Luca Bertoncello
2020-Oct-20 14:21 UTC
Problem with LDAP-query (Active Directory) on filter by memberOf
Hi list! We have a Dovecot 2.3.4 (from Debian 10 repository) that should connect to our AD to authenticate the users. It works, but now we would like to restrict using IMAP to all users in the Group "Funktion - E-Mail-Konto". So I changed the query from: (&(sAMAccountName=%n)(objectClass=user)(homeMDB=*)) to (&(sAMAccountName=%n)(objectClass=user)(homeMDB=*)(memberOf=CN=Funktion - E-Mail-Konto,OU=Funktionen,OU=People,DC=ad,DC=company,DC=org)) The baseDN is DC=ad,DC=company,DC=org With ldapsearch I can get all users and their attributes, but Dovecot fail with this error: Oct 20 15:57:10 mailgw02 dovecot: auth: Error: ldap(testuser,80.187.107.28,<eLf0mhqyLwlQu2sc>): ldap_search(base=dc=ad,dc=company,dc=org filter=(&(samAccountName=testuser)(objectClass=user)(homeMDB=*)(memberOf=CN=Funktion - E-Mail-Konto,OU=Funktionen,OU=People,DC=ad,DC=company,DC=org))) failed: Operations error I didn't found any explanation for this error... Can someone help me? The user used for the connection is the same in Dovecot and ldapsearch. Thanks a lot Luca Bertoncello (lucabert at lucabert.de)