Use DN lookup instead of DN template for LDAP auth
In our setup users require a specific LDAP group to login. We enforce this with an LDAP filter (user_filter). With DN template, authentication always succeeds for these users, as Dovecot only performs an LDAP BIND request. Successful auth followed by failed userdb lookup seems to trigger a bug in Dovecot that causes the handler processes to stay around indefinitely and fill up the process_limit. Using DN lookup with the LDAP filter set for both user_filter and pass_filter should cause the authentication to fail for these users and work around the bug.
This commit is contained in:
Julian Rother
parent
18ab8dc6b1
commit
5267a3d716
1 changed files with 1 additions and 1 deletions
|
|
@ -25,7 +25,7 @@ tls_ca_cert_file = {{ dovecot.ldap.tls.ca }}
|
|||
tls_require_cert = hard
|
||||
|
||||
auth_bind = yes
|
||||
auth_bind_userdn = uid=%n,{{ dovecot.ldap.base }}
|
||||
pass_filter = {{ dovecot.ldap.filter }}
|
||||
|
||||
ldap_version = 3
|
||||
base = {{ dovecot.ldap.base }}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue