<quote who="Jack McKinney">

No, it isn't. I have verified the connection with "openssl s_client". Besides, the server is receiving the username "jackmc@lorentz.com", so the connection has already been made by this time. What is happening every time is that dovecot sends the correct query to OpenLDAP (as noted in the log below), OpenLDAP receives that query (according to its log) and responds with one match, but dovecot never seems to see that response. 180 seconds after the auth fails, dovecot drops the connection with the IMAP client for inactivity.

I've gone back to your first post, and you slapd logs show:

Apr 3 08:13:30 fourier slapd[14039]: conn=7 op=3 SRCH base="ou=users,dc=lorentz,dc=com" scope=1 deref=0 filter="(&(objectClass=inetOrgPerson)(mail=jackmc at lorentz.com))" Apr 3 08:13:30 fourier slapd[14039]: conn=7 op=3 SRCH attr=uid Apr 3 08:13:30 fourier slapd[14039]: conn=7 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text=

Which shows the correct filter, but the requested attribute to return is "uid", which is _not_ in your entry:

Jack McKinney, users, lorentz.com

dn: cn=Jack McKinney,ou=users,dc=lorentz,dc=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson cn: Jack McKinney givenName: Jack McKinney sn: McKinney mail: jackmc at lorentz.com

Try the same search again, but using (note uid on end):

ldapsearch -h ldap.lrtz -b 'ou=users, dc=lorentz, dc=com' -D 'cn=varmail,ou=users,dc=lorentz,dc=com' -x -W -s onelevel '(&(objectClass=inetOrgPerson)(mail=jackmc at lorentz.com))' uid

It should be empty, hence why dovecot isn't getting anything.