On 2026-06-02 09:36, Aki Tuomi via dovecot wrote:
>>> I can't seem to find documentation that shows how to set up 2 LDAP passdb
>>> blocks. I can get each of them working properly, but only the second of the
>>> two works at any given time. I can't figure out the syntax needed to get
>>> both to work, even though I've been all over the Dovecot 2.4x official
>>> documentation. The docs seem to suggest settings that the server rejects.
>>>
>>> Anyone have any experience doing this, or know the correct syntax? Thanks
>>> in advance!
>>
>> # you can share settings like this
>> ldap_auth_dn = cn=dovecot,ou=apps,dc=example,dc=com
>> ldap_auth_dn_password = D0vec0t
>> ldap_uris = ldapi://%2Frun%2Fldapi
>> ldap_version = 3
>> ldap_bind = yes
>>
>> passdb ldab-1 {
>> driver = ldap
>> ldap_bind_userdn = cn=%{user},ou=apps,dc=example,dc=com
>> ldap_filter = (&(objectClass=applicationProcess)(cn=%{user}))
>> }
>>
>> passdb ldap-2 {
>> driver = ldap
>> ldap_bind_userdn = cn=%{user},ou=apps,dc=example,dc=com
>> ldap_filter =
>> (&(objectClass=posixAccount)(uid=%{user|username})(memberOf=cn=mail,ou=%{user|domain},ou=groups,dc=example,dc=com))
>> }
>>
>> Aki
>
> Sorry, small mistake
>
> ldap_bind = yes => passdb_ldap_bind = yes
Thanks for your replies.
2026.06.02 13:52:40
auth([email protected],10.0.0.99,sasl:plain)<qgg2+khTlLgKAABj>: Debug:
sasl(plain): Set authid '[email protected]'
2026.06.02 13:52:40
auth([email protected],10.0.0.99,sasl:plain)<qgg2+khTlLgKAABj>: Debug:
sasl(plain): Performing plain passdb verification
2026.06.02 13:52:40
auth([email protected],10.0.0.99,sasl:plain)<qgg2+khTlLgKAABj>: Debug:
ldap-1: Performing passdb lookup
2026.06.02 13:52:40
auth([email protected],10.0.0.99,sasl:plain)<qgg2+khTlLgKAABj>: Debug:
ldap-1: Finished passdb lookup
2026.06.02 13:52:40
auth([email protected],10.0.0.99,sasl:plain)<qgg2+khTlLgKAABj>: Debug:
ldap-2: Performing passdb lookup
2026.06.02 13:52:40
auth([email protected],10.0.0.99,sasl:plain)<qgg2+khTlLgKAABj>: Debug:
ldap-2: Finished passdb lookup
2026.06.02 13:52:43
auth([email protected],10.0.0.99,sasl:plain)<qgg2+khTlLgKAABj>: Debug:
sasl(plain): Finished plain passdb verification (status=internal-failure)
2026.06.02 13:52:43
auth([email protected],10.0.0.99,sasl:plain)<qgg2+khTlLgKAABj>: Debug:
sasl(plain): Interaction failed (internal failure)
2026.06.02 13:52:43
auth([email protected],10.0.0.99,sasl:plain)<qgg2+khTlLgKAABj>: Debug: Auth
request finished
2026.06.02 13:52:43
auth([email protected],10.0.0.99,sasl:plain)<qgg2+khTlLgKAABj>: Debug:
immediate auth failure due to internal failure
Not getting either one to work. This is with full debugging on. It looks like
the internal error happens instantly, no attempt to contact the directory.
_______________________________________________
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]
