1

Topic: iRedMail and MS AD

I'm trying to use iRedMail with Active Directory for authentication. I have followed the instructions from the wiki but I have a problem with dovecot. When I try to verify ldap query with AD in dovecot it fails and in log I get
auth(default): Error: LDAP: binding failed (dn vmail): Invalid credentials, 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece
All previous tests mentioned in the guide succeeded without any errors. Thank you in advance for any help.

Also, if needed, here is my dovecot-ldap.conf:

hosts           = 192.168.0.6:389
ldap_version    = 3
auth_bind       = yes
dn              = vmail
dnpass          = password
base            = cn=Users,dc=mydomain,dc=com
scope           = subtree
deref           = never
user_filter     = (&(userPrincipalName=%u)(objectClass=person)(!(userAccountControl=514)))
pass_filter     = (&(userPrincipalName=%u)(objectClass=person)(!(userAccountControl=514)))
pass_attrs      = userPassword=password
default_pass_scheme = CRYPT
user_attrs      = =home=/var/vmail/vmail1/%Ld/%Ln/Maildir/,=mail=maildir:/var/vmail/vmail1/%Ld/%Ln/Maildir/

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: iRedMail and MS AD

stocton12 wrote:

auth(default): Error: LDAP: binding failed (dn vmail): Invalid credentials, 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece

"Invalid credentials" means your bind dn or password is wrong. Please help check them again.

3

Re: iRedMail and MS AD

I have found that too, googling for ldap errors. I have also changed the password. But although the username and password are working when I try the "ldapsearch" command, they do not work with dovecot.

4

Re: iRedMail and MS AD

Did you try to use full ldap dn of 'vmail' account?

5

Re: iRedMail and MS AD

Found it! Found it! It was right in front of me but I could not see it.

Warning: Configuration file /etc/dovecot/dovecot-ldap.conf line 14: Ambiguous '#' character in line, treating it as comment.

Both passwords had # in them. Tried a password without # and ofcourse it worked.

6

Re: iRedMail and MS AD

Glad to hear that. ENJOY big_smile

7

Re: iRedMail and MS AD

I updated wiki tutorial below, hope others won't meet same issue:
http://iredmail.org/wiki/index.php?titl … LDAP_query

Thanks for your feedback.