Charles Lacroix wrote:
Looking at your authldaprc file and comparing it to my working config, try:On Thursday 06 July 2006 16:57, you wrote:On Thu, July 6, 2006 4:45 pm, Charles Lacroix wrote:On Thursday 06 July 2006 16:19, Jay Lee wrote:On Thu, July 6, 2006 4:07 pm, Charles Lacroix wrote:Ok, i see, for the moment i didn't play with TLS/SSL as i wanted to get this thing to work before i start playing with ssl and tls. As i like to eliminate potential problems :)No problem, you can authenticate via plaintext, but you should have something secure in place in a live system. But to verify that that was the issue try this:#telnet imap.server.dns.name 143 a01 login validuser validpassEscape character is '^]'. * OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION STARTTLS] Courier-IMAP ready. Copyright 1998-2005 Double Precision, Inc. See COPYING for distribution information. a0 login Test8 test8 a0 NO Login failed. Connection closed by foreign host.What is maillog saying at this point? Do you have DEBUG_LOGIN=2 set in /etc/authlib/authdaemonrc, this will give more verbose logging results... JayHi, thanks for taking this on with me, i will write some documentation on this issue I'm dealing with and I'll give you a copy of it so we can add cool solutions to your software :) Anyways that said, here is the extra logging you wanted. My DEBUG_LOGIN=2 from day 1 as i am trying to debug :) Jul 7 08:28:27 libre-95 authdaemond: received auth request, service=imap, authtype=login Jul 7 08:28:27 libre-95 authdaemond: authldap: trying this module Jul 7 08:28:27 libre-95 authdaemond: selected ldap protocol version 3 Jul 7 08:28:27 libre-95 authdaemond: binding to LDAP server as DN '<null>', password '<null>' Jul 7 08:28:27 libre-95 authdaemond: using search filter: ([EMAIL PROTECTED]) Jul 7 08:28:28 libre-95 authdaemond: one entry returned, DN: cn=Test8,ou=test,o=csf Jul 7 08:28:28 libre-95 authdaemond: raw ldap entry returned: Jul 7 08:28:28 libre-95 authdaemond: | mail: [EMAIL PROTECTED] Jul 7 08:28:28 libre-95 authdaemond: | uid: Test8 Jul 7 08:28:28 libre-95 authdaemond: | cn: Test8 Jul 7 08:28:28 libre-95 authdaemond: authldaplib: sysusername=<null>, sysuserid=10001, sysgroupid=10001, homedir=/var/courrier2/Test8, [EMAIL PROTECTED], fullname=Test8, maildir=<null>, quota=<null>, options=<null> Jul 7 08:28:28 libre-95 authdaemond: authldaplib: clearpasswd=<null>, passwd=<null> Jul 7 08:28:28 libre-95 authdaemond: no password to compare against! Jul 7 08:28:28 libre-95 authdaemond: authldap: REJECT - try next module Jul 7 08:28:28 libre-95 authdaemond: FAIL, all modules rejected Jul 7 08:28:28 libre-95 imapd: LOGIN FAILED, [EMAIL PROTECTED], ip=[::ffff:199.202.105.98] I changed the imapd config to have AUTH=PLAIN this way i push clear password to courier-imapd ( with telnet ) than that is being sent to courier-authlib-ldap and from there I'm wondering how can i configure this part to send clear password to ldap eDirectory instead of asking ldap for the clear pass. Thanks alot, -Comment out LDAP_BINDDN and LDAP_BINDPW or else configure them for a user that has rights to search the tree for objects (i.e. using admin for this is probably not neccessary and is a security risk). By default, NDS should allow anonymous LDAP binds to search the tree for basic attributes like uid and mail so leaving them blank will result in anonymous binds which should work unless your eDirectory admin has gone zealous with permissions... -Comment out LDAP_CRYPTPW field -Uncomment LDAP_AUTHBIND and set it to 1 With these options set, Courier will first bind to LDAP as either anonymous or as the user set in LDAP_BINDDN. It will then search the tree for the LDAP_MAIL attribute and if it finds it, will attempt to rebind as that DN with the given password, if the bind is successful, the user is proven authenticated. Jay |
begin:vcard fn:Jay Lee n:Lee;Jay org:Philadelphia Biblical University;Information Technology Dept. email;internet:[EMAIL PROTECTED] title:Network / Systems Administrator x-mozilla-html:TRUE version:2.1 end:vcard
Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users