Ok I played around a bit and activated debugging correctly (Thanks to Steffen)
Now I try to log in with the user johndoe (that is his cn and his uid) and i get the following message in syslog: Mar 2 11:03:32 mailserver dovecot: auth: Debug: master in: REQUEST#0111283457025#0117428#0111#011d139b5d372d882643bc995003c615c89 Mar 2 11:03:32 mailserver dovecot: auth: Debug: ldap(johndoe,127.0.0.1,<EYmiVEsQSgB/AAAB>): user search: base=ou=People,dc=[domainname],dc=de scope=subtree filter=(&(objectClass=inetOrgPerson)(cn=johndoe)) fields=uidNumber Mar 2 11:03:32 mailserver slapd[2465]: <= bdb_equality_candidates: (cn) not indexed Mar 2 11:03:32 mailserver dovecot: auth: Debug: ldap(johndoe,127.0.0.1,<EYmiVEsQSgB/AAAB>): result: uidNumber missing Mar 2 11:03:32 mailserver dovecot: auth: Debug: master out: USER#0111283457025#011johndoe Mar 2 11:03:32 mailserver dovecot: imap-login: Login: user=<johndoe>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=7450, secured, session=<EYmiVEsQSgB/AAAB> Mar 2 11:03:32 mailserver dovecot: imap(johndoe): Error: user johndoe: Couldn't drop privileges: User is missing UID (see mail_uid setting) Mar 2 11:03:32 mailserver dovecot: imap(johndoe): Error: Internal error occurred. Refer to server log for more information. I am confused what the line Mar 2 11:03:32 mailserver dovecot: imap(johndoe): Error: user johndoe: Couldn't drop privileges: User is missing UID (see mail_uid setting) is trying to tell me. doveconf -n: # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.8 ext4 auth_debug = yes auth_mechanisms = plain login auth_verbose = yes default_login_user = vmail disable_plaintext_auth = no first_valid_gid = 2222 first_valid_uid = 2222 listen = * mail_access_groups = vmail mail_debug = yes mail_location = maildir:/var/vmail/%n passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } protocols = imap service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } user = root } service imap-login { process_min_avail = 1 user = vmail } ssl = no userdb { args = /etc/dovecot/dovecot-ldap-userdb.conf.ext driver = ldap } grep -v '^ *\(#.*\)\?$' dovecot-ldap.conf.ext : hosts = mailserver.[domainname].de debug_level = 0 auth_bind = yes auth_bind_userdn = cn=%u,ou=People,dc=[domainname],dc=de base = ou=People,dc=[domainname],dc=de user_attrs = uidNumber=uid user_filter = (&(objectClass=inetOrgPerson)(cn=%u)) pass_attrs = userPassword=password pass_filter = (&(objectClass=inetOrgPerson)(uid=%u)) iterate_attrs = uid=user iterate_filter = (objectClass=inetOrgPerson) 2015-02-27 16:00 GMT+01:00 Paolo Cravero <paolo.crav...@csi.it>: > > This is the user DN: > > > cn=Klara Fall,ou=People,dc=[domainname],dc=de > > > According to your Dovecot configuration > > > auth_bind_userdn = cn=%u,ou=People,dc=**[domainname]**,dc=de > > if you login with "klarafall" it will be expanded into > > cn=klarafall,ou=People,dc=[domainname],dc=de > > which is not the correct DN for Mrs Klara. > > So if you login with "Klara Fall" it should work, but that will probably > mess up the things on Dovecot filesystem. > > > I am strongly against setting a static DN when dealing with LDAP > authentication. LDAP servers are optimized to serve search requests, so let > yours do the job. Allow Dovecot to lookup the correct DN based on the > attribute you supply (uid) and then authenticate. > > This should be achieved if you comment out the auth_bind_userdn line. > > Paolo Cravero >