search for: sasl_bind

...nfigured and need another set of eyes to look at it (of course dovecot.conf should also be correct, but one thing at a time). Here's my dovecot-ldap.conf file: hosts = 192.168.0.240 #uris = dn = cn=<BINDUSER>,ou=IT,ou=Central Office,dc=<DOMAIN>,dc=local dnpass = <>PASSWORD #sasl_bind = no #sasl_mech = #sasl_realm = #sasl_authz_id = auth_bind = yes #auth_bind_userdn = ldap_version = 3 base = dc=<DOMAIN>, dc=local deref = never scope = subtree #user_filter = (&(objectClass=posixAccount)(uid=%u)) #pass_attrs = uid=user,userPassword=password #pass_attrs = uid=user,userPas...

...e is completely missing. I get the impression I'm just not able-brained for linux useage. Anyway, here are a few more informations about the system: *Dovecot version 2.1.7* Output of grep -v '^ *\(#.*\)\?$' dovecot-sql.conf: *hosts = localhost* *dn = cn=admin* *dnpass = [password]* *sasl_bind = no* *tls = no* *auth_bind = yes* *ldap_version = 3* *base = dc=[domainname],dc=de* *user_attrs = uidNumber=uid,gidNumber=gid* *user_filter = (&(objectClass=posixAccount)(uid=%u))* *pass_attrs = uid=user,userPassword=password* Output of dovecot -n: *disable_plaintest_auth = no* *mail_locatio...

...d=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured, session=<uPLvabC0RIh/AAAB> Here is my doveconf -n: https://paste.ubuntu.com/p/SPmrxZxHPx/ My dovecot-ldap.cont.ext: uris = ldap://localhost/ dn = "dovecot at newideatest.local" dnpass = "XXXXXXXX" sasl_bind = no tls = no ldap_version = 3 deref = never scope = subtree base = cn=Users,dc=NEWIDEATEST,dc=LOCAL auth_bind = yes user_filter = (&(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(|(mail=%u)(sAMAccountName=%u)(otherMailbox=%u))) user_at...

...ailable (default cache: FILE:/tmp/dovecot.krb5.ccache)) I have set the import_environment in dovecot.conf: import_environment = TZ CORE_OUTOFMEM CORE_ERROR LISTEN_PID LISTEN_FDS KRB5CCNAME=FILE:/tmp/dovecot.krb5.ccache And these in LDAP configuration: dn = imap/host.example.com at EXAMPLE.COM sasl_bind = yes sasl_mech = gssapi sasl_realm = EXAMPLE.COM sasl_authz_id = imap/host.example.com at EXAMPLE.COM I have tried with different values in dn and sasl_authz_id and also leaving them out completely but I always end up with the error message above. Using simple bind without GSSAPI works just fin...

...rocess initialization is supposed to take less than a second always. If something like LDAP initialization is taking minutes, this waiting should be done after the process initialization has finished. > > I thought the LDAP initialization code was asynchronous though, unless you're using sasl_bind=yes or tls=yes? http://hg.dovecot.org/dovecot-2.2/rev/0a17875f0ece should help with this. I did a bunch of other cleanup commits also, which are more or less required to avoid invalid errors from rapidly recreating auth processes that just die immediately.

...em I have been having. Samba 4 has recently changed to require binds. I need LDAP to verify users exist. I am using Kerberos (GSSAPI) as the passdb. Samba can handle GSSAPI/Kerberos SASL binds. I have the following in my dovecot-ldap setup for userdb: dn = smtp/mailhost.example.org at EXAMPLE.ORG sasl_bind = yes sasl_mech = GSSAPI sasl_realm = EXAMPLE.ORG sasl_authz_id = smtp/mailhost.example.org at EXAMPLE.ORG Which gives me the following error. Debug: ldap(trever): user search: base=dc=example,dc=org scope=subtree filter=(&(objectClass=person)(|(mail=trever)(sAMAccountName=trever)(userPrinci...

...edirected to different servers at the same time. - pop3: Avoid assert-crash if client disconnects during LIST. - mdbox: Corrupted index header still wasn't automatically fixed. - dsync: Various fixes to work better with imapc and pop3c storages. - ldap: sasl_bind=yes caused crashes, because Dovecot's lib-sasl symbols conflicted with Cyrus SASL library. - imap: Various error handling fixes to CATENATE. (Found using Apple's stress test script.)

...edirected to different servers at the same time. - pop3: Avoid assert-crash if client disconnects during LIST. - mdbox: Corrupted index header still wasn't automatically fixed. - dsync: Various fixes to work better with imapc and pop3c storages. - ldap: sasl_bind=yes caused crashes, because Dovecot's lib-sasl symbols conflicted with Cyrus SASL library. - imap: Various error handling fixes to CATENATE. (Found using Apple's stress test script.)

...args = /etc/dovecot-ldap.pass } userdb passwd { } user = root user = root socket listen { client { path = /var/spool/postfix/private/auth mode = 0660 user = postfix group = postfix } } } dict { } plugin { } /etc/dovecot-ldap.conf hosts = 127.0.0.1:389 sasl_bind = no auth_bind = yes auth_bind = no ldap_version = 3 deref = never dn = cn=sogo,dc=ameliaschools,dc=com dnpass=password base = dc=ameliaschools,dc=com scope = subtree pass_attrs = uid=user, userPassword=password pass_filter = (uid=%u)

...? args = /etc/dovecot/passdb-dovecot-ldap.conf.ext } userdb { ? driver = ldap ? args = /etc/dovecot/userdb-dovecot-ldap.conf.ext } passdb-dovecot-ldap.conf.ext: ===================================== uris = ldap://ldap.example.com dn = uid=mailapp,ou=People,dc=example,dc=com dnpass = xxxxxxxxxx sasl_bind = no tls = no auth_bind = yes ldap_version = 3 base = dc=example,dc=com deref = never scope = subtree pass_attrs = uid=user pass_filter = (uid=%n) userdb-dovecot-ldap.conf.ext: ==================================== uris = ldap://ldap.example.com dn = uid=mailapp,ou=People,dc=example,dc=com dnpas...

> On 15/08/2019 00:34 Eugene via dovecot <dovecot at dovecot.org> wrote: > > > The next combination of parameters makes 100% LDAP connections unsuccessful (the log snippet form the previous mail). > sasl_bind = yes > sasl_mech = gssapi > tls = yes > > Looks like this combination is utterly incorrect and should be prohibited (tls must not be used when mech is gssapi). > https://lists.fedorahosted.org/archives/list/sssd-users at lists.fedorahosted.org/message/G7S2TOFDCM62ZUHIBWYVZIEVYXO3KY...

Hi list, we had a lot of trouble with our Dovecot Replicating-Cluster installation authenticating against LDAP Service. We ran in a timeout and what happened was that we got more and more search requests running against on our ldap server. And on the dovecot site the process got killed after a couple of seconds. So we ran into a race condition and our LDAP Server was under heavy load. We got a

...e import_environment in dovecot.conf: >> >> import_environment = TZ CORE_OUTOFMEM CORE_ERROR LISTEN_PID LISTEN_FDS >> KRB5CCNAME=FILE:/tmp/dovecot.krb5.ccache >> >> And these in LDAP configuration: >> >> dn = imap/host.example.com at EXAMPLE.COM >> sasl_bind = yes >> sasl_mech = gssapi >> sasl_realm = EXAMPLE.COM >> sasl_authz_id = imap/host.example.com at EXAMPLE.COM >> >> I have tried with different values in dn and sasl_authz_id and also >> leaving them out completely but I always end up with the error message &g...

...o keep the list in order. Hi, I'm using dovecot 1.0.5-1 (debian stable) and I'm trying to build a virtual host machine with ldap. In my dovecot-ldap.conf thats what I have: uris = ldap://<ldapserver>/ dn = cn=Manager, dc=domain, dc=com, dc=br dnpass = <ultra secret passwd> sasl_bind = no tls = no ldap_version = 3 base = ou=Users, dc=domain, dc=com, dc=br deref = never scope = subtree user_attrs = homeDirectory=homeDirectory user_filter = (&(mail=%u)) pass_attrs = mail=user,userPassword=password pass_filter = (&(mail=%u)) default_pass_scheme = CRYPT user_global_uid = 10...

...t; <aki.tuomi at open-xchange.com> wrote: > > On 15/08/2019 00:34 Eugene via dovecot <dovecot at dovecot.org> > wrote: The next combination of parameters makes 100% LDAP > connections unsuccessful (the log snippet form the previous > mail). sasl_bind = yes sasl_mech = gssapi tls = yes Looks like > this combination is utterly incorrect and should be prohibited > (tls must not be used when mech is gssapi). > https://lists.fedorahosted.org/archives/list/sssd-users at lists.fedorahosted.org/message/G7S2TOFDCM62ZUHIB...

...em: >> >> *Dovecot version 2.1.7* >> >> Output of grep -v '^ *\(#.*\)\?$' dovecot-sql.conf: >> > ^^^^^^^^^^^^^^^^ > >> >> *hosts = localhost* >> *dn = cn=admin* >> *dnpass = [password]* >> *sasl_bind = no* >> *tls = no* >> *auth_bind = yes* >> *ldap_version = 3* >> *base = dc=[domainname],dc=de* >> *user_attrs = uidNumber=uid,gidNumber=gid* >> *user_filter = (&(objectClass=posixAccount)(uid=%u))* >> *pass_attrs = uid=user,userPassword=password* >...

..." quota sieve" } protocol imap { mail_plugins = " quota imap_quota" } # Working LDAP configuration # /etc/dovecot/dovecot-ldap.conf.ext uris = ldap://he01-auth-01.greenhills-it.co.uk dn = uid=dovecot,ou=people,ou=SRV_Accounts,dc=greenhills-it,dc=co,dc=uk dnpass = VerySecret sasl_bind = no auth_bind = yes ldap_version = 3 base = dc=greenhills-it,dc=co,dc=uk scope = subtree user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid,gosaMailQuota=quota_rule=*:storage=%$M user_filter = (|(uid=%u)(mail=%u)(gosaMailAlternateAddress=%u)) pass_attrs = uid=user,userPassword=password p...

...=<uPLvabC0RIh/AAAB> > > > Here is my doveconf -n: > > https://paste.ubuntu.com/p/SPmrxZxHPx/ > > My dovecot-ldap.cont.ext: > > uris = ldap://localhost/ > dn = "dovecot at newideatest.local" > dnpass = "XXXXXXXX" > sasl_bind = no > tls = no > ldap_version = 3 > deref = never > scope = subtree > base = cn=Users,dc=NEWIDEATEST,dc=LOCAL > auth_bind = yes > user_filter = > (&(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(|(mail=%u)(sAMAc...

...type: listen client: path: /var/run/dovecot/auth-client mode: 432 master: path: /var/run/dovecot/auth-master mode: 384 user: vmail # grep -v '^ *\(#.*\)\?$' dovecot-ldap.conf uris = ldap://www-example1:389 dn = uid=xxxx,dc=example,dc=com dnpass = xxxx sasl_bind = no tls = no auth_bind = no ldap_version = 3 base = dc=example, dc=com user_attrs = homeDirectory=home=/usr/home/vmail/%L $,mailMessageStore=mail=maildir:/usr/home/vmail/%L$,=uid=999,=gid=999 user_filter = (&(objectClass=qmailUser)(uid=%n)) pass_attrs = mail=user,userPassword=password pass_fil...

Hello! Dovecot uses it's own SASL implementation, doesn't it? Aug 14 23:45:23 example.com auth[10428]: GSSAPI client step 1 Aug 14 23:45:23 example.com auth[10428]: encoded packet size too big (813804546 > 65536) Aug 14 23:45:23 example.com dovecot[10085]: auth-worker(10428): Error: LDAP: Can't connect to server: ldap://ipa2.example.com Aug 14 23:45:23 example.com