The settings for ldap are correct. Test Connection - OK

domain user
samaccountname = kurochkina
mail = andrii.kyrochkin@mydomain.com

The network dump of the connection to ldap shows that the connection and verification are correct.

To log in, I use the user’s login in the domain.

Error in php

php-fpm-mailcow-1 | [17-Apr-2025 16:32:36] WARNING: [pool web-worker] child 45 said into stderr: “NOTICE: PHP message: mailcow UI: Invalid password for kurochkina by 95.158.XX.XX”

Where’s the error?

    I had to scratch my head for the filter as well, I’ve used these settings

    Username field = mail
    Filter = (&(objectCategory=Person)(sAMAccountName=*)(memberOf=CN=DistuingishedNameOfyourSecurityGroupHere))
    Attribute Field = SIE

    Enabled Periodic full sync and import users

      Have something to say?

      Join the community by quickly registering to participate in this discussion. We'd like to see you joining our great moo-community!

      DonZalmrol Yes, I’m using a simple filter (&(mail=*)) for testing, but judging by the ldap dump, it works correctly.

      Attribute Field = SIE
      Can you write about this in more detail?

          DonZalmrol Cool!! I changed the Username Field = mail and everything worked.

          It’s a bit inconvenient, because the email and login can be significantly different, which seems to be the ideology of mailcow.

          Discussion on this issue: mailcow community Icon Usernames without domain

          mailcow community Icon mailcow communityDiscussion
          Usernames without domain
          A aksdb
          I’m currently considering moving a custom tailored postfix+dovecot+ldap+sogo setup to mailcow, since my own configuration is a bit dated and messy and it very much looks like that mailcow would solve a lot of problems in my backlog. One thing I would like to deviate from the mailcow setup though,
          mailcow community
          13 3

              dronmaxman yeah, but practice nowadays is to have the UPN and e-mail the same.

                2 months later

                dronmaxman I’m running into a similar problem with LDAP integration. You mention an LDAP dump above. Is there a way for me to enable debuggina and see the result set that is coming back from LDAP, or some level of verbose output when I try to log in? I’m 20+ years fluent in linux, so looking at files via SSH is not a problem.

                Thanks!

                  • DocFraggle

                    • Community Hero
                    Moolevel 339
                  • Post #8

                  If you use port 389 (no SSL), then you can just use tcpdump, dump it Wireshark compatible and have a look at it in Wireshark

                  tcpdump -vv -nn -i any -s 65535 -w /your/output/file.pcap port 389

                  No one is typing