Re: [Courier-imap] advanced courier ldap auth problem almost solved

Thu, 05 Apr 2007 23:41:58 -0700 

Sam Varshavchik wrote:
> Jax writes:
>
>> Brian Candler wrote:
>>> On Tue, Apr 03, 2007 at 01:23:58AM +0200, Jax wrote:
>>>  
>>>>>> authdaemon: starting client module
>>>>>> authdaemon: REJECT
>>>>>> authdaemon: REJECT
>>>>>>         
>>>>> Turn up debugging.  Set DEBUG_LOGIN=2 in authdaemonrc.
>>>>>

Well the only problem was that DEBUG_LOGIN=2 is not uppercase but 
lowercase. Now I see what cause the problem:

Sep 18 06:03:18 Slider authdaemond.ldap: received auth request, 
service=imap, authtype=login
Sep 18 06:03:18 Slider authdaemond.ldap: authldap: trying this module
Sep 18 06:03:18 Slider authdaemond.ldap: using search filter: 
(&(objectClass=CourierMailAccount)([EMAIL PROTECTED]))
Sep 18 06:03:19 Slider authdaemond.ldap: one entry returned, DN: 
cn=john,ou=Courier,ou=Services,dc=logonserver,dc=lan
Sep 18 06:03:19 Slider authdaemond.ldap: raw ldap entry returned:
Sep 18 06:03:19 Slider authdaemond.ldap: | mail: [EMAIL PROTECTED]
Sep 18 06:03:19 Slider authdaemond.ldap: | cn: john
Sep 18 06:03:19 Slider authdaemond.ldap: | homeDirectory: /home/users/user1
Sep 18 06:03:19 Slider authdaemond.ldap: | userPassword: 
{MD5}Tlu66vyCq3qhOFvqjvXTCg==
Sep 18 06:03:19 Slider authdaemond.ldap: authldaplib: 
[EMAIL PROTECTED], sysuserid=1017, sysgroupid=1017, 
homedir=/home/users/user1, [EMAIL PROTECTED], fullname=john, 
maildir=<null>, quota=<null>, options=<null>
Sep 18 06:03:19 Slider authdaemond.ldap: authldaplib: 
clearpasswd=<null>, passwd={MD5}Tlu66vyCq3qhOFvqjvXTCg==
Sep 18 06:03:19 Slider authdaemond.ldap: rebinding with DN 
'cn=john,ou=Courier,ou=Services,dc=logonserver,dc=lan' to validate password
Sep 18 06:03:19 Slider authdaemond.ldap: authentication bind failed, 
invalid credentials
Sep 18 06:03:19 Slider authdaemond.ldap: authldap: REJECT - try next module
Sep 18 06:03:19 Slider authdaemond.ldap: FAIL, all modules rejected

It tries to rebind the connection using the john credential, but 
everyone has read permission to everything atm. So do I need to give any 
other specific privilege for someone to "log in" to ldap?! I already 
added the posixuser attribute to it.

Regards,

Jax


-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Courier-imap mailing list
Courier-imap@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap

Reply via email to