I would recommend configuring a service user to AD and using LDAP userdb, but
if you do not, for whatever reason want to do this, change
userdb static {
allow_all_users = yes
fields {
gid = vmail
uid = vmail
}
}
to skip passdb check.
See
https://doc.dovecot.org/2.4.2/core/config/auth/userdb.html#userdb_static_allow_all_users
Aki
> On 25/01/2026 12:30 EET Esteban Heschung via dovecot <[email protected]>
> wrote:
>
>
> Hello Dovecot Team,
>
> I am currently using *Dovecot 2.4.1* with *Windows Active Directory* via
> LDAPS (self-signed certificate).
>
> I have configured a *bind DN template* for authentication.
>
> Authentication works perfectly. However, when Dovecot tries to perform
> the *userdb
> lookup*, it seems to *ignore the DN template*. Instead, it attempts to
> perform a search using the *ldap_base and filter* I configured...
>
> According to the documentation, the *bind DN template should be sufficient*,
> and Dovecot should not need to perform this search.
>
> Additionally, if I *remove the ldap_base or filter fields*, Dovecot fails
> with an error and cannot perform the lookup at all.
>
> This results in doveadm user failing, even though authentication succeeds.
>
> Could this be a bug in the way Dovecot handles bind_userdn for LDAP userdb
> lookups?
>
> I would appreciate any guidance or confirmation on this behavior.
>
> Thank you for your help.
> Hello Dovecot Team,
>
> I am currently using Dovecot 2.4.1 with Windows Active Directory via LDAPS
> (self-signed certificate).
>
> I have configured a bind DN template for authentication.
>
> Authentication works perfectly. However, when Dovecot tries to perform the
> userdb lookup, it seems to ignore the DN template. Instead, it attempts to
> perform a search using the ldap_base and filter I configured...
>
> According to the documentation, the bind DN template should be sufficient,
> and Dovecot should not need to perform this search.
>
> Additionally, if I remove the ldap_base or filter fields, Dovecot fails
> with an error and cannot perform the lookup at all.
>
> This results in doveadm user failing, even though authentication succeeds.
>
> Could this be a bug in the way Dovecot handles bind_userdn for LDAP userdb
> lookups?
>
> I would appreciate any guidance or confirmation on this behavior.
>
> Thank you for your help.
> _______________________________________________
> dovecot mailing list -- [email protected]
> To unsubscribe send an email to [email protected]
_______________________________________________
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]
