search for: sasl_authz_id

...have set the import_environment in dovecot.conf: import_environment = TZ CORE_OUTOFMEM CORE_ERROR LISTEN_PID LISTEN_FDS KRB5CCNAME=FILE:/tmp/dovecot.krb5.ccache And these in LDAP configuration: dn = imap/host.example.com at EXAMPLE.COM sasl_bind = yes sasl_mech = gssapi sasl_realm = EXAMPLE.COM sasl_authz_id = imap/host.example.com at EXAMPLE.COM I have tried with different values in dn and sasl_authz_id and also leaving them out completely but I always end up with the error message above. Using simple bind without GSSAPI works just fine. The credentials cache file exists and is valid for the princ...

...UTOFMEM CORE_ERROR LISTEN_PID LISTEN_FDS >> KRB5CCNAME=FILE:/tmp/dovecot.krb5.ccache >> >> And these in LDAP configuration: >> >> dn = imap/host.example.com at EXAMPLE.COM >> sasl_bind = yes >> sasl_mech = gssapi >> sasl_realm = EXAMPLE.COM >> sasl_authz_id = imap/host.example.com at EXAMPLE.COM >> >> I have tried with different values in dn and sasl_authz_id and also >> leaving them out completely but I always end up with the error message >> above. Using simple bind without GSSAPI works just fine. >> >> The cred...

...ok at it (of course dovecot.conf should also be correct, but one thing at a time). Here's my dovecot-ldap.conf file: hosts = 192.168.0.240 #uris = dn = cn=<BINDUSER>,ou=IT,ou=Central Office,dc=<DOMAIN>,dc=local dnpass = <>PASSWORD #sasl_bind = no #sasl_mech = #sasl_realm = #sasl_authz_id = auth_bind = yes #auth_bind_userdn = ldap_version = 3 base = dc=<DOMAIN>, dc=local deref = never scope = subtree #user_filter = (&(objectClass=posixAccount)(uid=%u)) #pass_attrs = uid=user,userPassword=password #pass_attrs = uid=user,userPassword=password,homeDirectory=userdb_home,uidNum...

...E:/tmp/dovecot.krb5.ccache >>>> >>>> And these in LDAP configuration: >>>> >>>> dn = imap/host.example.com at EXAMPLE.COM >>>> sasl_bind = yes >>>> sasl_mech = gssapi >>>> sasl_realm = EXAMPLE.COM >>>> sasl_authz_id = imap/host.example.com at EXAMPLE.COM >>>> >>>> I have tried with different values in dn and sasl_authz_id and also >>>> leaving them out completely but I always end up with the error >>>> message >>>> above. Using simple bind without G...

...re binds. I need LDAP to verify users exist. I am using Kerberos (GSSAPI) as the passdb. Samba can handle GSSAPI/Kerberos SASL binds. I have the following in my dovecot-ldap setup for userdb: dn = smtp/mailhost.example.org at EXAMPLE.ORG sasl_bind = yes sasl_mech = GSSAPI sasl_realm = EXAMPLE.ORG sasl_authz_id = smtp/mailhost.example.org at EXAMPLE.ORG Which gives me the following error. Debug: ldap(trever): user search: base=dc=example,dc=org scope=subtree filter=(&(objectClass=person)(|(mail=trever)(sAMAccountName=trever)(userPrincipalName=trever))) fields=userPrincipalName dovecot: auth: Error...

...;>>> And these in LDAP configuration: >>>>>> >>>>>> dn = imap/host.example.com at EXAMPLE.COM >>>>>> sasl_bind = yes >>>>>> sasl_mech = gssapi >>>>>> sasl_realm = EXAMPLE.COM >>>>>> sasl_authz_id = imap/host.example.com at EXAMPLE.COM >>>>>> >>>>>> I have tried with different values in dn and sasl_authz_id and >>>>>> also >>>>>> leaving them out completely but I always end up with the error >>>>>> me...

Hi! Running Dovecot 2.2.36 and authenticating against an OpenLDAP 2.4.45 server. Now since some update of dovecot it will not be able to authenticate your logins after a restart of the LDAP service is restarted without a reboot of the dovecot server. Anything new here that I should be aware of? Best Regards Dag

...userdb: driver: passwd socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: _postfix group: _postfix /etc/dovecot-ldap.conf hosts = xxx.xxx.xxx.xxx:389 #uris = #dn = #dnpass = #sasl_bind = no #sasl_mech = #sasl_realm = #sasl_authz_id = #tls = no auth_bind = yes auth_bind_userdn = cn=%u,cn=Users,dc=koelewijn,dc=bz #ldap_version = 2 base = dc=bz #deref = never #scope = subtree #user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid #user_filter = (&(objectClass=posixAccount)(uid=%u)) #pass_attrs = uid=user,userPassword=p...

...onf.d/auth-ldap.conf.ext # Space separated list of LDAP hosts to use. host:port is allowed too. #hosts = ldap.sv.hm #uris = ldaps://ldap.sv.hm:636/ uris = ldap://ldap.sv.hm:389/ dn = cn=dovecot,ou=bindusers,dc=smuy,dc=net dnpass = 1qaz2wsx #sasl_bind = no #sasl_mech = #sasl_realm = #sasl_authz_id = # Use TLS to connect to the LDAP server. tls = yes #tls = no tls_ca_cert_file = /etc/ssl/certs/ca/signing-ca.crt tls_ca_cert_dir = /etc/ssl/certs/ca #tls_cipher_suite = # TLS cert/key is used only if LDAP server requires a client certificate. #tls_cert_file = /etc/ssl/certs/mail.crt #...

...nd=yes don't work together. sasl_bind = yes # SASL mechanism name to use. sasl_mech = gssapi # SASL realm to use. sasl_realm = EXAMPLE.COM # SASL authorization ID, ie. the dnpass is for this "master user", but the # dn is still the logged in user. Normally you want to keep this empty. sasl_authz_id = imap/mx01.example.com at EXAMPLE.COM # Use TLS to connect to the LDAP server. #tls = yes # TLS options, currently supported only with OpenLDAP: tls_ca_cert_file = /etc/ipa/ca.crt #tls_ca_cert_dir = #tls_cipher_suite = # TLS cert/key is used only if LDAP server requires a client certificate. #tls...

...ds # and auth_bind=yes don't work together. #sasl_bind = no # SASL mechanism name to use. #sasl_mech = # SASL realm to use. #sasl_realm = # SASL authorization ID, ie. the dnpass is for this "master user", but the # dn is still the logged in user. Normally you want to keep this empty. #sasl_authz_id = # Use authentication binding for verifying password's validity. This works by # logging into LDAP server using the username and password given by client. # The pass_filter is used to find the DN for the user. Note that the pass_attrs # is still used, only the password field is ignored in it....

...l_bind = yes > # SASL mechanism name to use. > sasl_mech = gssapi > # SASL realm to use. > sasl_realm = EXAMPLE.COM > # SASL authorization ID, ie. the dnpass is for this "master user", but the > # dn is still the logged in user. Normally you want to keep this empty. > sasl_authz_id = imap/mx01.example.com at EXAMPLE.COM Dunno with SASL and Co. > # Use authentication binding for verifying password's validity. This works by > # logging into LDAP server using the username and password given by client. > # The pass_filter is used to find the DN for the user. Note t...

...ges): hosts = example.org base = dc=example,dc=org ldap_version = 3 user_attrs = userPrincipalName=user user_filter = (&(objectClass=person)(|(mail=%u)(sAMAccountName=%u)(userPrincipalName=%u))) *dn = MACHINEACCOUNT$@EXAMPLE.ORG *sasl_bind = yes *sasl_mech = GSSAPI *sasl_realm = EXAMPLE.ORG *#sasl_authz_id = MACHINEACCOUNT$@EXAMPE.ORG # For using doveadm -A: iterate_attrs = userPrincipalName=user iterate_filter = (objectClass=person) in dovecot.conf: import_environment = TZ KRB5CCNAME=/etc/dovecot/krb5.cc With that do any of the following lines from the referenced hg rev set mean I am missing anyth...

...9;t work together. #sasl_bind = no 1. SASL mechanism name to use. #sasl_mech = 1. SASL realm to use. #sasl_realm = 1. SASL authorization ID, ie. the dnpass is for this "master user", but the 2. dn is still the logged in user. Normally you want to keep this empty. #sasl_authz_id = 1. Use TLS to connect to the LDAP server. #tls = no 1. Use authentication binding for verifying password's validity. This works by 2. logging into LDAP server using the username and password given by client. 3. The pass_filter is used to find the DN for the user. No...

...nism name to use. > > sasl_mech = gssapi > > # SASL realm to use. > > sasl_realm = EXAMPLE.COM > > # SASL authorization ID, ie. the dnpass is for this "master user", but the > > # dn is still the logged in user. Normally you want to keep this empty. > > sasl_authz_id = imap/mx01.example.com at EXAMPLE.COM > > Dunno with SASL and Co. OK, OK this was a Test and I reverting this ;-). Now I have #sals_bind = yes This is my next Problem, to find out is this correct working on my system ;-). > > # Use authentication binding for verifying password'...

...ds # and auth_bind=yes don't work together. #sasl_bind = no # SASL mechanism name to use. #sasl_mech = # SASL realm to use. #sasl_realm = # SASL authorization ID, ie. the dnpass is for this "master user", but the # dn is still the logged in user. Normally you want to keep this empty. #sasl_authz_id = # Use TLS to connect to the LDAP server. tls = yes # TLS options, currently supported only with OpenLDAP: #tls_ca_cert_file =/etc/ssl/certs/ldap.crt tls_ca_cert_file =/etc/ssl/certs/ldap6_cacert.pem #tls_ca_cert_dir =/etc/ssl/certs/ #tls_cipher_suite = # TLS cert/key is used only if LDAP server...

...group: postfix master: path: /var/run/dovecot/auth-master mode: 384 dovecot-ldap.conf hosts = 192.168.0.240:3268 dn = cn=PostfixBind,ou=IT,ou=Central Office,ou=LMC,dc=smallmountain,dc=Local dnpass = y0urm0mma sasl_bind = yes #sasl_mech = GSSAPI #sasl_realm = smallmountain.local #sasl_authz_id = debug_level = -1 #auth_bind = yes ldap_version = 3 base = dc=smallmountain,dc=Local deref = never scope = subtree user_filter = (&(objectClass=person)(mail=%u)) pass_attrs = mail=user pass_filter = (&(objectClass=person)(sAMAccountName=%n)) dovecot.log Nov 01 09:09:48 dovecot: Warning:...