Oscar A. Valdez wrote: > The Howto at http://directory.fedora.redhat.com/wiki/Howto:Dovecot is > really very skimpy (two lines that refer you offsite, to a Howto based > on OpenLDAP). > > I spent most of yesterday banging my head, making dovecot authenticate > against FDS. The mail server on which dovecot is installed has the > nss_ldap and pam_ldap packages installed, and /etc/dovecot.conf has the > following two lines: > > auth_userdb = ldap /etc/dovecot-ldap.conf > auth_passdb = pam > > In other words, dovecot should use LDAP to access the user database, but > PAM for authentication. This part is working, since users authenticate > and get their mails through dovecot. > > /etc/dovecot-ldap.conf contains the following: > > hosts = 192.168.0.2 > ldap_version = 3 > base = ou=People, dc=duraflex, dc=com, dc=sv > deref = never > scope = subtree > user_attrs = uid,homeDirectory,,,uidNumber,gidNumber > user_filter = (&(objectClass=posixAccount)(uid=%u)) > > I haven't specified a dn or dnpass, since all I need is that dovecot > perform an anonymous query for the uid, homeDirectory, uidNumber and > gidNumber fields of its users, which are publically viewable. However, > my FDS server's access log has entries like these: > > conn=3266227 fd=138 slot=138 connection from 192.168.0.100 to > 192.168.0.2 > conn=3266227 op=0 BIND dn="" method=128 version=3 > conn=3266227 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="" > conn=3266227 op=1 SRCH base="ou=People,dc=duraflex,dc=com,dc=sv" scope=1 > filter="(&(objectClass=posixAccount)(uid=dovecot))" attrs=ALL > conn=3266227 op=1 RESULT err=0 tag=101 nentries=0 etime=0 > conn=3266227 op=2 SRCH base="ou=Groups,dc=duraflex,dc=com,dc=sv" scope=1 > filter="(&(objectClass=posixGroup)(memberUid=dovecot))" > attrs="gidNumber" > conn=3266227 op=2 RESULT err=0 tag=101 nentries=0 etime=0 > conn=3266227 op=-1 fd=138 closed - B1 > > Dovecot tries binding with an empty dn, fails, It doesn't fail, according to the log - the result of the BIND request is err=0 i.e. success. In LDAP, dn="" is an anonymous BIND. So, two possible problems: 1) Did you try that same search from the command line using ldapsearch? Same results? 2) Did you set up your ACIs to allow anonymous read/search/compare access to those entries and attributes? > the queries FDS for a > user or group called dovecot (which don't exist on the DS), and fails. > > Is there a way to tell dovecot to query anonymously? > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20060407/112a43a0/attachment.bin
