Topic: iRedMail FreeBSD / LDAP & Dovecot Remote Auth Issue
==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.8 OPENLDAP EDITION
- Linux/BSD distribution name and version: FreeBSD 11.1 x64
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
So far I've had a great experience using iredmail & migrating from my old host to my new.
There was a snag where I had to downgrade py-ldap to get the admin panel working but otherwise things have gone well.
Right now my mail is flowing & webmail is working perfectly. The rub is when I try to connect to dovecot with a remote client. I am getting unknown user authentication messages. For demonstration I've included the sanitized debug logs of dovecot for a successful roundcube auth session & an unsuccessful remote IMAP auth session.
Successful RoundCube Login:
Apr 12 00:13:16 imap-login: Info: Login: user=<testuser@example.org>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=62044, secured, session=<wxkc0J9p4Kp/AAAB>
Apr 12 00:13:16 imap(testuser@example.org)<62044><wxkc0J9p4Kp/AAAB>: Info: Logged out in=758 out=6431 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
Unsuccessful Remote IMAp Client Login:
Apr 12 00:13:52 auth: Debug: auth client connected (pid=65023)
Apr 12 00:13:53 auth: Debug: client in: AUTH 1 PLAIN service=imap secured=tls session=ry5U0p9pO2NHC/l3 lip=10.7.***.*** rip=71.11.***.*** lport=993 rport=25403 ssl_cipher=ECDHE-RSA-AES256-GCM-SHA384 ssl_cipher_bits=256 ssl_pfs=ECDH ssl_protocol=TLSv1.2 resp=<hidden>
Apr 12 00:13:53 auth: Debug: ldap(testuser@example.org,71.11.***.***,<ry5U0p9pO2NHC/l3>): bind search: base=o=domains,dc=example,dc=org filter=(&(objectClass=mailUser)(accountStatus=active)(!(domainStatus=disabled))(enabledService=mail)(enabledService=imaptls)(|(mail=testuser@example.org)(&(enabledService=shadowaddress)(shadowAddress=testuser@example.org))))
Apr 12 00:13:53 auth: Debug: ldap(testuser@example.org,71.11.***.***,<ry5U0p9pO2NHC/l3>): no fields returned by the server
Apr 12 00:13:53 auth: Info: ldap(testuser@example.org,71.11.***.***,<ry5U0p9pO2NHC/l3>): unknown user (given password: ********* [confirmed correct])
Apr 12 00:13:55 auth: Debug: client passdb out: FAIL 1 user=testuser@example.org
Apr 12 00:13:55 imap-login: Info: Disconnected (auth failed, 1 attempts in 2 secs): user=<testuser@example.org>, method=PLAIN, rip=71.11.***.***, lip=10.7.***.***, TLS: read(size=519) failed: Connection reset by peer, session=<ry5U0p9pO2NHC/l3>
Any pointers would be much appreciated as this is bugging the hell out of me. I can confirm 100% that the auth username & password are connect. (I've actually tied other web apps to the ldap instance and am successfully authenticating against the LDAP server with this username & password the AUTH issue is ONLY with dovecot/IMAP and only from remote hosts.)
----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.