Hi Fran,
this is not a dovecot problem, thats a pure dns problem and can only be fixed in your dns environment. referrals are propagated in a "special" dns design in SRV records. so the ldap client performs a dns lookup for this names and this is the point of hanging (as in most "hanging cases", its dns). see: https://technet.microsoft.com/en-us/library/cc978014.aspx https://technet.microsoft.com/en-us/library/cc961719.aspx http://www.mail-archive.com/cas@tp.its.yale.edu/msg00797.html for information. Greetz Matze On Thu, 10 Sep 2015 13:10:57 +0200 Fran <cumc-436...@chguadalquivir.es> wrote: > Hi Matthias, > > thank you very much! that fixed the problem. > > I had workaround the problem by using "base = ou=xxxx, dc=dom", > instead of "base = dc=dom" in the dovecot-ldap.conf.ext file, because > that also worked (I don't know why, but the problem happen if you use > as base just the domain, but not if you add a second level). But that > forced to me to use several userdb/passdb blocks definitions, one for > each OU in which I have users, so I think that your fix is better. > > I'm not able to understand the actual reason behind all this though... > > What's the technical explanation behind this behaviour?? I mean, it > seems to be that the problem is that the Domain controller (DC) was > sending a "referrals" answer and dovecot auth made a connection to > these others DC but something wrong happened (dovecot can't deal > correctly with that kind of answers?? I don't know). > > Anyways, as far as I know: > > 1) A referral answer should be done by a DC when it can't provide the > object that the client are requesting > 2) REFERRALS off in ldap.conf means that the client should not follow > referrals returned by the DC > > So, if a referral answer is given from my DC, I think that is because > such DC can't provide the object which the client is looking for, so, > why works fine just by telling dovecot: "Don't follow referrals"? > > Regards > > > > El 09/09/2015 a las 17:22, Matthias Lay escribió: > > hi, > > > > check your > > > > /etc/openldap/ldap.conf > > > > for > > > > REFERRALS off > > > > I had this errors with "referrals on" in misconfigured dns > > environments. > > > > > > you can debug the dns packets by strace-ing the auth process > > > > > > > > > > On Tue, 8 Sep 2015 11:00:37 +0200