==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): iRedMail-1.3.2
- Deployed with iRedMail Easy or the downloadable installer?Downloadable installer
- Linux/BSD distribution name and version: CentOS Linux release 7.9.2009
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx):Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

hello,pls  help me

If base = dc=good, dc=com fails

[root@iredmail ~]# cat /etc/dovecot/dovecot-ldap.conf
hosts           = ndc0.good.com:389
ldap_version    = 3
auth_bind       = yes
dn              = vmail@good.com
dnpass          = 1234@abcd
base            = dc=good,dc=com
scope           = subtree
deref           = never

#Below two are required by command 'doveadm mailbox ...'
iterate_attrs   = userPrincipalName=user
iterate_filter  = (&(userPrincipalName=*)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))

user_filter     = (&(userPrincipalName=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
pass_filter     = (&(userPrincipalName=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
pass_attrs      = userPassword=password
default_pass_scheme = CRYPT
user_attrs      = =home=/var/vmail/vmail1/%Ld/%Ln/,=mail=maildir:~/Maildir/

Now use command telnet to verify AD query after restarted Dovecot service

[root@iredmail ~]# telnet localhost 143
Trying ::1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
. login vmail@good.com 1234@abcd
* OK Waiting for authentication master process to respond..

cat /var/log/dovecot/dovecot.log
Mar 30 18:15:01 iredmail dovecot: auth: Error: ldap(vmail@good.com,::1,<YIdwRb6+4twAAAAAAAAAAAAAAAAAAAAB>): Connection appears to be hanging, reconnecting
Mar 30 18:15:06 iredmail dovecot: auth: Error: ldap(vmail@good.com,::1,<Sp3APr6+eNwAAAAAAAAAAAAAAAAAAAAB>): LDAP search returned multiple entries
Mar 30 18:15:06 iredmail dovecot: auth: Error: ldap(vmail@good.com,::1,<YIdwRb6+4twAAAAAAAAAAAAAAAAAAAAB>): Connection appears to be hanging, reconnecting
Mar 30 18:15:06 iredmail dovecot: auth: Error: ldap(vmail@good.com,::1,<Sp3APr6+eNwAAAAAAAAAAAAAAAAAAAAB>): Request lost
Mar 30 18:16:36 iredmail dovecot: imap: Error: Login client disconnected too early (connection created 90063 msecs ago, client created 90063 msecs ago: session=YIdwRb6+4twAAAAAAAAAAAAAAAAAAAAB, rip=::1, auth_pid=34243, client-pid=35091, client-id=1)

If base= cn=users,dc=good, dc=com, the output is normal
Now use command telnet to verify AD query after restarted Dovecot service
[root@iredmail ~]# telnet localhost 143
Trying ::1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
. login vmail@good.com 1234@abcd
. OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE SNIPPET=FUZZY SPECIAL-USE QUOTA ACL RIGHTS=texk] Logged in