> *user_filter =
(&(objectClass=posixAccount)(uid=%u))*
>>>>>>> *pass_attrs = uid=user,userPassword=password*
>>>>>>>
>>>>>>>
>>>>>>  BTW: You do not habe no pass_filter or I deleted it
last time.
>>>>
>>>>
>>>>
>>>>  Output of dovecot -n:
>>>>>>>
>>>>>>> *disable_plaintest_auth = no*
>>>>>>> *mail_location = mbox:~/mail:INBOX=/var/mail/%u*
>>>>>>> *[namespace config here]*
>>>>>>>
>>>>>>> *passdb {*
>>>>>>> *args = /etc/dovecot/dovecot-ldap.conf.ext*
>>>>>>>
>>>>>>>                         ^^^^^^^^^^^^^^^^^^^^
>>>>>>>
>>>>>>
>>>>>> filename mismatch
>>>>>>
>>>>>>  *driver = ldap*
>>>>>>
>>>>>>  *}*
>>>>>>> *plugin {*
>>>>>>> *sieve = ~/.dovecot.sieve*
>>>>>>> *sieve_dir = ~/sieve*
>>>>>>> *}*
>>>>>>>
>>>>>>> *protocols = " imap pop3"*
>>>>>>> *ssl_cert = </etc/dovecot/dovecot.pem*
>>>>>>> *ssl_key = </etc/dovecot/private/dovecot.pem*
>>>>>>> *userdb {*
>>>>>>> *args = /etc/dovecot/dovecot-ldap.conf.ext*
>>>>>>> *driver =ldap*
>>>>>>> *}*
>>>>>>> *protocol pop3 {*
>>>>>>> *pop3_client_workarounds = outlook-no-nuls
oe-ns-eoh*
>>>>>>> *pop3_uidl_format = %08Xu%08Xv*
>>>>>>> *}*
>>>>>>>
>>>>>>> Any help would be greatly apprechiated.... I'm
going crazy over here.
>>>>>>>
>>>>>>> Thanks in advance,
>>>>>>> David
>>>>>>>
>>>>>>>
>>>>>>>  - -- Steffen Kaiser
>>>>>>>
>>>>>> -----BEGIN PGP SIGNATURE-----
>>>>>> Version: GnuPG v1
>>>>>>
>>>>>>
iQEVAwUBVOwixXz1H7kL/d9rAQJxAgf/dNt0dBGANbIGvm6B0Oeuna/+uY5/7MR8
>>>>>>
9EpFwss94eu4PyFgAfOm2Al+IOT98LP1N9OHs3Za2r/2W7LKaesgjCa3vBfH9IjZ
>>>>>>
okUj7fsQXsTAM+UqtF+ne3f5Vp6Ng36Irabr5HLptlbIu3lq8ALMm/E/72TabVLl
>>>>>>
Lln7bB/YFftnrTlI2HheRLnAwSOMHu4rNE7G9zLqiPEipD5XsqgDBPpAM6PwPmbi
>>>>>>
k/irSUgq8h4b66LCzo6Ekv6lvKzWxQpzJo0MC99HT0syAP/qpyLbPARhQvDXCH7J
>>>>>>
wvf/T19EAt+OC4zzfIPgL2YxRP5ZN5efr82NLYdiMVfAcBaDHaFWTA=>>>>>>
=8upy
>>>>>> -----END PGP SIGNATURE-----
>>>>>>
>>>>>>
>>>>>>
>>>>>  - -- Steffen Kaiser
>>>> -----BEGIN PGP SIGNATURE-----
>>>> Version: GnuPG v1
>>>>
>>>>
iQEVAwUBVOw+O3z1H7kL/d9rAQIaZAf+MTnOlpm92TbjdWLCNp3THyjUHMaHDmHt
>>>>
/EuAXa7P0r16tuBHXNuWAohSzG80ZF6ALxg1EhtFkFdH/VtrnyqZ0L6imahcXbhe
>>>>
QnwMA1R4PK1+K7ckUisg8Pkv+3hXPrMyjvOyqMUwOTmlwG6PjHNaX7LxthDQNTu4
>>>>
0PjXVZ0IBGlBPTyra/9l81K5j/vw0qfvVF4ycWAFV7An/dqM3nYBnqkBTziqozNs
>>>>
wdhYWFQqApE/pGOe6TbFGeDEiE9PXVTue4G/H9VGe8GKu/ctlp0mtaRN7x84h5dO
>>>>
bqshRfVouSIOhK5jynJMH/T142URGKYGGaS7evCVfwNsRkOcdWJm+g=>>>> =W7kX
>>>> -----END PGP SIGNATURE-----
>>>>
>>>>
>>>
>> - -- Steffen Kaiser
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1
>>
>> iQEVAwUBVOxHeXz1H7kL/d9rAQLm6ggAg0Aqx0d6zWxvPf7jIJ+fG9omXlLGrnHU
>> DoqcLFR+PslKJcB6jsGNNzwrN2Xlfqh2ZljreOEyvgYZmD0G0U6z+WI1siGTu/Li
>> Qx8qcHUbKv/fLSuwx5uV0QL4RtgHNX69/DABtHiffd4ecAeuiTL2Vgdxu5DLzgZE
>> zm1ZPpdrqEFDLb28qu0jxWvfhZT8tVJ+4NH2zvgxEIZ0/O7xozIBCcp/BwRiy/JH
>> iGK+J039UfBX03qGTpezEiL8AWIwnouVMx+f0Xh9R+Fah7scG2iF3AEcgpFsoLpS
>> d9b/cMgKufK6qtxQvb4IIahZuxt15EBRLdYLqW7L1QaLNwVZYtK0fw=>> =pJnh
>> -----END PGP SIGNATURE-----
>>
>
>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 24 Feb 2015, David Scheele wrote:
> Ok I completed the dn as thus:
> *dn = cn=admin,dc=luenenet,dc=de*
> And now wehn i try* a login Username Password *over *telnet localhost 143*
I
> get
> *a NO [AUTHENTICATIONFAILED] Authentication failed.*
Did you've added pass_filter?

Has the LDAP item
> *| # [User Name], [**domainname*
> *].de*
> *| dn: cn=[User Name],dc=[**domainname*
> *],dc=de*
>
> *| cn: [User Name]*
the attributes

objectClass: posixAccount
uid: <what you've enterred as Login name>

?

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEVAwUBVOxTX3z1H7kL/d9rAQK0SQf/TgLwfpfzoEOOnZcUxVXiUdKPjmqsGyL3
tuyN2WzBPXB338lJfRdY8YVRRHqvn3Ff++LkpyM6sPXhIGqEjdln0T/75e3H4M+b
NV6lvmyw+J+5s3+m7BoEa3WMam9cmubCSrmpM8UdGMIcF2W4tgsNuRQG+cAofOIU
pG9yFi3RyKNUPxXJJKw1t8ZnSwDPVuEzL+CPMuFqT0QRoFPWHbEdrsyWRs5/EeUp
+hROn57AF40OtWpF+dIV/HHNzyAwmFqhmJS7AJcajvqtUS8q62xj0S81EvOXnN1f
9tRoDjkfYoaxT4eOMXtP37E9MZzdrcnK5zG5G8nANbgjo8uyVOeA/Q==WqJq
-----END PGP SIGNATURE-----

On Tuesday 24 February 2015 10:51:44 David Scheele
wrote:
> Hmm...
> 
> *ldapsearch -x cn=admin* gives me:
> | # A bunch of information not really interesting
> | # search result
> | search: 2
> | result: 32 No such object
> | 
> | numResponses: 1
> 
> *ldapsearch -x cn=admin* gives the same.
> Did i configure the ldap wrong?
Ldapsearch will search in the default container.
But probably the admin user is in different container, like cn=admin,cn=config 
so you can't find it with this search

Is there a good, foolproof dovecot-openldap tutorial that walks you through
the steps and works with the newest version of both softwares?
I'm giving up and starting anew.

2015-02-24 11:33 GMT+01:00 Mihai Badici <mihai at badici.ro>:
> On Tuesday 24 February 2015 10:51:44 David Scheele wrote:
> > Hmm...
> >
> > *ldapsearch -x cn=admin* gives me:
> > | # A bunch of information not really interesting
> > | # search result
> > | search: 2
> > | result: 32 No such object
> > |
> > | numResponses: 1
> >
> > *ldapsearch -x cn=admin* gives the same.
> > Did i configure the ldap wrong?
> Ldapsearch will search in the default container.
> But probably the admin user is in different container, like
> cn=admin,cn=config
> so you can't find it with this search
>