Wrong idea I think. The simplest thing to try is to mask the bind password
in the LDAP configuration by turning it into a comment. Restarting Dovecot
immediately shows in the log files that the password is missing.
auth-worker(154994): Error: ldap([1]ldap://localhost:389): binding
failed (dn cn=xxx,ou=xxx,dc=xxx,dc=xx): Server is unwilling to perform,
unauthenticated bind (DN with no password) disallowed
Op 5-2-2026 om 11:31 schreef Aki Tuomi via dovecot:
On 05/02/2026 11:56 EET Ruud Baart via dovecot [2]<[email protected]> wrote:
I think you're pointing me in the right direction. I copied the LDAP
configuration from version 2.3 to 2.4 and modified it, but perhaps I
modified the bind section not correctly. If so, it probably works
because an anonymous bind provides the requested data. In that case I
need to rethink my access rules in the LDAP.
What if have:
ldap_uris = [3]ldap://localhost
ldap_auth_dn = cn=xxxx,ou=xxxx,dc=abc,dc=xy
ldap_auth_dn_password = secret
ldap_base = ou=xxx,dc=xxx,dc=xx
passdb ldap {...}
userdb ldap {....}
And looking at the documentation now, perhaps it should be:
dict_server {
dict ldap {
<not related to authentication at all>
}
}
passdb ldap {...}
userdb ldap {....}
References
Visible links
1. file:///tmp/tmpc2ke23vq/ldap:/localhost:389
2. mailto:[email protected]
3. file:///tmp/tmpc2ke23vq/ldap:/localhost
_______________________________________________
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]
