On Fri, Apr 06, 2007 at 04:50:24AM +0200, Jax wrote: > But at this point it gets more interesting because I installed courier > ldap on an other ubuntu machine (up2date in vmware) for testing and I > got exactly the same error which means that I must have some problem > with the LDAP schema so I did a dump. Here is my john user what I > created for test:
And can you paste the complete debug output from authdaemond when this particular person tries to login? > dn: cn=john,ou=Courier,ou=Services,dc=logonserver,dc=lan > uid: [EMAIL PROTECTED] > mail: [EMAIL PROTECTED] > sn: john > cn: john > uidNumber: 1005 > gidNumber: 102 > homeDirectory: /home/users/user1 > userPassword:: e01ENX1UbHU2NnZ5Q3EzcWhPRnZxanZYVENnPT0= > objectClass: inetOrgPerson > objectClass: CourierMailAccount > objectClass: top > structuralObjectClass: inetOrgPerson > entryUUID: 393153d0-7599-102b-9e73-b993dfe12554 > creatorsName: cn=admin,dc=logonserver,dc=lan > createTimestamp: 20070402190802Z > entryCSN: 20070402190802Z#000000#00#000000 > modifiersName: cn=admin,dc=logonserver,dc=lan > modifyTimestamp: 20070402190802Z The userPassword decodes to {MD5}Tlu66vyCq3qhOFvqjvXTCg== which base-64 decodes to 16 bytes: 4e5bbaeafc82ab7aa1385bea8ef5d30a Using google as a password cracker suggests that the password is "intel" $ echo -n "intel" | md5sum 4e5bbaeafc82ab7aa1385bea8ef5d30a - OK. Now, that looks reasonable to me as an MD5 hash. Are you using LDAP_AUTHBIND 1 (which means the LDAP server checks the password) or 0 (which means courier-authdaemon does)? Checking the courier-authlib source: a password which starts {MD5} is checked using md5_hash_courier, which checks {MD5} followed by a base64-encoded MD5 hash of the password, so this should be OK. But I'm not sure what format openldap expects for {MD5} passwords. But without the debug dump, there are all sorts of other places where LDAP authentication could fail. Regards, Brian. ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Courier-imap mailing list Courier-imap@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap