[Dovecot] dovecot with Active Directory problem

Timo Sirainen tss at iki.fi
Thu Nov 18 19:50:40 EET 2010

On Sun, 2010-11-14 at 21:31 +0900, marie ot wrote:

> I am using dovecot-2.0.6 with NetBSD amd64.
> hosts = xxx.xxx.xxx.xxx:389
> dn = cn=Mail Administrator, cn=Users, dc=example, dc=com
> dnpass = *********

dn is set, so Dovecot does a bind before doing anything else.

> Both dovecot and postfix the first "bindRequest" was quite
> the same demand and the results.
> Next, dovecot demanded query of "userPrincipalName" and "unixUserPassword".
> It seems to be ok for the result.
> # This fails if it doesn't add to "Account Operators" group.

Looks right.

> However, "name" and "simple" were issued by the blank (anonymously?)

What do you mean by "name" and "simple"?

> as for the following next demand (bindRequest).

Since you have auth_bind=no, there should be only a single bind request
at the beginning of LDAP connection, nothing afterwards.

> In addition, query of "userPrincipalName" and "unixUserPassword" is issued
> to
> "cn=Configuration, dc=example, dc=com" afterwards.

Where's that Configuration coming from? It's not in your config file, so
I don't see why Dovecot would go querying it. Unless perhaps it's
OpenLDAP library that goes doing this stuff internally.

> errorMessage: 000004DC: LdapErr: DSID-0C0906DC, comment: In order to perform
> this operation a successful bind must be completed on the connection., data
> 0, v1db0

I don't see how this could happen, except if the previous LDAP reply
contains some kind of a reference elsewhere and OpenLDAP automatically
goes connecting there.

More information about the dovecot mailing list