Dec 29, 2023: iRedMail-1.6.8 has been released.

**varchar** · 2011-10-14 17:58:23

varchar
Member
Offline

Registered: 2011-10-13
Posts: 15

Topic: dovecot-ldap + ADS

==== Provide basic information to help troubleshoot ====
- iRedMail version: 0.7.3
- Linux/BSD distribution name and version: CentOS 6.0 2.6.32-71.29.1.el6.x86_64
- Any related log? Log is helpful for troubleshooting.
====
Hello.
I cannot login to dovecot in telnet with next message:
* OK Waiting for authentication process to respond..
* BYE Disconnected for inactivity.

I have next configuration:
1. Windows domain: win-domain.tld
2. Postfix virtual domain: domain2.tld ( this domain name use in mail address in AD)
3. Configs:
- main.cf:
smtpd_sasl_local_domain = domain2.tld
virtual_mailbox_domains = domain2.tld
transport_maps = hash:/etc/postfix/transport
# AD query
smtpd_sender_login_maps = proxy:ldap:/etc/postfix/ad_sender_login_maps.cf
virtual_mailbox_maps = proxy:ldap:/etc/postfix/ad_virtual_mailbox_maps.cf
virtual_alias_maps = proxy:ldap:/etc/postfix/ad_virtual_group_maps.cf

- ad_sender_login_maps.cf:
server_host = dc.win-domain.tld
server_port = 389
version = 3
bind = yes
start_tls = no
bind_dn = vmail
bind_pw = vmail_passw
search_base = dc=win-domain,dc=tld
scope = sub
query_filter = (&(userPrincipalName=%s)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
result_attribute= userPrincipalName
#result_attribute= mail
debuglevel = 0

- ad_virtual_mailbox_maps.cf:
server_host = dc.win-domain.tld
server_port = 389
version = 3
bind = yes
start_tls = no
bind_dn = vmail
bind_pw = vmail_passw
search_base = dc=win-domain,dc=tld
scope = sub
query_filter = (&(objectclass=person)(userPrincipalName=%s))
result_attribute= userPrincipalName
result_format = %d/%u/Maildir/
debuglevel = 0

- ad_virtual_group_maps.cf:
server_host = dc.win-domain.tld
server_port = 389
version = 3
bind = yes
start_tls = no
bind_dn = vmail
bind_pw = vmail_passw
search_base = dc=win-domain,dc=tld
scope = sub
query_filter = (&(objectClass=group)(mail=%s))
special_result_attribute = member
leaf_result_attribute = mail
result_attribute= userPrincipalName
debuglevel = 0

- dovecot-ldap.conf
hosts = dc.win-domain.tld:389
ldap_version = 3
auth_bind = yes
dn = vmail
dnpass = vmail_passw
base = dc=windomain,dc=tld
scope = subtree
deref = never
user_filter = (&(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=%Ls%Lc)(|(mail=%u)(&(enabledService=shadowaddress)(shadowAddress=%u))))
user_attrs = homeDirectory=home,mailMessageStore=mail=maildir:/var/vmail/%$/Maildir/,mailQuota=quota_rule=*:bytes=%$
pass_filter = (&(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=%Ls%Lc)(|(mail=%u)(&(enabledService=shadowaddress)(shadowAddress=%u))))
pass_attrs = userPassword=password
default_pass_scheme = CRYPT
user_attrs = =home=/var/vmail/vmail1/%Ld/%Ln/Maildir/,=mail=maildir:/var/vmail/vmail1/%Ld/%Ln/Maildir/

4. telnet localhost 143
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
. login user@domain2.tld user_passw
* OK Waiting for authentication process to respond..
* BYE Disconnected for inactivity.
Connection closed by foreign host.

in /var/log/dovecot.log:
Oct 14 13:48:30 auth: Debug: client in: AUTH 1 PLAIN service=imap secured lip=127.0.0.1 rip=127.0.0.1 lport=143 rport=57939 resp=AGdyb3NoZXZpQHRkNy5ydQBFRVI1MDc=
Oct 14 13:48:30 auth: Debug: ldap(user@domain2.tld,127.0.0.1): bind search: base=dc=win-domain,dc=tld filter=(&(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=imapsecured)(|(mail=user@domain2.tld)(&(enabledService=shadowaddress)(shadowAddress=user@domain2.tld))))
Oct 14 13:50:14 imap-login: Info: Disconnected: Inactivity (disconnected while authenticating): method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
Oct 14 13:50:14 auth: Debug: client in: CANCEL 1

Thank you.==== Provide basic information to help troubleshoot ====
- iRedMail version:
- Linux/BSD distribution name and version:
- Any related log? Log is helpful for troubleshooting.
====

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

**ZhangHuangbin** · 2011-10-14 19:44:31

ZhangHuangbin
iRedMail Developers
Offline

Registered: 2009-05-06
Posts: 30,788

Re: dovecot-ldap + ADS

varchar wrote:

- dovecot-ldap.conf
hosts = ...
...
user_filter = (&(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=%Ls%Lc)(|(mail=%u)(&(enabledService=shadowaddress)(shadowAddress=%u))))
...
pass_filter = (&(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=%Ls%Lc)(|(mail=%u)(&(enabledService=shadowaddress)(shadowAddress=%u))))

You don't have correct dovecot-ldap.conf, please follow our integration tutorial strictly:
http://iredmail.org/wiki/index.php?titl … in_Dovecot

**varchar** · 2011-10-14 20:14:35

varchar
Member
Offline

Registered: 2011-10-13
Posts: 15

Re: dovecot-ldap + ADS

I have changed /etc/dovecot-ldap.conf according http://iredmail.org/wiki/index.php?titl … in_Dovecot
when I'm trying connect to port 143 with telnet I see that in /var/log/dovecot.log:
Oct 14 16:02:07 auth: Debug: client in: AUTH 1 PLAIN service=imap secured lip=127.0.0.1 rip=127.0.0.1 lport=143 rport=46606 resp=AGdyb3NoZXZpQHRkNy5ydQBFRVI1MDc=
Oct 14 16:02:07 auth: Debug: ldap(user@domain2.tld,127.0.0.1): bind search: base=dc=win-domain,dc=tld filter=(&(userPrincipalName=user@domain2.tld)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
Oct 14 16:02:07 auth: Debug: ldap(user@domain2.tld,127.0.0.1): result: objectClass(?unknown?)= cn(?unknown?)= sn(?unknown?)= title(?unknown?)= givenName(?unknown?)= distinguishedName(?unknown?)= instanceType(?unknown?)= whenCreated(?unknown?)= whenChanged(?unknown?)= displayName(?unknown?)= uSNCreated(?unknown?)= memberOf(?unknown?)= uSNChanged(?unknown?)= department(?unknown?)= homeMTA(?unknown?)= proxyAddresses(?unknown?)= homeMDB(?unknown?)= mDBStorageQuota(?unknown?)= mDBOverQuotaLimit(?unknown?)= mDBUseDefaults(?unknown?)= mailNickname(?unknown?)= protocolSettings(?unknown?)= name(?unknown?)= objectGUID(?unknown?)= userAccountControl(?unknown?)= badPwdCount(?unknown?)= codePage(?unknown?)= countryCode(?unknown?)= homeDirectory(?unknown?)= homeDrive(?unknown?)= badPasswordTime(?unknown?)= lastLogoff(?unknown?)= lastLogon(?unknown?)= pwdLastSet(?unknown?)= primaryGroupID(?unknown?)= userParameters(?unknown?)= objectSid(?unknown?)= adminCount(?unknown?)= accountExpires(?unknown?)= logonCount(?unknown?)= sAMAccountName(?unknown?)= sAMAccountType(?unknown?)= showInAddressBook(?unknown?)= legacyExchangeDN(?unknown?)= userPrincipalName(?unknown?)= servicePrincipalName(?unknown?)= objectCategory(?unknown?)= mSMQSignCertificates(?unknown?)= mSMQDigests(?unknown?)= msNPAllowDialin(?unknown?)= lastLogonTimestamp(?unknown?)= textEncodedORAddress(?unknown?)= mail(?unknown?)= msExchHomeServerName(?unknown?)= msExchALObjectVersion(?unknown?)= msExchMailboxSecurityDescriptor(?unknown?)= msExchUserAccountControl(?unknown?)= msExchMailboxGuid(?unknown?)= msExchPoliciesIncluded(?unknown?)= msExchRecipientDisplayType(?unknown?)= msExchUserCulture(?unknown?)= msExchVersion(?unknown?)= msExchRecipientTypeDetails(?unknown?)=
Oct 14 16:04:38 auth: Error: PLAIN(user@domain2.tld,127.0.0.1): Request 7979.1 timeouted after 151 secs, state=1
Oct 14 16:04:57 imap-login: Info: Disconnected: Inactivity (disconnected while authenticating): method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
Oct 14 16:04:57 auth: Debug: client in: CANCEL 1
Oct 14 16:05:58 auth: Info: ldap(user@domain2.tld,127.0.0.1): Shutting down
Oct 14 16:05:58 auth: Debug: client out: FAIL 1 user=user@domain2.tld temp

**ZhangHuangbin** · 2011-10-14 23:18:45

ZhangHuangbin
iRedMail Developers
Offline

Registered: 2009-05-06
Posts: 30,788

Re: dovecot-ldap + ADS

varchar wrote:

Oct 14 16:04:38 auth: Error: PLAIN(user@domain2.tld,127.0.0.1): Request 7979.1 timeouted after 151 secs, state=1

Did you see the error message in red color?
Looks like Dovecot cannot connect to your Active Directory server.

Dec 29, 2023: iRedMail-1.6.8 has been released.

dovecot-ldap + ADS

Posts: 4

1 Topic by varchar 2011-10-14 17:58:23

Topic: dovecot-ldap + ADS

2 Reply by ZhangHuangbin 2011-10-14 19:44:31

Re: dovecot-ldap + ADS

3 Reply by varchar 2011-10-14 20:14:35

Re: dovecot-ldap + ADS

4 Reply by ZhangHuangbin 2011-10-14 23:18:45

Re: dovecot-ldap + ADS

Posts: 4