Hello,
I am using dovecot-2.0.6 with NetBSD amd64.
Active Directory is used as an authentication server.
(Windows Server 2008 R2)
However, the message of Operations error was displayed first and it did
not move.
It solved it by understanding that this is because the authority of the user
who used it for bind was insufficient, and adding to Account Operators
group.
# Though it is not the best.
The error Error: re_encode_request new request is occurs,
and it doesn't operate still as follows.
Postfix operates though connects with LDAP.
The following are samples.
# Active Directory Server settings
domain = example.com
server_host = ldap://xxx.xxx.xxx.xxx:389
search_base = dc=example, dc=com
version = 3
timeout = 30
# Active Directory Searcher settings
bind = yes
bind_dn = cn=Mail Administrator, cn=Users, dc=example, dc=com
bind_pw = *
# Filter Query
query_filter =
(((objectCategory=person)(|(mail=%s)(userPrincipalName=%s)))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
result_attribute = userPrincipalName
result_filter = %s/
chase_referrals = no
The packet was done with wireshark by using this definition and a capture
doing and a similar test were done to dovecot.
It is a setting of dovecot.
hosts = xxx.xxx.xxx.xxx:389
dn = cn=Mail Administrator, cn=Users, dc=example, dc=com
dnpass = *
auth_bind = no
ldap_version = 3
base = dc=example, dc=com
user_attrs = unixHomeDirectory=home,uidNumber=uid,gidNumber=gid
user_filter =
(((objectCategory=person)(userPrincipalName=%u))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
pass_attrs = userPrincipalName=user,unixUserPassword=password
pass_filter =
(((objectCategory=person)(userPrincipalName=%u))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
iterate_attrs = userPrincipalName=user
iterate_filter =
((objectCategory=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
default_pass_scheme = MD5
# Schema of LDAP is matched to Windows Services for UNIX,
# and the password is made a hush with MD5.
Both dovecot and postfix the first bindRequest was quite
the same demand and the results.
Next, dovecot demanded query of userPrincipalName and unixUserPassword.
It seems to be ok for the result.
# This fails if it doesn't add to Account Operators group.
However, name and simple were issued by the blank (anonymously?)
as for the following next demand (bindRequest).
In addition, query of userPrincipalName and unixUserPassword is issued
to
cn=Configuration, dc=example, dc=com afterwards.
And, Operations Error is returned because of this.
Error description in LDAP packet:
errorMessage: 04DC: LdapErr: DSID-0C0906DC, comment: In order to perform
this operation a successful bind must be completed on the connection., data
0, v1db0
Because LDAP is unprofessional, it has not understood though
the source code was seen.
Do you serve as a reference?
Thanks powerful codes.
