[Dovecot] Dovecot 1.2.12+Postfix+Active Directory: virtual domain name dropped.

Ran Talbott embed_bucket at cox.net
Fri Dec 24 01:53:32 EET 2010

I have a Windoze-only client who wants to move their mail hosting from 
godaddy.com hosting to an in-house system.  I'm pitching Linux as an 
alternative to Exchange, and trying to set up a demonstration system for 
them.  While a long-time Linux user, my server admin experience has been in 
setting up front-ends (mostly Apache-based web interfaces) for the embedded 
systems I specialize in.

The goal is to have an IMAP server where the users don't have Linux IDs,  and 
only need to manually login to the Active Directory domain controller.

The client has multiple Internet domains,  but all users are in the same 
Active Directory realm internally.

With the help of the how-tos at linuxmail.info,  I got the system to the point 
of being able to authenticate logins for both IMAP and SMTP (usng 
dovecot-SASL).  I tried using PAM first,  but it didn't work:  running kinit 
from the command line takes over 90 seconds to get a ticket,  and Dovecot 
timed out after 60 on every login attempt.  So I switched to LDAP.   Note: I 
still don't understand why, but authentication through Active Directory 
didn't work until I changed the querying distinguished name from 
the "cn=,dc=,dc=" format to "user at xxxx.local" format.

I have Postfix using dovecot-deliver as the LDA, but I hit a snag: deliver is 
not putting the domain name in the path to the maildir.

I have the active directory query set as:
  user_filter = (&(objectClass=user)(samaccountname=%n))
  user_attrs = =home=/var/mailstore/%d/%n. =uid=501, =gid=501, \

When I send mail to testing.testing at xxxx.xxx (real domain obscured),  I see 
this in mail.log

Dec 23 10:49:24 IBMUBUNTU1 dovecot: auth(default): master in: 
USER#0111#011testing.testing at xxxx.xxx#011service=deliver

Dec 23 10:49:24 IBMUBUNTU1 dovecot: auth(default): ldap(testing.testing): user 
search: base=dc=lawley, dc=local scope=subtree filter=(&(objectClass=user)
(samaccountname=testing.testing)) fields=

Dec 23 10:49:24 IBMUBUNTU1 dovecot: auth(default): ldap(testing.testing): 
result: objectClass(?unknown?)= cn(?unknown?)= sn(?unknown?)= 
givenName(?unknown?)= distinguishedName(?unknown?)= instanceType(?unknown?)= 
whenCreated(?unknown?)= whenChanged(?unknown?)= displayName(?unknown?)= 
uSNCreated(?unknown?)= uSNChanged(?unknown?)= name(?unknown?)= 
objectGUID(?unknown?)= userAccountControl(?unknown?)= 
primaryGroupID(?unknown?)= objectSid(?unknown?)= sAMAccountName(?unknown?)= 
sAMAccountType(?unknown?)= userPrincipalName(?unknown?)= 

Dec 23 10:49:24 IBMUBUNTU1 dovecot: auth(default): master out: 

i.e.,  the domain does not appear in the paths to the home directory or 

I found a bug report in the mailing list that looks like it might be the same 
problem (%d not supported in user_attrs),  but the fix it references is for 

Is this a known problem in 1.x?  Is there a fix/workaround for it?  E.g., 
could I have Postfix generate the maidir path and pass it to deliver as 
the "-m" parameter?



More information about the dovecot mailing list