Charles Lacroix wrote:
On Thursday 06 July 2006 16:57, you wrote:
On Thu, July 6, 2006 4:45 pm, Charles Lacroix wrote:
On Thursday 06 July 2006 16:19, Jay Lee wrote:
On Thu, July 6, 2006 4:07 pm, Charles Lacroix wrote:
Ok, i see, for the moment i didn't play with TLS/SSL as i wanted to
get this thing to work before i start playing with ssl and tls. As i
like to eliminate potential problems :)
No problem, you can authenticate via plaintext, but you should have
something secure in place in a live system. But to verify that that was
the issue try this:
#telnet imap.server.dns.name 143
a01 login validuser validpass
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE
THREAD=ORDEREDSUBJECT
THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION STARTTLS] Courier-IMAP
ready. Copyright 1998-2005 Double Precision, Inc. See COPYING for
distribution information. a0 login Test8 test8 a0 NO Login failed.
Connection closed by foreign host.
What is maillog saying at this point? Do you have DEBUG_LOGIN=2 set in
/etc/authlib/authdaemonrc, this will give more verbose logging results...
Jay
Hi, thanks for taking this on with me, i will write some documentation on this
issue I'm dealing with and I'll give you a copy of it so we can add cool
solutions to your software :)
Anyways that said, here is the extra logging you wanted. My DEBUG_LOGIN=2 from
day 1 as i am trying to debug :)
Jul 7 08:28:27 libre-95 authdaemond: received auth request, service=imap,
authtype=login
Jul 7 08:28:27 libre-95 authdaemond: authldap: trying this module
Jul 7 08:28:27 libre-95 authdaemond: selected ldap protocol version 3
Jul 7 08:28:27 libre-95 authdaemond: binding to LDAP server as DN '<null>',
password '<null>'
Jul 7 08:28:27 libre-95 authdaemond: using search filter:
([EMAIL PROTECTED])
Jul 7 08:28:28 libre-95 authdaemond: one entry returned, DN:
cn=Test8,ou=test,o=csf
Jul 7 08:28:28 libre-95 authdaemond: raw ldap entry returned:
Jul 7 08:28:28 libre-95 authdaemond: | mail: [EMAIL PROTECTED]
Jul 7 08:28:28 libre-95 authdaemond: | uid: Test8
Jul 7 08:28:28 libre-95 authdaemond: | cn: Test8
Jul 7 08:28:28 libre-95 authdaemond: authldaplib: sysusername=<null>,
sysuserid=10001, sysgroupid=10001, homedir=/var/courrier2/Test8,
[EMAIL PROTECTED], fullname=Test8, maildir=<null>,
quota=<null>, options=<null>
Jul 7 08:28:28 libre-95 authdaemond: authldaplib: clearpasswd=<null>,
passwd=<null>
Jul 7 08:28:28 libre-95 authdaemond: no password to compare against!
Jul 7 08:28:28 libre-95 authdaemond: authldap: REJECT - try next module
Jul 7 08:28:28 libre-95 authdaemond: FAIL, all modules rejected
Jul 7 08:28:28 libre-95 imapd: LOGIN FAILED,
[EMAIL PROTECTED], ip=[::ffff:199.202.105.98]
I changed the imapd config to have AUTH=PLAIN this way i push clear password
to courier-imapd ( with telnet ) than that is being sent to
courier-authlib-ldap and from there I'm wondering how can i configure this
part to send clear password to ldap eDirectory instead of asking ldap for the
clear pass.
Thanks alot,
Looking at your authldaprc file and comparing it to my working config,
try:
-Comment out LDAP_BINDDN and LDAP_BINDPW or else configure them for a
user that has rights to search the tree for objects (i.e. using admin
for this is probably not neccessary and is a security risk). By
default, NDS should allow anonymous LDAP binds to search the tree for
basic attributes like uid and mail so leaving them blank will result in
anonymous binds which should work unless your eDirectory admin has gone
zealous with permissions...
-Comment out LDAP_CRYPTPW field
-Uncomment LDAP_AUTHBIND and set it to 1
With these options set, Courier will first bind to LDAP as either
anonymous or as the user set in LDAP_BINDDN. It will then search the
tree for the LDAP_MAIL attribute and if it finds it, will attempt to
rebind as that DN with the given password, if the bind is successful,
the user is proven authenticated.
Jay
|
