I was wondering if anyone is success fully running openldap from the debian packages with Courier IMAP's LDAP module for authentication.
I am getting strange timeouts on a remote client which is preventing successful authentication. I have tested logins with both Netscape and Mulberry. Mulberry gives me a timeout on successful authentication. It gives me an authentication error with the wrong password. Same with Netscape. I don't know how to get around this. remote client | [IMAP server]---auth----[LDAP Server] I am using the woody packages for Courier IMAP and Open-LDAP. ii courier-authda 0.37.3-1 Courier Mail Server authentication ii courier-base 0.37.3-1 Courier Mail Server Base System ii courier-debug 0.37.3-1 Debugging Tools for Courier Mail ii courier-doc 0.37.3-1 Documentation for the Courier Mail ii courier-imap 1.4.3-1 IMAP daemon with PAM and Maildir ii courier-ldap 0.37.3-1 LDAP support for Courier Mail Server ii maildrop 1.3.7-2 mail delivery agent with filtering The courier debugger on the server tells me that everything is working fine. It gets all the data it should. imap-mail:/home/ted# courierauthtest tester1 tester1 Authenticated: module authdaemon Home directory: /home/staff/tester1 UID/GID: 1001/1001 AUTHADDR=tester1 AUTHFULLNAME=test t. tinker I noticed something in the authldaprc file about openldap having memory leaks. Does anyone have any info on this ? ##VERSION: $Id: authldaprc,v 1.12 2001/11/19 01:04:17 mrsam Exp $ # # Copyright 2000-2001 Double Precision, Inc. See COPYING for # distribution information. # # Do not alter lines that begin with ##, they are used when upgrading # this configuration. # # authldaprc created from authldaprc.dist by sysconftool # # DO NOT INSTALL THIS FILE with world read permissions. This file # might contain the LDAP admin password! # # This configuration file specifies LDAP authentication parameters # # The format of this file must be as follows: # # field[spaces|tabs]value # # That is, the name of the field, followed by spaces or tabs, followed # by # field value. No trailing spaces. # # Here are the fields: ##NAME: LOCATION:0 # # Location of your LDAP server: #LDAP_SERVER ldap.example.com LDAP_SERVER 209.243.37.9 LDAP_PORT 389 ##NAME: LDAP_BASEDN:0 # # Look for authentication here: #LDAP_BASEDN o=example, c=com LDAP_BASEDN ou=mailaccounts,dc=washcoll,dc=edu ##NAME: LDAP_BINDDN:0 # You may or may not need to specify the following. Because you've got # a password here, authldaprc should not be world-readable!!! #LDAP_BINDDN cn=administrator, o=example, c=com LDAP_BINDDN cn=courier,dc=washcoll,dc=edu LDAP_BINDPW couriersecret #LDAP_BINDDN cn=admin,dc=washcoll,dc=edu #LDAP_BINDPW secret ##NAME: LDAP_TIMEOUT:0 # # Timeout for LDAP search LDAP_TIMEOUT 10 LDAP_AUTHBIND 0 ##NAME: LDAP_AUTHBIND:0 # # Define this to have the ldap server authenticate passwords. If # LDAP_AUTHBIND # the password is validated by rebinding with the supplied userid and # password. # If rebind succeeds, this is considered to be an authenticated request. # This # does not support CRAM-MD5 authentication, which requires userPassword. # # WARNING - as of the time this note is written, there are memory leaks # in # OpenLDAP that affect this option, see ITS #1116 in openldap.org's bug # tracker. Avoid using this option until these leaks are plugged. # # LDAP_AUTHBIND 1 ##NAME: LDAP_MAIL:0 # # Here's the field on which we query LDAP_MAIL mail ##NAME: LDAP_DOMAIN:0 # # The following default domain will be appended, if not explicitly # specified. # # LDAP_DOMAIN example.com LDAP_DOMAIN washcoll.edu ##NAME: LDAP_GLOB_IDS:0 # # The following two variables can be used to set everybody's uid and # gid. # This is convenient if your LDAP specifies a bunch of virtual mail # accounts # The values can be usernames or userids: # LDAP_GLOB_UID vmail LDAP_GLOB_GID vmail ##NAME: LDAP_HOMEDIR:0 # # We will retrieve the following attributes # # The HOMEDIR attribute MUST exist, and we MUST be able to chdir to it LDAP_HOMEDIR homeDirectory ##NAME: LDAP_MAILDIR:0 # # The MAILDIR attribute is OPTIONAL, and specifies the location of the # mail directory. If not specified, ./Maildir will be used #LDAP_MAILDIR mailDir ##NAME: LDAP_MAILDIRQUOTA:0 # # The following variable, if defined, specifies the field containing the # maildir quota, see README.maildirquota for more information # LDAP_MAILDIRQUOTA Quota #LDAP_MAILDIRQUOTA maildirQuota ##NAME: LDAP_FULLNAME:0 # # FULLNAME is optional, specifies the user's full name LDAP_FULLNAME cn ##NAME: LDAP_PW:0 # # CLEARPW is the clear text password. CRYPT is the crypted password. # ONE OF THESE TWO ATTRIBUTES IS REQUIRED. If CLEARPW is provided, and # libhmac.a is available, CRAM authentication will be possible! LDAP_CLEARPW clearPassword LDAP_CRYPTPW userPassword ##NAME: LDAP_IDS:0 # # Uncomment the following, and modify as appropriate, if your LDAP # database # stores individual userids and groupids. Otherwise, you must uncomment # LDAP_GLOB_UID and LDAP_GLOB_GID above. LDAP_GLOB_UID and # LDAP_GLOB_GID # specify a uid/gid for everyone. Otherwise, LDAP_UID and LDAP_GID must # be defined as attributes for everyone. # #LDAP_UID uidNumber #LDAP_GID gidNumber ##NAME: LDAP_DEREF:0 # # Determines how aliases are handled during a search. This option is # available # only with OpenLDAP 2.0 # # LDAP_DEREF can be one of the following values: # never, searching, finding, always. If not specified, aliases are # never dereferenced. LDAP_DEREF never ##NAME: LDAP_TLS:0 # # Set LDAP_TLS to 1 to enable LDAP over SSL/TLS. Experimental setting. # Requires OpenLDAP 2.0 # LDAP_TLS 0 My ldap info follows the example in the /usr/doc/courier-ldap package dn: [EMAIL PROTECTED],ou=mailaccounts,dc=washcoll,dc=edu objectclass: couriermailaccount mail: [EMAIL PROTECTED] mail: useradmin2 cn: mail user admin uidNumber: 1001 gidNumber: 1001 homedirectory: /home/staff/useradmin2 quota: 10M clearpassword: useradmin2 description: courier user admin no shell account dn: [EMAIL PROTECTED],ou=mailaccounts,dc=washcoll,dc=edu objectclass: couriermailaccount cn: test t. tinker homedirectory: /home/staff/tester1 mail: [EMAIL PROTECTED] mail: tester1 uidNumber: 1001 gidNumber: 1001 quota: 10M clearpassword: tester1 dn: [EMAIL PROTECTED],ou=mailaccounts,dc=washcoll,dc=edu objectclass: CourierMailAlias mail: [EMAIL PROTECTED] maildrop: tester1 dn: [EMAIL PROTECTED],ou=mailaccounts,dc=washcoll,dc=edu objectclass: CourierMailAlias mail: [EMAIL PROTECTED] maildrop: tester1 /etc/ldap/slapd.conf #schemas define the things that can be stored include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema #courier IMAP include /etc/ldap/schema/authldap.schema schemacheck on pidfile /var/run/slapd.pid argsfile /var/run/slapd.args ####################################################################### # ldbm database definitions ####################################################################### database ldbm suffix "dc=washcoll, dc=edu" rootdn "cn=admin, dc=washcoll, dc=edu" #change when working right rootpw secret replogfile /var/lib/ldap/replication.log directory /var/lib/ldap/ loglevel 4 defaultaccess read index cn,sn,uid,mail eq index objectClass eq #access Control list #prevent passwords from being displayed in the address books access to attr=userpassword,clearpassword,ldappassword by dn="cn=admin,dc=washcoll,dc=edu" write by dn="cn=courier,dc=washcoll,dc=edu" read by dn="cn=postfix,dc=washcoll,dc=edu" read by dn="mail=useradmin2,ou=mailaccounts,dc=washcoll,dc=edu" write by self write by anonymous auth by * none access to attr=objectclass by dn="cn=admin,dc=washcoll,dc=edu" write by dn="cn=courier,dc=washcoll,dc=edu" read by * none access to dn=".*,ou=mailaccounts,dc=washcoll,dc=edu" by dn="cn=admin,dc=washcoll,dc=edu" write by dn="mail=useradmin2,ou=mailaccounts,dc=washcoll,dc=edu" write by * read access to * by dn="cn=admin,dc=washcoll,dc=edu" write by * read Some logs from LDAP: Apr 11 23:38:00 moe2 slapd[3287]: connection_get(9) Apr 11 23:38:00 moe2 slapd[3288]: ==> ldbm_back_bind: dn: cn=courier,dc=washcoll,dc=edu Apr 11 23:38:00 moe2 slapd[3288]: send_ldap_result: 0:: Apr 11 23:38:00 moe2 slapd[3287]: connection_get(9) Apr 11 23:38:00 moe2 slapd[3288]: SRCH "ou=mailaccounts,dc=washcoll,dc=edu" 2 0 Apr 11 23:38:00 moe2 slapd[3288]: 0 0 0 Apr 11 23:38:00 moe2 slapd[3288]: filter: ([EMAIL PROTECTED]) Apr 11 23:38:00 moe2 slapd[3288]: attrs: Apr 11 23:38:00 moe2 slapd[3288]: homeDirectory Apr 11 23:38:00 moe2 slapd[3288]: cn Apr 11 23:38:00 moe2 slapd[3288]: clearPassword Apr 11 23:38:00 moe2 slapd[3288]: userPassword Apr 11 23:38:00 moe2 slapd[3288]: mail Apr 11 23:38:00 moe2 slapd[3288]: Quota Apr 11 23:38:00 moe2 slapd[3288]: Some logs from IMAP: Apr 11 22:56:19 imap imaplogin: Connection, ip=[::ffff:192.146.226.201] Apr 11 22:56:19 imap imaplogin: LOGIN, user=tester1, ip=[::ffff:192.146.226.201] Apr 11 22:56:50 imap imaplogin: Connection, ip=[::ffff:192.146.226.201] Apr 11 22:56:50 imap imaplogin: LOGIN, user=tester1, ip=[::ffff:192.146.226.201] I was testing from this script with this one, but even with the client nothing out of the ordinary is logged. #!/usr/bin/perl use Mail::IMAPClient; my $imap = Mail::IMAPClient->new( Server => '192.146.226.8', User => 'tester1', Password => 'tester1', ); # $imap->Debug($opt_d); # my @folders = $imap->folders; foreach my $f (@folders) { print "$f is a folder with ", $imap->message_count($f), " messages.\n"; } --------------------- Ted Knab -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]