dovecot - Feb 2015 - Dovecot & LDAP Take #2: Authentication failed and logging

Hi there,

after banging my head against a wall for a bit I got more indepth with
dovecot and am now much more knowledgeable about the system than before.

But I still have two problems:

1.) For some reason my dovecot doesnt log correctly. I put debug_log to -1
and expected to see logs flooding in in my syslog. When I try to log in via
telnet over imap and the login succeeds it loggs correctly. But when it
fails there is no log entry. Any clue what might cause this?

And now the big fish:

2.) Still hanging to log a user in over telnet via imap. I'm pretty sure i
have misconfigured something. first of all:

2a.) Is the *passdb* and *userdb* ind the dovecot.conf still needed in the
newest version? It appears to me that all authing runs over the
*10-auth.conf*, *auth-ldap.conf.ext* and *dovecot-ldap.conf.ext *and the
passdb and userdb settings might just be remnants of the past? or am i
wrong here?

2b.) This is my config:

































*# 2.1.7: /etc/dovecot/dovecot.conf# OS: Linux 3.2.0-4-amd64 x86_64 Debian
7.8 ext4auth_mechanisms = plain logindefault_login_user
vmaildisable_plaintext_auth = nofirst_valid_gid = 2222first_valid_uid 2222listen
= *mail_access_groups = vmailmail_debug = yesmail_location
maildir:/var/vmail/%d/%npassdb {  args = scheme=SHA1 /etc/dovecot/passwd
driver = passwd-file}protocols = imapservice auth {  unix_listener
/var/spool/postfix/private/auth {    group = postfix    mode = 0660    user
= postfix  }  user = root}service imap-login {  process_min_avail = 1  user
= vmail}ssl = nouserdb {  args = uid=2222 gid=2222 home=/var/vmail/%d/%n
allow_all_users=yes  driver = static}*




*hosts = [
<http://mailserver.realsecure.de/>hostname].[domainname].dedebug_level
-1auth_bind = yesauth_bind_userdn = cn=%u,ou=People,dc=**[domainname]*







*,dc=debase = ou=People,dc=[domainname],dc=deuser_attrs uidNumber=uiduser_filter
= (&(objectClass=inetOrgPerson)(uid=%u))pass_attrs
= uid=user,userPassword=passwordpass_filter
(&(objectClass=inetOrgPerson)(uid=%u))iterate_attrs uid=useriterate_filter =
(objectClass=inetOrgPerson)*

The user I try to log in with is:

*cn=Klara Fall,ou=People,dc=[domainname],dc=de*
*objectclasses: inetOrgPerson, organizationalPerson, person,
simpleSecurityObject,top*
*sn=Fall*
*userPassword is set*
*mail: klara.fall@[domainname].de*
*uid: klarafall*

I want to try with auth bind because I think i understood whats going on
with that.

When i try to a login klarafall [password] it gives me
a NO [AUTHENTICATIONFAILED] Authentication failed.

Any clues? This would be much easier with logging... but see 1.) :)
I feel I'm not far from the finish line.

Best,
David

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 27 Feb 2015, David Scheele wrote:
> But I still have two problems:
>
> 1.) For some reason my dovecot doesnt log correctly. I put debug_log to -1
? http://wiki2.dovecot.org/Logging?highlight=%28debug_log%29
> and expected to see logs flooding in in my syslog. When I try to log in via
> telnet over imap and the login succeeds it loggs correctly. But when it
> fails there is no log entry. Any clue what might cause this?
>
> And now the big fish:
>
> 2.) Still hanging to log a user in over telnet via imap. I'm pretty
sure i
> have misconfigured something. first of all:
>
> 2a.) Is the *passdb* and *userdb* ind the dovecot.conf still needed in the
> newest version? It appears to me that all authing runs over the
> *10-auth.conf*, *auth-ldap.conf.ext* and *dovecot-ldap.conf.ext *and the
> passdb and userdb settings might just be remnants of the past? or am i
> wrong here?
Did you've consulted the Wiki?
http://wiki2.dovecot.org/Authentication

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEVAwUBVPCFjXz1H7kL/d9rAQLdVgf+MD2W8tx2DgsVy7vXQqcywaOWbGXPdW1o
psRQDaSWf8IlSOZOeYNC0k3AbGSPbb70pYibGDeFo5W8wIdsEyTizEmvZOmKRTnC
Bf6Q3hFPOQ9TUrcGVKwyA5lbR4UkMwLLOUcj1PvFwJ4d3iGx0Rqc4xMFPv79oXDq
H5fiXxDjlJlFcqdE4Z3XedzEUDmTjYihGCr+2Zsa/wKjrEM2PYZn+SZEsv+AZZgL
LcnH2eqVt6CaN44H12H9auvC2KLbVXAPCGHlwnmD1IXfXfK1IsDkH3yzsSPYxtQn
tv0Ps7mSig/8MJrP+17kl42q0P7YsMYFqzlSUK9u/Dkwx7NoMeZd4Q==o5Xt
-----END PGP SIGNATURE-----

Thanks for the reply. I did indeed consult the wiki. But most of the time
it seems some information is old and/or more confusing then helping.
But I'll take another look.

2015-02-27 15:56 GMT+01:00 Steffen Kaiser <skdovecot at
smail.inf.fh-brs.de>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Fri, 27 Feb 2015, David Scheele wrote:
>
>> But I still have two problems:
>>
>> 1.) For some reason my dovecot doesnt log correctly. I put debug_log to
-1
>>
>
> ? http://wiki2.dovecot.org/Logging?highlight=%28debug_log%29
>
>  and expected to see logs flooding in in my syslog. When I try to log in
>> via
>> telnet over imap and the login succeeds it loggs correctly. But when it
>> fails there is no log entry. Any clue what might cause this?
>>
>> And now the big fish:
>>
>> 2.) Still hanging to log a user in over telnet via imap. I'm pretty
sure i
>> have misconfigured something. first of all:
>>
>> 2a.) Is the *passdb* and *userdb* ind the dovecot.conf still needed in
the
>> newest version? It appears to me that all authing runs over the
>> *10-auth.conf*, *auth-ldap.conf.ext* and *dovecot-ldap.conf.ext *and
the
>> passdb and userdb settings might just be remnants of the past? or am i
>> wrong here?
>>
>
> Did you've consulted the Wiki?
> http://wiki2.dovecot.org/Authentication
>
> - -- Steffen Kaiser
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQEVAwUBVPCFjXz1H7kL/d9rAQLdVgf+MD2W8tx2DgsVy7vXQqcywaOWbGXPdW1o
> psRQDaSWf8IlSOZOeYNC0k3AbGSPbb70pYibGDeFo5W8wIdsEyTizEmvZOmKRTnC
> Bf6Q3hFPOQ9TUrcGVKwyA5lbR4UkMwLLOUcj1PvFwJ4d3iGx0Rqc4xMFPv79oXDq
> H5fiXxDjlJlFcqdE4Z3XedzEUDmTjYihGCr+2Zsa/wKjrEM2PYZn+SZEsv+AZZgL
> LcnH2eqVt6CaN44H12H9auvC2KLbVXAPCGHlwnmD1IXfXfK1IsDkH3yzsSPYxtQn
> tv0Ps7mSig/8MJrP+17kl42q0P7YsMYFqzlSUK9u/Dkwx7NoMeZd4Q=> =o5Xt
> -----END PGP SIGNATURE-----
>