[Dovecot] Samba4 Active Directory and Doveadm
Timo Sirainen
tss at iki.fi
Fri Oct 15 16:46:53 EEST 2010
On Fri, 2010-10-15 at 07:17 -0600, Trever L. Adams wrote:
> Fantastic. I am not. Postfix, is validating user existence. I read
> somewhere I can turn off Dovecot LDA validation, but now I am unable to
> find the page.
http://wiki2.dovecot.org/UserDatabase/Static / allow_all_users
> >>> Oct 15 05:48:06 TeaSet dovecot: master: Error: service(auth-worker): child 16375 killed with signal 11 (core dumps disabled)
> > Can you get a gdb backtrace? First enable core dumps with "ulimit -c
> > unlimited" and once you have core file see
> > http://dovecot.org/bugreport.html
> I am not sure this is necessary.
A crash is a bug in any case that I'd like to fix. A good backtrace
would make it easier for me to do that.
> The problem seems to be in this
> dovecot: auth: Debug: ldap(?): result: sAMAccountName(?unknown?)=
>
> I get that for all fields in the AD. It looks like I am going to have to
> do a bind of some kind.
You mean the "?unknown?" part? I think the problem here is that I hadn't
thought that LDAP attributes are case-insensitive. You should have used
sAMAccountName, not samaccountname in the iterate_attrs. But I suppose
I'll need to fix this myself too.
> auth: Error: LDAP: binding failed (dn
> CN=SMTP-SERVICE-PRINCIPAL-USER,CN=Users,DC=example,DC=org): Local error,
> SASL(-1): generic failure: GSSAPI Error: An invalid name was supplied
> (Cannot determine realm for numeric host address)
No idea.
> I am thinking I should add gss-spnego to the mech, but haven't done so.
No, anything outside dovecot-ldap.conf doesn't affect LDAP. OpenLDAP
uses Cyrus SASL for doing the GSSAPI stuff, so you should try to look
into that.
More information about the dovecot
mailing list