Hi to all, I spent last 3 days trying to run dbmail ldap auth (pop3) to our Active Directory server. I even strace the "dbmail-user -l" and discovered a problem ... but can't find a solution ;[ Can anyone give me some advise ?
dbmail version is 2.2.10 dbmail ldap configuration: [LDAP] PORT = 389 VERSION = 3 HOSTNAME = ldap.my_firm.pl BASE_DN =DC=my_firm,DC=pl BIND_DN =CN=my_user,OU=DRI,OU=Employees,DC=my_firm,DC=pl BIND_PW =my_password CN_STRING =mail FIELD_UID =mail FIELD_MAIL =mail SCOPE =SubTree USER_OBJECTCLASS =top,person,organizationalPerson,user I was trying to set FIELD_UID and CN_STRING to different values (sAMAccountName/userPrincipalName), and get the auth failure all the time. Now i set FIELD_UID and FIELD_MAIL to the same value to show the problem Now, when I run dbmail-users -l [EMAIL PROTECTED], i get: Sep 02 16:40:05 server.my_firm.p dbmail-users[19243]: Debug:[auth] authldap.c,auth_ldap_bind(+122): binding to ldap server as [CN=my_user,OU=DRI,OU=Employees,DC=my_firm,DC=pl] / [xxxxxxxx] Sep 02 16:40:05 server.my_firm.p dbmail-users[19243]: Debug:[auth] authldap.c,auth_ldap_bind(+135): successfully bound to ldap server Sep 02 16:40:05 server.my_firm.p dbmail-users[19243]: Debug:[auth] authldap.c,auth_search(+258): [([EMAIL PROTECTED])] Sep 02 16:40:05 server.my_firm.p dbmail-users[19243]: Debug:[auth] authldap.c,__auth_get_first_match(+658): returnid [(null)] Sep 02 16:40:05 server.my_firm.p dbmail-users[19243]: Debug:[auth] authldap.c,auth_user_exists(+689): returned value is [0] Sep 02 16:40:05 server.my_firm.p dbmail-users[19243]: Debug:[auth] authldap.c,auth_check_user_ext(+899): checking user [EMAIL PROTECTED] in alias table Sep 02 16:40:05 server.my_firm.p dbmail-users[19243]: Debug:[auth] authldap.c,auth_check_user_ext(+904): searching with query [([EMAIL PROTECTED])], checks [0] Sep 02 16:40:05 server.my_firm.p dbmail-users[19243]: Debug:[auth] authldap.c,auth_search(+258): [([EMAIL PROTECTED])] Sep 02 16:40:05 server.my_firm.p dbmail-users[19243]: Debug:[auth] authldap.c,__auth_get_every_match(+580): scan results for DN: [CN=apps_user,CN=Users,DC=my_firm,DC=pl] Sep 02 16:40:05 server.my_firm.p dbmail-users[19243]: Debug:[auth] authldap.c,__auth_get_every_match(+583): ldap_get_values [] Sep 02 16:40:05 server.my_firm.p dbmail-users[19243]: Debug:[auth] authldap.c,auth_check_user_ext(+931): into checking loop Nothing found searching for [EMAIL PROTECTED] It looks like __auth_get_first_match can't find the proper values, but __auth_get_every_match(+580) can do that. "strace -f -S 1024" shows that both functions get the same data from ldap server. data in ActiveDirectory looks like this: ldapsearch -x -LLL -b 'DC=my_firm,DC=pl' -Hldap://ldap.my_firm.pl -W -D "[EMAIL PROTECTED]" cn=apps_user Enter LDAP Password: dn: CN=apps_user,CN=Users,DC=my_firm,DC=pl objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: apps_user givenName: apps_user distinguishedName: CN=apps_user,CN=Users,DC=my_firm,DC=pl instanceType: 4 whenCreated: 20080808140657.0Z whenChanged: 20080902120454.0Z displayName: apps_user uSNCreated: 25204 memberOf: CN=Domain Admins,CN=Users,DC=my_firm,DC=pl uSNChanged: 65673 name: apps_user objectGUID:: URL2zh0H50uxwBF96yHT5A== userAccountControl: 66048 badPwdCount: 0 codePage: 0 countryCode: 0 badPasswordTime: 128648187786551981 lastLogoff: 0 lastLogon: 128648188093577336 pwdLastSet: 128626787295653432 primaryGroupID: 513 userParameters:: bTogICAgICAgICAgICAgICAgICAgIGQBICAgICAgICAgICAgICAgICAgICAgI CAg objectSid:: AQUAAAAAAAUVAAAAtScH5y3ZLyPfbmo/gAQAAA== adminCount: 1 accountExpires: 9223372036854775807 logonCount: 0 sAMAccountName: apps_user sAMAccountType: 805306368 userPrincipalName: [EMAIL PROTECTED] objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=my_firm,DC=pl lastLogonTimestamp: 128645955861799667 unixUserPassword: password mail: [EMAIL PROTECTED] # refldap://ForestDnsZones.my_firm.pl/DC=ForestDnsZones,DC=my_firm,DC=pl # refldap://DomainDnsZones.my_firm.pl/DC=DomainDnsZones,DC=my_firm,DC=pl # refldap://my_firm.pl/CN=Configuration,DC=my_firm,DC=pl Any ideas how to force dbmail to find proper values by the auth_get_first_match ? Thanks -- View this message in context: http://www.nabble.com/ldap-%28active-directory%29-auth-problem-tp19270195p19270195.html Sent from the dbmail users mailing list archive at Nabble.com. _______________________________________________ DBmail mailing list [email protected] https://mailman.fastxs.nl/mailman/listinfo/dbmail
