On 2026-06-03 12:49, Aki Tuomi via dovecot wrote:
> Small optimization:
> userdb ldap {
> ldap_base = ou=people,dc=example,dc=com
> fields {
> gid = %{ldap:gidNumber}
> home = %{ldap:homeDirectory}
> mail = %{ldap:homeDirectory}/Maildir/%{user|domain}
> uid = %{ldap:uidNumber}
> }
> filter =
> (&(objectClass=posixAccount)(uid=%{user|username})(memberOf=cn=mail,ou=%{user|domain},ou=groups,dc=example,dc=com))
> }
Unfortunately that broke things.
> Also I think the problem happens on LDAP connection. Can you set
> ldap_debug_level=9?
That was already maxed out, but yes, very useful. I love it when services have
the ability to turn logging up to extremely detailed levels.
Anyway, I managed to solve the issue. Here's what I have:
ldap_auth_dn = cn=dovecot,ou=apps,dc=example,dc=com
ldap_auth_dn_password = D0vec0t
ldap_uris = ldapi://%2Frun%2Fldapi
ldap_version = 3
passdb_ldap_bind = yes
passdb ldap-1 {
driver = ldap
ldap_base = ou=apps,dc=example,dc=com
ldap_filter =
(&(objectClass=posixAccount)(uid=%{user|username})(memberOf=cn=mail,ou=%{user|domain},ou=groups,dc=example,dc=com))
passdb_ldap_bind_userdn = cn=%{user},ou=apps,dc=example,dc=com
result_success = return-ok
}
passdb ldap-2 {
driver = ldap
ldap_base = ou=people,dc=example,dc=com
ldap_filter = (&(objectClass=applicationProcess)(cn=%{user}))
passdb_ldap_bind_userdn =
uid=%{user|username},ou=people,dc=example,dc=com
result_success = return-ok
}
The difference was ldap_base turned out to be a requirement.
This is valuable information IMO because the 2.4x documentation is extensive
but lacking examples sometimes.
_______________________________________________
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]
