dovecot - LDAP Auth against ActiveDirectory

Hi there.

Im trying to set up a mailserver using dovecot.
I want the users to be authenticated against our ActiveDirectory running on W2K3.
Everything works find as long as im sending mails (smtpd_sasl_type = dovecot is set in main.cf of postfix).
If i want to contact the pop3 mailbox i get the following error:

ldap_search() failed : Operations error

Could anybody please help me out with this?

Regards.
Markus

I guess you need more information.
So here is my dovecot-ldap.conf:

hosts = <myhostip>
auth_bind = yes
ldap_version = 3
base = CN=Users,DC=<mydomain>,DC=<somewhere>
auth_bind_userdn = CN=%u,CN=Users,DC=<mydomain>,DC=<somewhere>
default_pass_scheme = CRYPT

What am I doing wrong?
I wrote an application on a windows box using c# and used exactliy the same dn-settings. Everything worked fine in this case.
The only thing is i had to encrypt the password using some SecureString.Marshal. thing.
Might this be a hint?

Please help!
Regards,
Markus

I dont want this to be forgotten.
Any idea is welcome.
Thanks!

I seem to remember reading that with AD you cannot check the password by authenticating as the target user, you have to authenticate as a privileged account.

In any case you might find it useful to sniff the LDAP exchange with something like wireshark to see what AD is actually saying when it denies the password check.

bartlm schrieb:
> I guess you need more information.
> So here is my dovecot-ldap.conf:
>
> hosts = <myhostip>
> auth_bind = yes
> ldap_version = 3
> base = CN=Users,DC=<mydomain>,DC=<somewhere>
> auth_bind_userdn = CN=%u,CN=Users,DC=<mydomain>,DC=<somewhere>
> default_pass_scheme = CRYPT

I’m not an LDAP expert by any means, but that last line strikes me as
odd. Does your Active Directory really contain passwords encrypted in
traditional Unix /etc/passwd style?

HTH
T.


Tilman Schmidt
Phoenix Software GmbH
Bonn, Germany