Working with Active Directory on Windows Server 2012 R2

I’ve attempted the user Mail with the same password with the same result (binding as my own user was a last-ditch attempt).

aaron at aaron-Parallels-Virtual-Platform:/etc/sssd$ ldapsearch -x -H ldap:// -D  CN=aaron.jenkins,CN=users,DC=ad,DC=automaton,DC=uk -W - -b CN=aaron.jenkins,CN=users,DC=ad,DC=automaton,DC=uk
Enter LDAP Password:
# extended LDIF
# LDAPv3
# base <CN=aaron.jenkins,CN=users,DC=ad,DC=automaton,DC=uk> with scope subtree
# filter: (objectclass=*)
# requesting: -

# aaron.jenkins, Users,
dn: CN=aaron.jenkins,CN=Users,DC=ad,DC=automaton,DC=uk

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

Same with the user Mail

> I’m having issues getting Dovecot to work with AD on 2012 R2 in a test environment.
>> Nov 19 09:22:23 auth: Debug: auth client connected (pid=10345)
> Nov 19 09:22:23 auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=pkJxdDkISwAK0zcd lip= rip= rport=56395
> Nov 19 09:22:23 auth: Debug: client passdb out: CONT 1
> Nov 19 09:22:23 auth: Debug: client in: CONT 1 (previous base64 data may contain sensitive data)
> Nov 19 09:22:29 auth: Debug: client passdb out: FAIL 1 user=aaron.jenkins temp

Your conf:
auth_bind = yes
dn = aaron.jenkins
dnpass = dummypass1
auth_bind_userdn = CN=%u,CN=users,DC=ad,DC=automaton,DC=uk

Can you really succeed a simple auth with the dn aaron.jenkins ? This
ought to be a full DN. As I understand auth_bind_userdn, you do not need
dn/dnpass anyway, because auth_bind_userdn prevents searching for the
user's DN, in which case Dovecot requires a connection before any user
bind takes place.

I wonder if the log shows the error from this setting or from the user's
login attempt. Could you try another user?

Can you auth from command line via

ldapsearch -x -H ldap:// -D \
CN=aaron.jenkins,CN=users,DC=ad,DC=automaton,DC=uk -W \
- -b CN=aaron.jenkins,CN=users,DC=ad,DC=automaton,DC=uk

