Issue with Autodiscover in Mailcow when using LDAP authentication in Outlook

thomsen887

I set up integration between Mailcow and Microsoft Active Directory (LDAP). Mailboxes were created correctly, users were imported, and everything seemed to be working — they could authenticate through the web interface, and email sending and receiving worked as expected. However, there was a problem: Autodiscover did not work for LDAP users when connecting from Outlook. At the same time, for local Mailcow users (not using LDAP), everything worked perfectly — Outlook successfully received IMAP and SMTP settings via autodiscover.php.

Mailcow documentation mentions that Outlook 2021 does not fully support automatic configuration, but this did not explain the difference between local and LDAP-based accounts. I noticed that Autodiscover consistently failed with an authentication error for LDAP users. In Mailcow logs, entries like the following appeared:

“Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14334; Pro) none 10.150.177.130 Error: must be authenticated”.

However, if I switched the user from LDAP authentication to a local Mailcow account or created a new local mailbox, Autodiscover immediately started working correctly — Outlook received the settings and no authentication errors occurred.

After many tests and configuration tweaks, I discovered that the issue was caused by the “Attribute Mapping” section in the Identity Provider settings. If there is even one additional line in this section (for example, an extra mapping by department) and any second Template is used (including a second Default), Autodiscover authentication for LDAP users stops working. Outlook throws an error at the basic authentication stage, even if the login and password are entered correctly. As soon as I left only one line with the Default Template and any valid template (from the available list), authentication immediately started working. This was confirmed in the Mailcow logs:

07.07.2025, 22:11:34 Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14334; Pro) usr@domain.com 10.150.177.130 IMAP, SMTP, Cal-/CardDAV
07.07.2025, 22:11:34 Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14334; Pro) none 10.150.177.130 Error: must be authenticated

It looks like an odd glitch, possibly a bug in how Mailcow handles templates or authentication when LDAP and autodiscover.php are used together. But the fact remains: even a single extra line in the Attribute Mapping section can completely break Autodiscover authentication for LDAP users.