2015-04-02 21:31 keltezéssel, Rowland Penny írta:
On 02/04/15 19:18, Szládovics Péter wrote:
2015-04-02 14:58 keltezéssel, Rowland Penny írta:
On 02/04/15 13:51, Szládovics Péter wrote:
2015-04-02 13:49 keltezéssel, Gerald Brandt írta:
These are the messages in the log file. It looks like I'm not
using the right credentials.
2015-04-02 06:44:49 master: Info: Dovecot v2.2.9 starting up (core
dumps disabled)
2015-04-02 06:44:52 auth: Error: LDAP: binding failed (dn
cn=admin,dc=erlphase,dc=com): Invalid credentials, Simple Bind
Failed: NT_STATUS_LOGON_FAILURE
2015-04-02 06:44:59 auth: Error: LDAP: binding failed (dn
cn=admin,dc=erlphase,dc=com): Invalid credentials, Simple Bind
Failed: NT_STATUS_LOGON_FAILURE
2015-04-02 06:45:05 auth-worker(5304): Error: LDAP: binding failed
(dn cn=admin,dc=erlphase,dc=com): Invalid credentials, Simple Bind
Failed: NT_STATUS_LOGON_FAILURE
2015-04-02 06:45:43 imap-login: Info: Disconnected (auth failed, 1
attempts in 44 secs): user=<johndoe>, method=PLAIN, rip=::1,
lip=::1, secured, session=<I2WVXLwS3wAAAAAAAAAAAAAAAAAAAAAB>
Could you please give us your anonymized dovecot (and dovecot-ldap)
conf? I think your problem there is in it.
He did, they are the first post, unless he has changed them.
Is it?
dn = cn=administrator,dc=erlphase,dc=com
base = dc=oc,dc=local
The accounts isn't on one branch of the tree (red). Will they see
each other?
Ant this config isn't the live config, the log and the config is
different (blue).
So I really need the actual config...
I pointed that out earlier and he has now posted them again, though
they are different now.
Anyway, he could try this dovecot-ldap.conf:
hosts = localhost:389
ldap_version = 3
auth_bind = yes
dn = [email protected]
dnpass = openchange1!
base = cn=users,dc=home,dc=lan
scope = subtree
deref = never
user_filter =
(&(mail=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
pass_filter =
(&(mail=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
pass_attrs = userPassword=password
default_pass_scheme = CRYPT
user_attrs =
=home=/var/vmail/%Ld/%Ln/Maildir/,=mail=maildir:/var/vmail/%Ld/%Ln/Maildir/
Okay.
So. Try this:
hosts = 127.0.0.1:389 # some system uses IPv6 address as localhost, and
not sure the ldap is listening on it
dn = cn=administrator,cn=users,dc=home,dc=lan # erlphase.com is maybe
not valid in this situation (I don't know it's userPrincipalName attribute)
dnpass = <same as above>
auth_bind = yes
tls = no
deref = never
ldap_version = 3
base = cn=users,dc=home,dc=lan
scope = subtree
user_attrs = =home=/var/vmail/%Ld/%Ln/Maildir/,=uid=5000,=gid=5000 # UID
and GUID same as vmail user's UID and GUID number
user_filter =
(&(sAMAccountName=%u)(objectClass=person)(!(userAccountControl=514))) #
It is enough
pass_filter =
(&(sAMAccountName=%u)(objectClass=person)(!(userAccountControl=514))) #
Like previous
pass_attrs = userPassword=password,sAMAccountName=user # Let it be
# default_pass_scheme is unnecessary
test it with
$> telnet 127.0.0.1 143
> 1 login administrator openchange1!
> 1 logout
If you get '1 OK' after login, then it's OK.
After then you need to check the sogo.conf about the bind and user
filter. The settings let the similar with dovecot's config.
Restart services what are modified, and try again the login.
PS: check your postfix's LDAP settings, and correct it too based on the
working dovecot config. Word of advice: if you try to modify anything,
then you need to modify only one thing in one time, then try, and check
the logs, if it doesn't help. Don't modify more parameters at same time!
Do backup from the config before save the modifications for easy
correction the wrongest way than previous.
--
[email protected]
https://inverse.ca/sogo/lists
