Aug 5, 2024: iRedMail-1.7.1 has been released.

**stocton12** · 2011-04-08 06:12:50

stocton12
Member
Offline

Registered: 2011-04-08
Posts: 25

Topic: iRedMail and MS AD

I'm trying to use iRedMail with Active Directory for authentication. I have followed the instructions from the wiki but I have a problem with dovecot. When I try to verify ldap query with AD in dovecot it fails and in log I get
auth(default): Error: LDAP: binding failed (dn vmail): Invalid credentials, 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece
All previous tests mentioned in the guide succeeded without any errors. Thank you in advance for any help.

Also, if needed, here is my dovecot-ldap.conf:

hosts = 192.168.0.6:389
ldap_version = 3
auth_bind = yes
dn = vmail
dnpass = password
base = cn=Users,dc=mydomain,dc=com
scope = subtree
deref = never
user_filter = (&(userPrincipalName=%u)(objectClass=person)(!(userAccountControl=514)))
pass_filter = (&(userPrincipalName=%u)(objectClass=person)(!(userAccountControl=514)))
pass_attrs = userPassword=password
default_pass_scheme = CRYPT
user_attrs = =home=/var/vmail/vmail1/%Ld/%Ln/Maildir/,=mail=maildir:/var/vmail/vmail1/%Ld/%Ln/Maildir/

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

**ZhangHuangbin** · 2011-04-08 07:15:50

ZhangHuangbin
iRedMail Developers
Offline

Registered: 2009-05-06
Posts: 31,082

Re: iRedMail and MS AD

stocton12 wrote:

auth(default): Error: LDAP: binding failed (dn vmail): Invalid credentials, 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece

"Invalid credentials" means your bind dn or password is wrong. Please help check them again.

**stocton12** · 2011-04-08 07:25:59

stocton12
Member
Offline

Registered: 2011-04-08
Posts: 25

Re: iRedMail and MS AD

I have found that too, googling for ldap errors. I have also changed the password. But although the username and password are working when I try the "ldapsearch" command, they do not work with dovecot.

**ZhangHuangbin** · 2011-04-08 07:37:55

ZhangHuangbin
iRedMail Developers
Offline

Registered: 2009-05-06
Posts: 31,082

Re: iRedMail and MS AD

Did you try to use full ldap dn of 'vmail' account?

**stocton12** · 2011-04-08 07:42:24

stocton12
Member
Offline

Registered: 2011-04-08
Posts: 25

Re: iRedMail and MS AD

Found it! Found it! It was right in front of me but I could not see it.

Warning: Configuration file /etc/dovecot/dovecot-ldap.conf line 14: Ambiguous '#' character in line, treating it as comment.

Both passwords had # in them. Tried a password without # and ofcourse it worked.

**ZhangHuangbin** · 2011-04-08 08:04:02

ZhangHuangbin
iRedMail Developers
Offline

Registered: 2009-05-06
Posts: 31,082

Re: iRedMail and MS AD

Glad to hear that. ENJOY

**ZhangHuangbin** · 2011-04-08 08:10:42

ZhangHuangbin
iRedMail Developers
Offline

Registered: 2009-05-06
Posts: 31,082

Re: iRedMail and MS AD

I updated wiki tutorial below, hope others won't meet same issue:
http://iredmail.org/wiki/index.php?titl … LDAP_query

Thanks for your feedback.

Aug 5, 2024: iRedMail-1.7.1 has been released.

iRedMail and MS AD

Posts: 7

1 Topic by stocton12 2011-04-08 06:12:50

Topic: iRedMail and MS AD

2 Reply by ZhangHuangbin 2011-04-08 07:15:50

Re: iRedMail and MS AD

3 Reply by stocton12 2011-04-08 07:25:59

Re: iRedMail and MS AD

4 Reply by ZhangHuangbin 2011-04-08 07:37:55

Re: iRedMail and MS AD

5 Reply by stocton12 2011-04-08 07:42:24

Re: iRedMail and MS AD

6 Reply by ZhangHuangbin 2011-04-08 08:04:02

Re: iRedMail and MS AD

7 Reply by ZhangHuangbin 2011-04-08 08:10:42

Re: iRedMail and MS AD

Posts: 7