Re[2]: Iteration for ldap userdb does not work

2017-10-19 Thread Holger A. Brinkhaus 

HI Steffen,

thanks for your reply. I've performed ldapsearch over all users (even 
without person filter) without problems. There are less than 10 persons 
in the directory.


Best regards
  Holger

-- Originalnachricht --
Von: "Steffen Kaiser" 
An: "Holger A. Brinkhaus" 
Cc: dovecot@dovecot.org
Gesendet: 20.10.2017 07:12:53
Betreff: Re: Iteration for ldap userdb does not work


Signatur hat Probleme
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Thu, 19 Oct 2017, Holger A. Brinkhaus wrote:

> I have a working ldap authentification for dovecot (with ldap based 
userdb
> query) for my Active Directory but iterations by doveadm -A runs in 
timeout.

>
> I tried now for three days and get it not to work.

Did you verified that ldapsearch runs through? Depending on the number 
of

users AD times out easily by default in my experience.

- --
Steffen Kaiser
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQEVAwUBWemF1Xz1H7kL/d9rAQIGbQf/a9opFEJnAOkPZI2gNmorTbCn7aaovHcK
APg1MshnoUuQE2suHAQpLaEd0ZhiXfiaJoV/jGGj1qYmUshQA6OxgjWqvNHU6d9S
OotsM/YgbdQAZwSQE41Qljr3S4dlpqIfTXcae9xgO4EKvIgMPToM2bvJEtjDj9v0
nW7EFSo9Nk2n0pK4Ey3dtZ7gh5zWMFJezQ06hAv7oR11foYYgkZWwShHCgFrRgo/
SAWrpvMVoBuxDvUuzLMGJsZoVlBtDadpfNC5vcIurg8Fo/e4WBdCPeSkuKDd+9vV
phbeeQmSUb6t5C/wPtS+oS3x3DX2pKkzL8wo0SJy/Kaz3jvr4ca6yQ==
=oHda
-END PGP SIGNATURE-

Re: Iteration for ldap userdb does not work

2017-10-19 Thread Steffen Kaiser 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Thu, 19 Oct 2017, Holger A. Brinkhaus wrote:

I have a working ldap authentification for dovecot (with ldap based userdb 
query) for my Active Directory but iterations by doveadm -A runs in timeout.


I tried now for three days and get it not to work.


Did you verified that ldapsearch runs through? Depending on the number of 
users AD times out easily by default in my experience.


- -- 
Steffen Kaiser

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQEVAwUBWemF1Xz1H7kL/d9rAQIGbQf/a9opFEJnAOkPZI2gNmorTbCn7aaovHcK
APg1MshnoUuQE2suHAQpLaEd0ZhiXfiaJoV/jGGj1qYmUshQA6OxgjWqvNHU6d9S
OotsM/YgbdQAZwSQE41Qljr3S4dlpqIfTXcae9xgO4EKvIgMPToM2bvJEtjDj9v0
nW7EFSo9Nk2n0pK4Ey3dtZ7gh5zWMFJezQ06hAv7oR11foYYgkZWwShHCgFrRgo/
SAWrpvMVoBuxDvUuzLMGJsZoVlBtDadpfNC5vcIurg8Fo/e4WBdCPeSkuKDd+9vV
phbeeQmSUb6t5C/wPtS+oS3x3DX2pKkzL8wo0SJy/Kaz3jvr4ca6yQ==
=oHda
-END PGP SIGNATURE-

Iteration for ldap userdb does not work

2017-10-19 Thread Holger A. Brinkhaus 

Hi,

I have a working ldap authentification for dovecot (with ldap based 
userdb query) for my Active Directory but iterations by doveadm -A runs 
in timeout.


I tried now for three days and get it not to work.

Best regards
  Holger

/etc/dovecot/dovecot-ldap-userdb.conf  is symlink to
/etc/doveconf/doveconf-ldap.conf

debug_level = 0
uris = ldaps://server1.office.hb-os.de:636
dn = cn=BINDUSER,cn=Users,dc=SUBDOM,dc=DOM,dc=de
dnpass = MYPASSWORD
auth_bind = yes
ldap_version = 3
deref = never
base = cn=Users,dc=SUBDOM,dc=DOM,dc=de
scope = subtree
user_attrs = =home=/usr/data/vmail/%d/%n, 
=mail=maildir:/usr/data/vmail/%d/%n/Maildir

user_filter = (&(objectClass=person)(mail=%u))
pass_filter = (&(objectClass=person)(mail=%u))
iterate_attrs = mail=user
iterate_filter = (objectClass=person)


doveconf -n

# 2.2.13: /etc/dovecot/dovecot.conf
# OS: Linux 3.16.0-4-amd64 x86_64 Debian 8.9
auth_mechanisms = plain login
base_dir = /var/run/dovecot/
default_vsz_limit = 512 M
dict {
  expire = mysql:/etc/dovecot/dovecot-dict-expire.conf.ext
}
first_valid_uid = 100
imap_idle_notify_interval = 16 mins
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
log_path = /var/log/dovecot.log
log_timestamp = "%Y-%m-%d %H:%M:%S "
mail_gid = vmail
mail_home = /usr/data/vmail/%d/
mail_location = maildir:~/Maildir:LAYOUT=fs
mail_plugins = expire
mail_privileged_group = vmail
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope 
encoded-character vacation subaddress comparator-i;ascii-numeric 
relational regex imap4flags copy include variables body enotify 
environment mailbox date ihave

namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
special_use = \Drafts
  }
  mailbox Junk {
special_use = \Junk
  }
  mailbox Sent {
special_use = \Sent
  }
  mailbox "Sent Messages" {
special_use = \Sent
  }
  mailbox Trash {
special_use = \Trash
  }
  prefix =
}
passdb {
  args = /etc/dovecot/dovecot-ldap.conf
  driver = ldap
}
plugin {
  antispam_backend = pipe
  antispam_debug_target = syslog
  antispam_pipe_program = /usr/data/vmail/spampipe.sh
  antispam_pipe_program_notspam_arg = --ham
  antispam_pipe_program_spam_arg = --spam
  antispam_pipe_tmp_dir = /tmp
  antispam_spam = Junk;SPAM;Spam
  antispam_trash = Trash
  expire = Trash
  expire2 = Trash/*
  expire3 = Junk
  expire_dict = proxy::expire
  sieve = /usr/data/vmail/%u/sieve/active-script.sieve
  sieve_before = /usr/data/vmail/sieve/spam-global.sieve
  sieve_dir = /usr/data/vmail/%d/%n/sieve/scripts/
  sieve_max_redirects = 4
  sieve_max_script_size = 1M
  sieve_quota_max_scripts = 128
}
postmaster_address = m...@domain.de
protocols = imap lmtp sieve
service auth {
  unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
  }
  unix_listener auth-userdb {
group = postfix
mode = 0600
user = postfix
  }
  user = vmail
}
service dict {
  unix_listener dict {
group = vmail
mode = 0600
user = vmail
  }
}
service imap-login {
  inet_listener imap {
port = 143
  }
  inet_listener imaps {
port = 993
ssl = yes
  }
  process_min_avail = 10
  service_count = 1
}
service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
  }
}
ssl_cert =