On Friday 07 July 2006 09:13, Jay Lee wrote: > Charles Lacroix wrote: > > On Thursday 06 July 2006 16:57, you wrote: > >> On Thu, July 6, 2006 4:45 pm, Charles Lacroix wrote: > >>> On Thursday 06 July 2006 16:19, Jay Lee wrote: > >>>> On Thu, July 6, 2006 4:07 pm, Charles Lacroix wrote: > >>>>> Ok, i see, for the moment i didn't play with TLS/SSL as i wanted to > >>>>> get this thing to work before i start playing with ssl and tls. As i > >>>>> like to eliminate potential problems :) > >>>> > >>>> No problem, you can authenticate via plaintext, but you should have > >>>> something secure in place in a live system. But to verify that that > >>>> was the issue try this: > >>>> > >>>> #telnet imap.server.dns.name 143 > >>>> > >>>> > >>>> a01 login validuser validpass > >>> > >>> Escape character is '^]'. > >>> * OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE > >>> THREAD=ORDEREDSUBJECT > >>> THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION STARTTLS] Courier-IMAP > >>> ready. Copyright 1998-2005 Double Precision, Inc. See COPYING for > >>> distribution information. a0 login Test8 test8 a0 NO Login failed. > >>> Connection closed by foreign host. > >> > >> What is maillog saying at this point? Do you have DEBUG_LOGIN=2 set in > >> /etc/authlib/authdaemonrc, this will give more verbose logging > >> results... > >> > >> Jay > > > > Hi, thanks for taking this on with me, i will write some documentation on > > this issue I'm dealing with and I'll give you a copy of it so we can add > > cool solutions to your software :) > > > > Anyways that said, here is the extra logging you wanted. My DEBUG_LOGIN=2 > > from day 1 as i am trying to debug :) > > > > > > Jul 7 08:28:27 libre-95 authdaemond: received auth request, > > service=imap, authtype=login > > Jul 7 08:28:27 libre-95 authdaemond: authldap: trying this module > > Jul 7 08:28:27 libre-95 authdaemond: selected ldap protocol version 3 > > Jul 7 08:28:27 libre-95 authdaemond: binding to LDAP server as DN > > '<null>', password '<null>' > > Jul 7 08:28:27 libre-95 authdaemond: using search filter: > > ([EMAIL PROTECTED]) > > Jul 7 08:28:28 libre-95 authdaemond: one entry returned, DN: > > cn=Test8,ou=test,o=csf > > Jul 7 08:28:28 libre-95 authdaemond: raw ldap entry returned: > > Jul 7 08:28:28 libre-95 authdaemond: | mail: > > [EMAIL PROTECTED] Jul 7 08:28:28 libre-95 authdaemond: | > > uid: Test8 > > Jul 7 08:28:28 libre-95 authdaemond: | cn: Test8 > > Jul 7 08:28:28 libre-95 authdaemond: authldaplib: sysusername=<null>, > > sysuserid=10001, sysgroupid=10001, homedir=/var/courrier2/Test8, > > [EMAIL PROTECTED], fullname=Test8, maildir=<null>, > > quota=<null>, options=<null> > > Jul 7 08:28:28 libre-95 authdaemond: authldaplib: clearpasswd=<null>, > > passwd=<null> > > Jul 7 08:28:28 libre-95 authdaemond: no password to compare against! > > Jul 7 08:28:28 libre-95 authdaemond: authldap: REJECT - try next module > > Jul 7 08:28:28 libre-95 authdaemond: FAIL, all modules rejected > > Jul 7 08:28:28 libre-95 imapd: LOGIN FAILED, > > [EMAIL PROTECTED], ip=[::ffff:199.202.105.98] > > > > > > I changed the imapd config to have AUTH=PLAIN this way i push clear > > password to courier-imapd ( with telnet ) than that is being sent to > > courier-authlib-ldap and from there I'm wondering how can i configure > > this part to send clear password to ldap eDirectory instead of asking > > ldap for the clear pass. > > > > Thanks alot, > > Looking at your authldaprc file and comparing it to my working config, try: > > -Comment out LDAP_BINDDN and LDAP_BINDPW or else configure them for a > user that has rights to search the tree for objects (i.e. using admin > for this is probably not neccessary and is a security risk). By > default, NDS should allow anonymous LDAP binds to search the tree for > basic attributes like uid and mail so leaving them blank will result in > anonymous binds which should work unless your eDirectory admin has gone > zealous with permissions... > -Comment out LDAP_CRYPTPW field > -Uncomment LDAP_AUTHBIND and set it to 1 > > With these options set, Courier will first bind to LDAP as either > anonymous or as the user set in LDAP_BINDDN. It will then search the > tree for the LDAP_MAIL attribute and if it finds it, will attempt to > rebind as that DN with the given password, if the bind is successful, > the user is proven authenticated. > > Jay
Here is what i get this time, i have a feeling we are very close :) This is with LDAP_BINDDN off Jul 7 09:11:11 libre-95 imapd: Connection, ip=[::ffff:199.202.105.98] Jul 7 09:11:18 libre-95 authdaemond: received auth request, service=imap, authtype=login Jul 7 09:11:18 libre-95 authdaemond: authldap: trying this module Jul 7 09:11:18 libre-95 authdaemond: selected ldap protocol version 3 Jul 7 09:11:18 libre-95 authdaemond: binding to LDAP server as DN '<null>', password '<null>' Jul 7 09:11:18 libre-95 authdaemond: using search filter: (uid=test8) Jul 7 09:11:18 libre-95 authdaemond: one entry returned, DN: cn=Test8,ou=test,o=csf Jul 7 09:11:18 libre-95 authdaemond: raw ldap entry returned: Jul 7 09:11:18 libre-95 authdaemond: | uid: Test8 Jul 7 09:11:18 libre-95 authdaemond: | cn: Test8 Jul 7 09:11:18 libre-95 authdaemond: authldaplib: sysusername=<null>, sysuserid=10001, sysgroupid=10001, homedir=/var/courrier2/Test8, address=test8, fullname=Test8, maildir=<null>, quota=<null>, options=<null> Jul 7 09:11:18 libre-95 authdaemond: authldaplib: clearpasswd=<null>, passwd=<null> Jul 7 09:11:18 libre-95 authdaemond: rebinding with DN 'cn=Test8,ou=test,o=csf' to validate password Jul 7 09:11:18 libre-95 authdaemond: authentication bind failed, some other problem: Confidentiality required Jul 7 09:11:18 libre-95 authdaemond: authldap: TEMPFAIL - no more modules will be tried Jul 7 09:11:18 libre-95 imapd: LOGIN FAILED, user=test8, ip=[::ffff:199.202.105.98] Jul 7 09:11:18 libre-95 imapd: authentication error: Input/output error This is with LDAP_BINDDN Jul 7 09:20:16 libre-95 authdaemond: received auth request, service=pop3, authtype=login Jul 7 09:20:16 libre-95 authdaemond: authldap: trying this module Jul 7 09:20:16 libre-95 authdaemond: selected ldap protocol version 3 Jul 7 09:20:16 libre-95 authdaemond: binding to LDAP server as DN 'cn=clacroix, o=csf, ou=sti, ou=service', password 'xxxxx' Jul 7 09:20:16 libre-95 authdaemond: ldap_simple_bind_s failed: Confidentiality required Jul 7 09:20:16 libre-95 authdaemond: authldap: TEMPFAIL - no more modules will be tried Jul 7 09:20:16 libre-95 pop3d: LOGIN FAILED, user=test8, ip=[::ffff:199.202.105.98] Jul 7 09:20:16 libre-95 pop3d: authentication error: Input/output error i havn't googled yet on this will be doing so while i wait for response :) later -- Charles Lacroix, Administrateur UNIX. Service des télécommunications et des technologies Cégep de Sainte-Foy (418) 659-6600 # 4266 Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
