I've had better luck matching my users via sAMAccountName rather than mail. I'm running DBMail 2.2.9 currently with this configuration for my LDAP server.
[LDAP] PORT = 389 VERSION = 3 HOSTNAME = dc.domain.com BASE_DN = DC=domain,DC=com BIND_DN = CN=someuser,DC=domain,DC=com BIND_PW = *** SCOPE = SubTree CN_STRING = sAMAccountName FIELD_PASSWD = userPassword FIELD_UID = sAMAccountName FIELD_NID = uSNCreated MIN_NID = 10000 MAX_NIC = 20000 FIELD_CID = gidNumber MIN_CID = 10000 MAX_CID = 20000 FIELD_MAIL = mail FIELD_QUOTA = mailQuota FIELD_FWDTARGET = mailForwardingAddress On Thu, Sep 4, 2008 at 3:07 AM, Adam Lyjak <[EMAIL PROTECTED]> wrote: > > Hi to all, > > I spent last 3 days trying to run dbmail ldap auth (pop3) to our Active > Directory server. I even strace the "dbmail-user -l" and discovered a > problem ... but can't find a solution ;[ Can anyone give me some advise ? > > dbmail version is 2.2.10 > > dbmail ldap configuration: > > [LDAP] > PORT = 389 > VERSION = 3 > HOSTNAME = ldap.my_firm.pl > BASE_DN =DC=my_firm,DC=pl > BIND_DN =CN=my_user,OU=DRI,OU=Employees,DC=my_firm,DC=pl > BIND_PW =my_password > CN_STRING =mail > FIELD_UID =mail > FIELD_MAIL =mail > SCOPE =SubTree > USER_OBJECTCLASS =top,person,organizationalPerson,user > > I was trying to set FIELD_UID and CN_STRING to different values > (sAMAccountName/userPrincipalName), and get the auth failure all the time. > Now i set FIELD_UID and FIELD_MAIL to the same value to show the problem > > Now, when I run dbmail-users -l [EMAIL PROTECTED], i get: > > Sep 02 16:40:05 server.my_firm.p dbmail-users[19243]: Debug:[auth] > authldap.c,auth_ldap_bind(+122): binding to ldap server as > [CN=my_user,OU=DRI,OU=Employees,DC=my_firm,DC=pl] / [xxxxxxxx] > Sep 02 16:40:05 server.my_firm.p dbmail-users[19243]: Debug:[auth] > authldap.c,auth_ldap_bind(+135): successfully bound to ldap server > Sep 02 16:40:05 server.my_firm.p dbmail-users[19243]: Debug:[auth] > authldap.c,auth_search(+258): [([EMAIL PROTECTED])] > Sep 02 16:40:05 server.my_firm.p dbmail-users[19243]: Debug:[auth] > authldap.c,__auth_get_first_match(+658): returnid [(null)] > Sep 02 16:40:05 server.my_firm.p dbmail-users[19243]: Debug:[auth] > authldap.c,auth_user_exists(+689): returned value is [0] > Sep 02 16:40:05 server.my_firm.p dbmail-users[19243]: Debug:[auth] > authldap.c,auth_check_user_ext(+899): checking user [EMAIL PROTECTED] in > alias table > Sep 02 16:40:05 server.my_firm.p dbmail-users[19243]: Debug:[auth] > authldap.c,auth_check_user_ext(+904): searching with query > [([EMAIL PROTECTED])], checks [0] > Sep 02 16:40:05 server.my_firm.p dbmail-users[19243]: Debug:[auth] > authldap.c,auth_search(+258): [([EMAIL PROTECTED])] > Sep 02 16:40:05 server.my_firm.p dbmail-users[19243]: Debug:[auth] > authldap.c,__auth_get_every_match(+580): scan results for DN: > [CN=apps_user,CN=Users,DC=my_firm,DC=pl] > Sep 02 16:40:05 server.my_firm.p dbmail-users[19243]: Debug:[auth] > authldap.c,__auth_get_every_match(+583): ldap_get_values [] > Sep 02 16:40:05 server.my_firm.p dbmail-users[19243]: Debug:[auth] > authldap.c,auth_check_user_ext(+931): into checking loop > Nothing found searching for [EMAIL PROTECTED] > > > It looks like __auth_get_first_match can't find the proper values, but > __auth_get_every_match(+580) can do that. "strace -f -S 1024" shows that > both functions get the same data from ldap server. > > data in ActiveDirectory looks like this: > > ldapsearch -x -LLL -b 'DC=my_firm,DC=pl' -Hldap://ldap.my_firm.pl -W -D > "[EMAIL PROTECTED]" cn=apps_user > Enter LDAP Password: > dn: CN=apps_user,CN=Users,DC=my_firm,DC=pl > objectClass: top > objectClass: person > objectClass: organizationalPerson > objectClass: user > cn: apps_user > givenName: apps_user > distinguishedName: CN=apps_user,CN=Users,DC=my_firm,DC=pl > instanceType: 4 > whenCreated: 20080808140657.0Z > whenChanged: 20080902120454.0Z > displayName: apps_user > uSNCreated: 25204 > memberOf: CN=Domain Admins,CN=Users,DC=my_firm,DC=pl > uSNChanged: 65673 > name: apps_user > objectGUID:: URL2zh0H50uxwBF96yHT5A== > userAccountControl: 66048 > badPwdCount: 0 > codePage: 0 > countryCode: 0 > badPasswordTime: 128648187786551981 > lastLogoff: 0 > lastLogon: 128648188093577336 > pwdLastSet: 128626787295653432 > primaryGroupID: 513 > userParameters:: > bTogICAgICAgICAgICAgICAgICAgIGQBICAgICAgICAgICAgICAgICAgICAgI > CAg > objectSid:: AQUAAAAAAAUVAAAAtScH5y3ZLyPfbmo/gAQAAA== > adminCount: 1 > accountExpires: 9223372036854775807 > logonCount: 0 > sAMAccountName: apps_user > sAMAccountType: 805306368 > userPrincipalName: [EMAIL PROTECTED] > objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=my_firm,DC=pl > lastLogonTimestamp: 128645955861799667 > unixUserPassword: password > mail: [EMAIL PROTECTED] > > # refldap://ForestDnsZones.my_firm.pl/DC=ForestDnsZones,DC=my_firm,DC=pl > > # refldap://DomainDnsZones.my_firm.pl/DC=DomainDnsZones,DC=my_firm,DC=pl > > # refldap://my_firm.pl/CN=Configuration,DC=my_firm,DC=pl > > Any ideas how to force dbmail to find proper values by the > auth_get_first_match ? > > Thanks > -- > View this message in context: > http://www.nabble.com/ldap-%28active-directory%29-auth-problem-tp19270195p19270195.html > Sent from the dbmail users mailing list archive at Nabble.com. > > _______________________________________________ > DBmail mailing list > [email protected] > https://mailman.fastxs.nl/mailman/listinfo/dbmail > -- [ Brandon Adams ] bmadams at gmail dot com _______________________________________________ DBmail mailing list [email protected] https://mailman.fastxs.nl/mailman/listinfo/dbmail
