对Active Directory进行validationDovecot

我正在尝试在Windows 2008 R2域控制器上针对Microsoft Active DirectoryvalidationDovecot。 Dovecot（版本2.2.9）在Ubuntu 14.04（3.13.0-30-generic）上运行。

我的configuration：

dovecot.conf

protocols = imap service imap { inet_listener = *:143 } auth_username_format = %Lu auth_mechanisms = plain login disable_plaintext_auth = no ssl = no mail_location = maildir:/var/vmail/%u/Maildir first_valid_uid = 1001 last_valid_uid = 1001 first_valid_gid = 1001 last_valid_gid = 1001 valid_chroot_dirs = /var/vmail passdb { driver = ldap args = /etc/dovecot/dovecot-ldap.conf } userdb { driver = ldap args = /etc/dovecot/dovecot-ldap.conf } log_path = /var/log/dovecot.log syslog_facility = local7 auth_debug=yes 

dovecot的-的ldap.conf

• 房间邮箱的属性在哪里存储？
• 在AD中使用漫游configuration文件作为默认（运行Samba）
• AD网站和服务 – KCC自动生成的连接
• 从非域计算机提交证书申请文件。 如何找出策略服务器参数
• 远程桌面到本地PC

 hosts = dc.testdomain.local dn = CN=scanner,OU=SpecialUsers,DC=testdomain,DC=local dnpass = scanner ldap_version = 3 base = DC=testdomain,DC=local scope = subtree user_attrs = sAMAccountName=home user_filter = (&(ObjectClass=user)(|(mail=%u)(sAMAccountName=%u))) pass_attrs = sAMAccount=user,userPassword=password pass_filter = (&(ObjectClass=user)(sAMAccountName=%u)) default_pass_scheme = plain 

我正在使用“telnet ub14-dovecot 143”testing我的configuration和以下命令：

 Connected to ub14-dovecot. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=LOGIN] Dovecot (Ubuntu) ready. a1 login scanner scanner * OK Waiting for authentication process to respond.. * BYE Disconnected for inactivity during authentication. Connection closed by foreign host. 

日志：

 Jul 22 13:08:46 auth: Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth Jul 22 13:08:46 auth: Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth Jul 22 13:08:46 auth: Debug: Module loaded: /usr/lib/dovecot/modules/auth/libauthdb_ldap.so Jul 22 13:08:46 auth: Debug: Read auth token secret from /var/run/dovecot/auth-token-secret.dat Jul 22 13:08:46 auth: Debug: auth client connected (pid=28292) Jul 22 13:08:57 auth: Debug: client in: AUTH 1 PLAIN service=imap session=MQf5P8b+bACsEAgU lip=172.16.1.78 rip=172.16.8.20lport=143 rport=36972 resp= <hidden> Jul 22 13:08:57 auth: Debug: ldap(scanner,172.16.8.20,<MQf5P8b+bACsEAgU>): pass search: base=DC=testdomain,DC=local scope=subtree filter=(&(ObjectClass=user)(sAMAccountName=scanner)) fields=uid,userPassword Jul 22 13:11:46 imap-login: Info: Disconnected: Inactivity during authentication (disconnected while authenticating, waited 169 secs): user=<>, method=PLAIN, rip=172.16.8.20, lip=172.16.1.78, session=<MQf5P8b+bACsEAgU> Jul 22 13:13:11 auth: Error: PLAIN(scanner,172.16.8.20,<MQf5P8b+bACsEAgU>): Request 28292.1 timed out after 254 secs, state=1 Jul 22 13:13:11 auth: Debug: client in: CANCEL 1 Jul 22 13:14:11 auth: Info: ldap(scanner,172.16.8.20,<MQf5P8b+bACsEAgU>): Shutting down Jul 22 13:14:11 auth: Debug: client passdb out: FAIL 1 user=scanner temp 

正如你所看到的，我得到了AD的暂停。 如果我尝试login错误的凭据相同。 所以我确定我的configuration有错误。 我只是无法find它。

 cat /etc/dovecot/dovecot-ldap.conf hosts = dc01.mydomain.tld base = dc=mydomain, dc=tld ldap_version = 3 auth_bind = yes auth_bind_userdn = seta-int\%u 

 auth_debug = yes auth_username_format = %Lu listen = * mail_location = maildir:/home/vmail/%u/Maildir mbox_write_locks = fcntl passdb { args = /etc/dovecot/dovecot-ldap.conf driver = ldap } protocols = imap pop3 ssl_cert = </etc/pki/dovecot/certs/dovecot.pem ssl_key = </etc/pki/dovecot/private/dovecot.pem userdb { args = uid=vmail gid=vmail home=/var/vmail/%u driver = static }