Hi robert, Have done something a little different to integrate AD users into dovecot. Here i use sssd to integrate AD users into pam and use standard dovecot pam identification. Maybe not the solution you want ( i.e it provide full user access ... if you want only mail ) But sssd is simple to setup and easy to integrate into nsswitch / pam
Moreover sssd provided you with failover ( in case your ad server is not the same as your mail server ) Maybe it could be an idea .. Vincent ETIENNE Le 22/09/2014 23:50, Robert Watson a écrit : > I'm having a great deal of difficulty with integrating dovecot 2.0.9 with a > new installation of samba4 4.1.11 and would appreciate anyones help who has > this working. > > *Problem 1:* > if dn= cn=Administrator,dc=ourhome,dc=net with dnpass = ***** > ---------------I get NT_STATUS_LOGON_FAILURE > but dn = "administra...@ourhome.net" with dnpass = **** works > I guess I shouldn't complain but why doesn't the first one work? > > *Problem 2:* > can't seem to get a working set of > usr_attrs/user_filter,pass_attrs/pass_filter to authenticate > > *dovecot-ldap.conf :* > uris = ldap://localhost:389 > dn = "administra...@ourhome.net" > dnpass = **** > tls = no > ldap_version = 3 > base = cn=Users,dc=ourhome,dc=net > scope = subtree > user_filter = (&(objectClass=user)(sAMAccountName=%u)) > user_attrs = > sAMAccountName=user,userPassword=password,=mail=maildir:/var/vmail/%Ld/%n, > =home=/var$ > pass_filter = (&(objectClass=user)(sAMAccountName=%u)) > pass_attrs = sAMAccountName=user,userPassword=password > > *dovecont.message log output:* > *2014-09-22 14:44:50 auth: Debug: Loading modules from directory: > /usr/lib64/dovecot/auth* > *2014-09-22 14:44:50 auth: Debug: Module loaded: > /usr/lib64/dovecot/auth/libauthdb_ldap.so* > *2014-09-22 14:44:50 auth: Debug: Module loaded: > /usr/lib64/dovecot/auth/libdriver_mysql.so* > *2014-09-22 14:44:50 auth: Debug: Module loaded: > /usr/lib64/dovecot/auth/libdriver_pgsql.so* > *2014-09-22 14:44:50 auth: Debug: Module loaded: > /usr/lib64/dovecot/auth/libdriver_sqlite.so* > *2014-09-22 14:44:50 auth: Debug: Module loaded: > /usr/lib64/dovecot/auth/libmech_gssapi.so* > *2014-09-22 14:44:50 auth: Debug: auth client connected (pid=5316)* > *2014-09-22 14:45:00 auth: Debug: client in: AUTH 1 PLAIN service=imap > secured lip=127.0.0.1 rip=127.0.0.1 lport=143 rport=35148 > resp=AEpvaG5Eb2UASm9obkRvZQ==* > *2014-09-22 14:45:00 auth: Debug: ldap(JohnDoe,127.0.0.1): pass search: > base=cn=Users,dc=ourhome,dc=net scope=subtree > filter=(&(objectClass=user)(sAMAccountName=JohnDoe)) > fields=sAMAccountName,userPassword* > *2014-09-22 14:45:00 auth: Debug: ldap(JohnDoe,127.0.0.1): result: > sAMAccountName(user)=JohnDoe* > *2014-09-22 14:45:00 auth: Info: ldap(JohnDoe,127.0.0.1): No password > returned (and no nopassword)* > *2014-09-22 14:45:00 auth: Debug: Loading modules from directory: > /usr/lib64/dovecot/auth* > *2014-09-22 14:45:00 auth: Debug: Module loaded: > /usr/lib64/dovecot/auth/libauthdb_ldap.so* > *2014-09-22 14:45:00 auth: Debug: Module loaded: > /usr/lib64/dovecot/auth/libdriver_mysql.so* > *2014-09-22 14:45:00 auth: Debug: Module loaded: > /usr/lib64/dovecot/auth/libdriver_pgsql.so* > *2014-09-22 14:45:00 auth: Debug: Module loaded: > /usr/lib64/dovecot/auth/libdriver_sqlite.so* > *2014-09-22 14:45:00 auth: Debug: Module loaded: > /usr/lib64/dovecot/auth/libmech_gssapi.so* > *2014-09-22 14:45:00 auth: Debug: pam(JohnDoe,127.0.0.1): lookup > service=dovecot* > *2014-09-22 14:45:00 auth: Debug: pam(JohnDoe,127.0.0.1): #1/1 style=1 > msg=Password: * > *2014-09-22 14:45:02 auth: Info: pam(JohnDoe,127.0.0.1): unknown user* > *2014-09-22 14:45:04 auth: Debug: client out: FAIL 1 user=JohnDoe* >