Re: [Courier-imap] advanced courier ldap auth problem

Thu, 05 Apr 2007 23:02:22 -0700 

On Fri, Apr 06, 2007 at 04:50:24AM +0200, Jax wrote:
> But at this point it gets more interesting because I installed courier 
> ldap on an other ubuntu machine (up2date in vmware) for testing and I 
> got exactly the same error which means that I must have some problem 
> with the LDAP schema so I did a dump. Here is my john user what I 
> created for test:

And can you paste the complete debug output from authdaemond when this
particular person tries to login?

> dn: cn=john,ou=Courier,ou=Services,dc=logonserver,dc=lan
> uid: [EMAIL PROTECTED]
> mail: [EMAIL PROTECTED]
> sn: john
> cn: john
> uidNumber: 1005
> gidNumber: 102
> homeDirectory: /home/users/user1
> userPassword:: e01ENX1UbHU2NnZ5Q3EzcWhPRnZxanZYVENnPT0=
> objectClass: inetOrgPerson
> objectClass: CourierMailAccount
> objectClass: top
> structuralObjectClass: inetOrgPerson
> entryUUID: 393153d0-7599-102b-9e73-b993dfe12554
> creatorsName: cn=admin,dc=logonserver,dc=lan
> createTimestamp: 20070402190802Z
> entryCSN: 20070402190802Z#000000#00#000000
> modifiersName: cn=admin,dc=logonserver,dc=lan
> modifyTimestamp: 20070402190802Z

The userPassword decodes to {MD5}Tlu66vyCq3qhOFvqjvXTCg==

which base-64 decodes to 16 bytes:
4e5bbaeafc82ab7aa1385bea8ef5d30a

Using google as a password cracker suggests that the password is "intel"

$ echo -n "intel" | md5sum
4e5bbaeafc82ab7aa1385bea8ef5d30a  -

OK.

Now, that looks reasonable to me as an MD5 hash. Are you using LDAP_AUTHBIND
1 (which means the LDAP server checks the password) or 0 (which means
courier-authdaemon does)?

Checking the courier-authlib source: a password which starts {MD5} is
checked using md5_hash_courier, which checks {MD5} followed by a
base64-encoded MD5 hash of the password, so this should be OK.

But I'm not sure what format openldap expects for {MD5} passwords.

But without the debug dump, there are all sorts of other places where LDAP
authentication could fail.

Regards,

Brian.

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Courier-imap mailing list
Courier-imap@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap

Reply via email to