thr3ads.net - dovecot - Problem with LDAP-query (Active Directory) on filter by memberOf [Oct 2020]

If this information is useful, please help other people find it:
Share via:

Luca Bertoncello

2020-Oct-20 14:21 UTC

Problem with LDAP-query (Active Directory) on filter by memberOf

Hi list!

We have a Dovecot 2.3.4 (from Debian 10 repository) that should connect 
to our AD to authenticate the users.
It works, but now we would like to restrict using IMAP to all users in 
the Group "Funktion - E-Mail-Konto".

So I changed the query from:

(&(sAMAccountName=%n)(objectClass=user)(homeMDB=*))

to

(&(sAMAccountName=%n)(objectClass=user)(homeMDB=*)(memberOf=CN=Funktion 
- E-Mail-Konto,OU=Funktionen,OU=People,DC=ad,DC=company,DC=org))

The baseDN is DC=ad,DC=company,DC=org

With ldapsearch I can get all users and their attributes, but Dovecot 
fail with this error:

Oct 20 15:57:10 mailgw02 dovecot: auth: Error: 
ldap(testuser,80.187.107.28,<eLf0mhqyLwlQu2sc>): 
ldap_search(base=dc=ad,dc=company,dc=org 
filter=(&(samAccountName=testuser)(objectClass=user)(homeMDB=*)(memberOf=CN=Funktion
- E-Mail-Konto,OU=Funktionen,OU=People,DC=ad,DC=company,DC=org))) 
failed: Operations error

I didn't found any explanation for this error...
Can someone help me?

The user used for the connection is the same in Dovecot and ldapsearch.

Thanks a lot
Luca Bertoncello
(lucabert at lucabert.de)

Apparently Analagous Threads

Search for more reasonably related threads

dovecot - Oct 2020 - Problem with LDAP-query (Active Directory) on filter by memberOf

Problem with LDAP-query (Active Directory) on filter by memberOf

Apparently Analagous Threads

Wisdom of the Ancients