1

Topic: Problem setting up LDAP with Windows AD

==== Provide required information ====
- iRedMail version and backend (LDAP/MySQL/PGSQL):
- Linux/BSD distribution name and version:
- Any related log? Log is helpful for troubleshooting.
====
iRedMail 0.8.1 backend LDAP
Linux CentOS 6.2

When I try to search ldap with this command I receive this error. I have created the vmail user and I have trien the command with user Administrator from de Windows domain. The same result!
What is the problem?

ldapsearch -x -h  192.168.0.8 -D 'vmail' -W -b 'cn=users,dc=my,dc=domain'
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
        additional info: 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Problem setting up LDAP with Windows AD

Then please try to use the full ldap dn of vmail user instead.

3

Re: Problem setting up LDAP with Windows AD

Ok!
Next problem:

telnet localhost 143
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
. login mail@my.domain  password
. NO [UNAVAILABLE] Temporary authentication failure.

4

Re: Problem setting up LDAP with Windows AD

bobbo1981 wrote:

. NO [UNAVAILABLE] Temporary authentication failure.

Please check Dovecot log file (/var/log/dovecot.log) for more details. If there's no detailed log, please turn on debug mode in Dovecot first, then try again.

Reference: How to turn on debug mode in Dovecot:
http://www.iredmail.org/forum/topic453- … rules.html

5 (edited by bobbo1981 2012-06-16 13:26:06)

Re: Problem setting up LDAP with Windows AD

Ok! This is the log:

Jun 15 07:52:49 auth: Error: LDAP: binding failed (dn cn=vmail@my.domain): Invalid credentials, 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1

This is dovecot-ldap.conf :

hosts           = 192.168.0.8:389
ldap_version    = 3
auth_bind       = yes
dn              = cn=vmail@my.domain
dnpass          = mypassword
base            = cn=users,dc=my,dc=domain
scope           = subtree
deref           = never
user_filter     = (&(userPrincipalName=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
pass_filter     = (&(userPrincipalName=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
pass_attrs      = userPassword=password
default_pass_scheme = CRYPT
user_attrs      = =home=/var/vmail/vmail1/%Ln/%Ln/Maildir/,=mail=maildir:/var/vmail/vmail1/%Ln/%Ln/Maildir/



With this user and pass postfix it's working fine!

6

Re: Problem setting up LDAP with Windows AD

bobbo1981 wrote:

With this user and pass postfix it's working fine!

Glad to hear that. smile

7

Re: Problem setting up LDAP with Windows AD

Postfix it's working fine but Dovecot NOT! I have put there messeges from log!

So where is the problem?

8

Re: Problem setting up LDAP with Windows AD

Hi bobbo1981,

It's clear in the pasted log:

Error: LDAP: binding failed (dn cn=vmail@my.domain): Invalid credentials

That means either bind dn or password is incorrect. Try use 'vmail' in Dovecot, or full LDAP dn (cn=vmail@my.domain is NOT a FULL dn).

9

Re: Problem setting up LDAP with Windows AD

Problem solved!

I have a new question! Now I use Ldap Windows AD authentication! In this case can I change password from Roundcube?

10

Re: Problem setting up LDAP with Windows AD

bobbo1981 wrote:

Now I use Ldap Windows AD authentication! In this case can I change password from Roundcube?

I didn't test it before, you can try it yourself. smile

11

Re: Problem setting up LDAP with Windows AD

I tried but it's not working! Maibe someone have a solution!