Comments (9)
nitnelave
commented on May 30, 2024
1
I haven't used dovecot, so this is just a guess from a cursory reading of
the documentation.
You need to specify "uris" with ldap://my_server:3890 or
ldaps://my_server:6360
You need to do an authentication bind, not a password bind, so
auth_bind=yes.
And then for the template:
auth_bind_userdn = uid=%u,ou=people,dc=...
Can you try with that?
โฆOn Sun, 6 Aug 2023, 03:48 ddiawara, ***@***.***> wrote:
[image: image]
<https://user-images.githubusercontent.com/62718811/258615744-099045c8-bb77-45ba-ab91-6a8ce668bd9c.png>
2023-08-06T01:44:57.314159005+00:00 INFO โโ LDAP request [ 54.2ยตs | 0.01%
] 2023-08-06T01:44:57.316919296Z 2023-08-06T01:44:57.316825880+00:00 ERROR
๐จ [error]: [LDAP] Service Error: while handling incoming messages: while
receiving LDAP op: ldapmsg invalid 2023-08-06T01:44:57.672359421Z
2023-08-06T01:44:57.317568296+00:00 INFO LDAP session [ 346ms | 0.10% /
100.00% ] 2023-08-06T01:44:57.672633671Z
2023-08-06T01:44:57.317707838+00:00 INFO โโ LDAP request [ 346ms | 99.90% ]
2023-08-06T01:44:57.672855880Z 2023-08-06T01:44:57.671927880+00:00 ERROR โโ
๐จ [error]: Invalid tagclass 2023-08-06T01:44:57.673038463Z
2023-08-06T01:44:57.671959088+00:00 INFO โโ LDAP request [ 3.21ยตs | 0.00% ]
2023-08-06T01:44:57.673278671Z 2023-08-06T01:44:57.672269421+00:00 ERROR ๐จ
[error]: [LDAP] Service Error: while handling incoming messages: while
receiving LDAP op: ldapmsg invalid 2023-08-06T01:44:58.019408672Z
2023-08-06T01:44:57.674604546+00:00 INFO LDAP session [ 340ms | 0.09% /
100.00% ] 2023-08-06T01:44:58.019838672Z
2023-08-06T01:44:57.674710213+00:00 INFO โโ LDAP request [ 340ms | 99.91% ]
2023-08-06T01:44:58.020217797Z 2023-08-06T01:44:58.018958963+00:00 ERROR โโ
๐จ [error]: Invalid tagclass 2023-08-06T01:44:58.020546297Z
2023-08-06T01:44:58.018988838+00:00 INFO โโ LDAP request [ 3.67ยตs | 0.00% ]
2023-08-06T01:44:58.020892005Z 2023-08-06T01:44:58.019323755+00:00 ERROR ๐จ
[error]: [LDAP] Service Error: while handling incoming messages: while
receiving LDAP op: ldapmsg invalid 2023-08-06T01:45:07.307337634Z
2023-08-06T01:45:07.295695343+00:00 INFO LDAP session [ 2.43ms | 32.75% /
100.00% ]
โ
Reply to this email directly, view it on GitHub
<#642 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAGCPWNO4Y7WTT7VA5PMNKDXT3ZYRANCNFSM6AAAAAA3FQ4YPE>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
from lldap.
nitnelave
commented on May 30, 2024
1
Great! Do you think you could send a PR with an example configuration to help the next person?
from lldap.
ddiawara
commented on May 30, 2024
2023-08-06T01:44:57.314159005+00:00 INFO โโ LDAP request [ 54.2ยตs | 0.01% ] 2023-08-06T01:44:57.316919296Z 2023-08-06T01:44:57.316825880+00:00 ERROR ๐จ [error]: [LDAP] Service Error: while handling incoming messages: while receiving LDAP op: ldapmsg invalid 2023-08-06T01:44:57.672359421Z 2023-08-06T01:44:57.317568296+00:00 INFO LDAP session [ 346ms | 0.10% / 100.00% ] 2023-08-06T01:44:57.672633671Z 2023-08-06T01:44:57.317707838+00:00 INFO โโ LDAP request [ 346ms | 99.90% ] 2023-08-06T01:44:57.672855880Z 2023-08-06T01:44:57.671927880+00:00 ERROR โโ ๐จ [error]: Invalid tagclass 2023-08-06T01:44:57.673038463Z 2023-08-06T01:44:57.671959088+00:00 INFO โโ LDAP request [ 3.21ยตs | 0.00% ] 2023-08-06T01:44:57.673278671Z 2023-08-06T01:44:57.672269421+00:00 ERROR ๐จ [error]: [LDAP] Service Error: while handling incoming messages: while receiving LDAP op: ldapmsg invalid 2023-08-06T01:44:58.019408672Z 2023-08-06T01:44:57.674604546+00:00 INFO LDAP session [ 340ms | 0.09% / 100.00% ] 2023-08-06T01:44:58.019838672Z 2023-08-06T01:44:57.674710213+00:00 INFO โโ LDAP request [ 340ms | 99.91% ] 2023-08-06T01:44:58.020217797Z 2023-08-06T01:44:58.018958963+00:00 ERROR โโ ๐จ [error]: Invalid tagclass 2023-08-06T01:44:58.020546297Z 2023-08-06T01:44:58.018988838+00:00 INFO โโ LDAP request [ 3.67ยตs | 0.00% ] 2023-08-06T01:44:58.020892005Z 2023-08-06T01:44:58.019323755+00:00 ERROR ๐จ [error]: [LDAP] Service Error: while handling incoming messages: while receiving LDAP op: ldapmsg invalid 2023-08-06T01:45:07.307337634Z 2023-08-06T01:45:07.295695343+00:00 INFO LDAP session [ 2.43ms | 32.75% / 100.00% ]
from lldap.
ddiawara
commented on May 30, 2024
Hello don't know auth_bind_userdn but will find it. thanks
This is what a try to do LLDAP + docker-Mailserver + ROUNDCUBE (don't esitate if you have a best combo will appreciate it)
Login successfull on roundcube ui, greats thing but can't send mail and retrive mail
lldap:
image: nitnelave/lldap:stable
ports:
- "3890:3890"
- "17170:17170"
volumes:
- "lldap_data:/data"
environment:
- TZ=Etc/UTC
- LLDAP_JWT_SECRET=94721b2ada4bf1ba6462f5eb341ff08372392dbf76
- LLDAP_LDAP_USER_PASS=admin123
- LLDAP_LDAP_BASE_DN=dc=example,dc=com
- LLDAP_DATABASE_URL=postgres://lldap:lldap@postgres/lldapdb
mailserver:
image: ghcr.io/docker-mailserver/docker-mailserver:latest
container_name: mailserver
hostname: mailserver # mail #mail.example.com
domainname: example.com
ports:
- "25:25" # SMTP (explicit TLS => STARTTLS)
- "143:143" # IMAP4 (explicit TLS => STARTTLS)
- "465:465" # ESMTP (implicit TLS)
- "587:587" # ESMTP (explicit TLS => STARTTLS)
- "993:993" # IMAP4 (implicit TLS)
volumes:
- /var/mail
- /var/mail-state
- /tmp/docker-mailserver/
- /etc/localtime:/etc/localtime:ro
restart: always
stop_grace_period: 1m
healthcheck:
test: "ss --listening --tcp | grep -P 'LISTEN.+:smtp' || exit 1"
timeout: 3s
retries: 0
environment:
#- ONE_DIR=1 # 'ONE_DIR=1' but no volume was mounted to '/var/mail-state'
- DMS_DEBUG=0
- ENABLE_FAIL2BAN=1
# >>> Postfix LDAP Integration
- ACCOUNT_PROVISIONER=LDAP
- LDAP_SERVER_HOST=lldap:3890
- LDAP_SEARCH_BASE=dc=example,dc=com
- LDAP_BIND_DN=cn=admin,ou=people,dc=example,dc=com
- LDAP_BIND_PW=admin123
- SPOOF_PROTECTION=1
# <<< Postfix LDAP Integration
# >>> Dovecot LDAP Integration
- DOVECOT_BASE=dc=example,dc=com
- DOVECOT_DN=cn=admin,ou=people,dc=example,dc=com
- DOVECOT_DNPASS=admin123
- DOVECOT_AUTH_BIND=yes
- DOVECOT_USER_FILTER=(&(objectClass=inetOrgPerson)(mail=%u))
- DOVECOT_USER_ATTRS==uid=5000,=gid=5000,=home=/var/mail/%Ln,=mail=maildir:~/Maildir
# <<< Dovecot LDAP Integration
# >>> SASL LDAP Authentication
- ENABLE_SASLAUTHD=1
- SASLAUTHD_MECHANISMS=ldap
- SASLAUTHD_LDAP_SERVER=lldap:3890
- SASLAUTHD_LDAP_BIND_DN=cn=admin,ou=people,dc=example,dc=com
- SASLAUTHD_LDAP_PASSWORD=admin123
- SASLAUTHD_LDAP_SEARCH_BASE=dc=example,dc=com
- SASLAUTHD_LDAP_FILTER=(cn=%s)
# <<< SASL LDAP Authentication
roundcubemail:
image: roundcube/roundcubemail:latest
container_name: roundcubemail
restart: always
volumes:
- roundcube_data:/var/www/html
ports:
- "9002:80"
environment:
- ROUNDCUBEMAIL_SKIN=elastic
- ROUNDCUBEMAIL_DEFAULT_HOST=mailserver
- ROUNDCUBEMAIL_SMTP_SERVER=mailserver
#
- ROUNDCUBEMAIL_DB_TYPE=pgsql
- ROUNDCUBEMAIL_DB_HOST=postgres # same as pgsql container name
- ROUNDCUBEMAIL_DB_NAME=roundcubedb # same as pgsql POSTGRES_DB env name
- ROUNDCUBEMAIL_DB_USER=roundcube # same as pgsql POSTGRES_USER env name
- ROUNDCUBEMAIL_DB_PASSWORD=roundcube # same as pgsql POSTGRES_PASSWORD env name
MailServer logs
Roundcube logs
Lldap logs
from lldap.
nitnelave
commented on May 30, 2024
Have you looked at https://doc.dovecot.org/configuration_manual/authentication/ldap_bind/#authentication-ldap-bind ?
from lldap.
ddiawara
commented on May 30, 2024
yup but i think then don't have this attribute : https://docker-mailserver.github.io/docker-mailserver/latest/config/environment/#dovecot_auth_bind
only enable bind its possible
below the generate file
from lldap.
nitnelave
commented on May 30, 2024
Alright, I'm looking at the configuration for the docker image you
mentioned. I see a few things:
- LDAP_QUERY_FILTER_USER should probably be "(uid=%s)"
- LDAP_QUERY_FILTER_GROUP should be "(member=%s)"
- DOVECOT_AUTH_BIND should be yes
I haven't had a look until the end, but that may get you started.
โฆOn Sun, 6 Aug 2023, 19:49 ddiawara, ***@***.***> wrote:
yup but i think then don't have this attribute :
https://docker-mailserver.github.io/docker-mailserver/latest/config/environment/#dovecot_auth_bind
only enable bind its possible
โ
Reply to this email directly, view it on GitHub
<#642 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAGCPWMGUFTQNQOPJD5YGJLXT7KK3ANCNFSM6AAAAAA3FQ4YPE>
.
You are receiving this because you commented.Message ID:
***@***.***>
from lldap.
ddiawara
commented on May 30, 2024
very appreciate, continus to check. Only sent message doent work
I feel I'm very close to the goal, I don't have much left.
2023-08-07 00:23:30,388 DEBG 'saslauthd_ldap' stderr output:
2023-08-06T22:23:30.388860171Z saslauthd[1809] :released accept lock
2023-08-06T22:23:30.389071213Z
2023-08-06T22:23:30.389596296Z 2023-08-07 00:23:30,389 DEBG 'saslauthd_ldap' stderr output:
2023-08-06T22:23:30.389850421Z saslauthd[1819] :acquired accept lock
2023-08-06T22:23:30.390049921Z
2023-08-06T22:23:30.634434421Z Aug 7 00:23:30 mail postfix/submission/smtpd[2175]: warning: dict_ldap_open: /etc/postfix/ldap-aliases.cf: Fixed query_filter is probably useless
2023-08-06T22:23:30.634719629Z Aug 7 00:23:30 mail postfix/submission/smtpd[2175]: connect from roundcubemail.netconx[172.21.0.6]
2023-08-06T22:23:30.634955046Z 2023-08-07 00:23:30,634 DEBG 'mailserver' stdout output:
2023-08-06T22:23:30.635131421Z Aug 7 00:23:30 mail postfix/submission/smtpd[2175]: warning: dict_ldap_open: /etc/postfix/ldap-aliases.cf: Fixed query_filter is probably useless
2023-08-06T22:23:30.635279088Z Aug 7 00:23:30 mail postfix/submission/smtpd[2175]: connect from roundcubemail.netconx[172.21.0.6]
2023-08-06T22:23:30.635424213Z
2023-08-06T22:23:30.765187504Z 2023-08-07 00:23:30,764 DEBG 'saslauthd_ldap' stderr output:
2023-08-06T22:23:30.765386463Z saslauthd[1809] :auth failure: [user=d3n] [service=smtp] [realm=example.com] [mech=ldap] [reason=Unknown]
2023-08-06T22:23:30.765562379Z saslauthd[1809] :response: NO
2023-08-06T22:23:30.765719213Z
2023-08-06T22:23:31.643971172Z Aug 7 00:23:30 mail postfix/submission/smtpd[2175]: warning: roundcubemail.netconx[172.21.0.6]: SASL LOGIN authentication failed: authentication failure
2023-08-06T22:23:31.647176755Z Aug 7 00:23:30 mail postfix/submission/smtpd[2175]: disconnect from roundcubemail.netconx[172.21.0.6] ehlo=1 auth=0/1 quit=1 commands=2/3
2023-08-06T22:23:31.647784422Z 2023-08-07 00:23:31,640 DEBG 'mailserver' stdout output:
2023-08-06T22:23:31.648256588Z Aug 7 00:23:30 mail postfix/submission/smtpd[2175]: warning: roundcubemail.netconx[172.21.0.6]: SASL LOGIN authentication failed: authentication failure
2023-08-06T22:23:31.648614880Z Aug 7 00:23:30 mail postfix/submission/smtpd[2175]: disconnect from roundcubemail.netconx[172.21.0.6] ehlo=1 auth=0/1 quit=1 commands=2/3
=
I have some error in lldap
invalid TagClass
from lldap.
ddiawara
commented on May 30, 2024
It's Work
but i need to clean 2 thing in container mailserver
sed -i 's/^virtual_alias_maps.*/virtual_alias_maps =/' /etc/postfix/main.cf
sed -i 's/^query_filter.*/query_filter = (\&(mail=%s))/' /etc/postfix/ldap-aliases.cf
postconf -Mf
for this error
sourcer: docker-mailserver/docker-mailserver#1562 (comment)
from lldap.
Related Issues (20)
- [FEATURE REQUEST] Force reset admin user/password
- [FEATURE REQUEST] Ability to disable LDAP users HOT 6
- [BUG] Password reset UI is enabled even when the feature is disabled HOT 2
- [FEATURE REQUEST] Build `rootless` container image HOT 7
- [BUG] LLDAP stuck in restart loop with UNIQUE constraint failures on fresh sqlite install - lldap exited code 132 HOT 18
- Need Help. Invalid Login for Web Interface HOT 6
- [BUG] LDAP: Filtering custom attributes by value doesn't work HOT 2
- [FEATURE REQUEST] Documentation needs some clarification HOT 2
- [BUG] No documentation on SSL HOT 2
- [FEATURE REQUEST] Add entrydn as an attribute for groups to permit Duo directory synchronisation HOT 10
- [FEATURE REQUEST] Password Expiration Policy HOT 10
- [INTEGRATION] Grafana Integration HOT 5
- Is there a separate user password recovery service? HOT 1
- Question: Authelia Config: How to get user groups HOT 15
- Plea for a new release HOT 11
- [BUG] WebUI Case Sensitivity HOT 18
- [BUG] LLDAP_ADMIN_USERNAME should bootstrap admin username HOT 2
- [CLEANUP] Polish attribute creation form controls
- [CLEANUP] Use new form components across all components
- [FEATURE REQUEST] Add support for https HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from lldap.