search for: auth_bind

Hello, I wanted to configure dovecot for using auth_bind but didn't succeed to me it seems like it does always an anonymous bind. Dovecot version 2.1.1 (I started with 2.1.0 and hoped 2.1.1 would fix it) I tried to play around with the base, pass_attrs,pass_filter to no avail but didn't succeed. Looking at a wireshark trace i only saw 7 pack...

...er: 1000 uid: mmustermann userPassword:: e01ENX1ETUYxdWNEeHRxZ3h3NW5pYVhjbVlRPT0= loginShell: /bin/bash mail: mustorm at test.com Now, I use the following configuration for dovecot (/etc/dovecot/dovecot-ldap.conf.ext) hosts = 10.1.2.1 dn = cn=admin,dc=ht dnpass = a auth_bind = yes auth_bind_userdn = uid=%u,ou=people,dc=ht ldap_version = 3 scope = subtree base = ou=people,dc=ht user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid user_filter = (&(objectClass=posixAccount)(uid=%u)) pass_attrs = uid=user,userPassword=password pas...

Hi all, I have an AD testsetup with auth_bind setting auth_bind_userdn = "spdev\\%Ln" I created a testuser "claasc (test)" which works fine in all ldapfilters but not for the auth_bind. the log shows everything correct just "invalid credentials" mail.debug: Jun 9 14:12:31 dovecot: auth: Debug: auth client...

Hi all, I finally got a chance to try out the fix for the LDAP auth_bind=yes issues in production (using rc21). It seems to be working just fine even after 24 hours of severe abuse. Incidentally, I had switched to bsdauth+login_ldap (on OpenBSD) which was often OK, but occasionally I would see Postfix smtpd throttled with SASL errors due to "connection refuse...

Hi, Maybe I am missing something simple, but I can't get users authenticated using password lookups, as opposed to auth_bind. This is how the log looks like when using password lookup: dovecot: auth(default): new auth connection: pid=2449 dovecot: auth(default): client in: AUTH#0111#011PLAIN#011service=imap#011secured#011lip=127.0.0.1#011rip=127.0.0.1#011lport=143#011rport=43458#011resp=<hidden> dovecot: auth(defa...

Hi, this is my first post to the list, I'm not a member, please cc me directly. I'm converting from courier imap, and want to bring a special problem to your attention: I would like to use auth_bind and prefetch, b/c due to data security restriction the user information is only visible to the user himself. From http://wiki.dovecot.org/AuthDatabase/LDAP I found out that pass_attrs only works if no userdn template is set. But when unsetting userdn, dovecot-auth still tries to find the info...

...c replication but dovecot can't do user lookups. Is it possible to configure replication in such architecture? doveadm user '*' Returns only one local dovecot user. dovecot --version 2.2.10 My dovecot-ldap.conf look as follows: hosts = ad.domain.com:389 ldap_version = 3 auth_bind = yes dn = src_mail_ldap dnpass = somePass base = OU=users,DC=domain,DC=com scope = subtree deref = never user_filter = (&(userPrincipalName=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2))) pass_filter...

...er. My users are defined in this same ldap server. At this moment, for user authentication we use password lookups. My current configuration at both frontend and backend servers is attached. But now I need to change it to bind authentication, so the only change I've made is changing "auth_bind=no" to "auth_bind=yes". After this change, backend servers are working fine. Director servers are also working for POP and IMAP connections, but for LMTP they are returning: May 6 10:23:35 myotis40 dovecot: lmtp(48026): Error: user myuser at um.es: Auth PASS lookup failed Th...

...works OK. I attached two files produced by tcpdump -- one with "hung" search request, and another with successful one. They are: 1) ldap-hung.pcap.gz Captured with /etc/dovecot/dovecot-ldap.conf settings: hosts = domain007.com dn = saslauthd at domain007.com dnpass = "secret" auth_bind = yes base = dc=domain007, dc=com pass_filter = (&(objectClass=person)(sAMAccountName=%u)) Packet #8 is of interest in this dump. 2) ldap-ok.pcap.gz Captured with /etc/dovecot/dovecot-ldap.conf settings: hosts = domain007.com dn = saslauthd at domain007.com dnpass = "secret" auth_bi...

...vecot working! One little snag... My users login using their email address as username. Each domain has their own LDAP subtree. Each user has an entry in the ou=users subtree of the domain subtree, and has a mail: field (inetOrgPerson) listing their email address/login name. I am trying to use auth_bind: when I login with jackmc at lorentz.com, dovecot should search for mail=jackmc at lorentz.com in the onelevel below ou=users,dc=lorentz,dc=com and find me as "cn=Jack McKinney,ou=users,dc=lorentz,dc=com". I have created an entry in LDAP (varmail) that should be able to do this query. I...

...To clarify my problem, I am authenticating virtual users against Active Directory on Win2k3, where their login id is their email address. I am using an almost identical setup to Suranga's below, however my initial bind user doesn't have access to the userPassword attribute, so I am using: auth_bind = yes This is working fine when users enter their correct email address & password, or if the email address is not found, however if a valid email address is given but the password is incorrect, it seems to kill something in the ldap_auth code as all further connections get a temporary auth...

Red Hat Linux release 7.2 (Enigma) OpenLDAP 2.3.38 Dovecot 1.0.12 SHORT VERSION ----- ------- Here is my dovecot-ldap.conf: hosts = ldap.lrtz dn = cn=varmail,ou=users,dc=lorentz,dc=com dnpass = ********* ldap_version = 3 auth_bind = yes pass_filter = (&(objectClass=inetOrgPerson)(mail=%Lu)) base = ou=users, dc=%Dd scope = onelevel I have tested using the above information with ldapsearch, and it works fine. However, when dovecot tries to authenticate the user, the LDAP server receives the query and responds to it (acc...

Hello I'm trying to do an ldap proxy but it is not working, it just continues to access the user's mailbox. I was able to do a proxy with a user in a "passwd-file", but not ldap directory. Here is part my "args" file on the passdb ldap stanza: base = dc=example,dc=com auth_bind = yes pass_filter = (&(objectClass=BCMailAccount)(BCMailEnable=true)(BCMailDovecotEnable=true)(uid=%u)(BCMailDovecotProxyHost=*)) pass_attrs = uid=user,proxy,BCMailDovecotProxyHost=host I've turned on auth_verbose, debug, etc and still can't figure out why it wont proxy. Ive tried add...

...db { driver = ldap args = /etc/dovecot/dovecot-ldap-maildir.conf.ext } userdb { driver = ldap args = /etc/dovecot/dovecot-ldap-dbox.conf.ext } and then defined these 2 args files: maildir: hosts = localhost dn = CN=ldapadmin,OU=administrators,DC=plutone,DC=local dnpass = <password> auth_bind = yes ldap_version = 3 base = DC=plutone,DC=local user_attrs = sAMAccountName=home=/var/vmail/%$ dbox: hosts = localhost dn = CN=ldapadmin,OU=administrators,DC=plutone,DC=local dnpass = <password> auth_bind = yes ldap_version = 3 base = OU=dboxusers,OU=lowpriority,DC=plutone,DC=local user_a...

I'm trying to authenticate users using MS AD with auth_bind option. Here is my config file: # 1.0.15: /etc/dovecot/dovecot.conf log_timestamp: %Y-%m-%d %H:%M:%S protocols: imaps ssl_cert_file: /etc/dovecot/ssl/cert.pem ssl_key_file: /etc/dovecot/ssl/key.pem disable_plaintext_auth: no verbose_ssl: yes login_dir: /var/run/dovecot/login login_executable: /usr...

...enticated bind support for dovecot. A patch against CVS HEAD is attached. I have not tested it against all possible configurations one can use, but the basic operation seems to be right. As documented in the patch, it adds one new option to the dovecot-ldap.conf configuration file: # Set "auth_bind" to "yes" if you want to use "authenticated binds" # as a login validation mechanism. NOTE: the pass_attrs option # will (naturally) be ignored if you enable this auth_bind = yes Authenticated bind support is implemented asynchronously. This involves 2 asynchronous c...

...vecot-ldap.pass } userdb passwd { } user = root user = root socket listen { client { path = /var/spool/postfix/private/auth mode = 0660 user = postfix group = postfix } } } dict { } plugin { } /etc/dovecot-ldap.conf hosts = 127.0.0.1:389 sasl_bind = no auth_bind = yes auth_bind = no ldap_version = 3 deref = never dn = cn=sogo,dc=ameliaschools,dc=com dnpass=password base = dc=ameliaschools,dc=com scope = subtree pass_attrs = uid=user, userPassword=password pass_filter = (uid=%u)

I hate to bring up anything that might delay 1.0, but the behavior I'm seeing is rather... weird. I'm running rc31, using "userdb static" and "auth_bind=yes". With rc1 (what I had been running) I would occasionally get some "deferring operation" complaints from LDAP, but very rarely. Every now and then it would start to throw "deferring operation: pending operations" and stop authenticating. Digging through the Changelog...

Hello Timo, I just tried the master user feature with a very simple setup (Dovecot v2.2.15) : !include auth-master.conf.ext -> passwd-file passdb !include auth-ldap.conf.ext -> ldap passdb (userdb prefetched) without auth_bind=yes without pass=yes I get this userdb lookup error : dovecot: auth: passwd-file(masteruser,157.99.64.42,master,<4Pgesh0OygCdY0Aq>): Master user logging in as normaluser dovecot: auth: Error: prefetch(normaluser,157.99.64.42,<4Pgesh0OygCdY0Aq>): userdb lookup not possible with only us...

Hi Karsten, > You should be able to add multiple userPassword attributes to your directory: > > userPassword: {CRAM-MD5}xxx > userPassword: {DIGEST-MD5}xxxx > userPassword: {SCRAM-SHA-1}xxxx > userPassword: {NTLM}xxxx > > > Karsten Did try this, didn't end end well. Jun 14 12:59:43 auth: Error: ldap(leonkyneur at itest.com,192.168.99.3,<SQn6QD41TpvLhgGR>):