At 16:01 2001-04-21, Arek Dreyer wrote:
>I'm trying to get APOP working...
Are you aware that you need to store the passwords in plain text on the
ldap server to be able to use APOP? You can't store them crypted/hashed
since the mail server needs the actual password to be able to verify the
challenge from the mail client.
This is one of the problems with APOP - instead of plaintext passwords on
the wire you get plaintext passwords on the server.
Patrik
>Here is the output from a recordio'd and DEBUGLEVEL=255 qmail-pop3d:
>I try to connect with the user arek.dreyer and notice the following:
>
>ldap_lookup: rebind with cn=Arek D Dreyer,
> dc=fwp,dc=pvt,dc=k12,dc=il,dc=us failed (Invalid credentials)
>warning: check_ldap: ldap_lookup not successful!
>authentication with ldap was not successful
>warning: auth_error: authorization failed (rebinding to ldap server failed)
>1050 > -ERR authorization failed
>1050 > [EOF]
>
>I try with another user, and it tries to rebind what that user.
>
>ldap_lookup: search for (uid=kate.dreyer) succeeded
>ldap_lookup: rebind with cn=Kathleen C Dreyer,
> dc=fwp,dc=pvt,dc=k12,dc=il,dc=us failed (Invalid credentials)
> warning: check_ldap: ldap_lookup not successful!
>authentication with ldap was not successful
>warning: auth_error: authorization failed (rebinding to ldap server failed)
> > -ERR authorization failed
> > [EOF]
>
>I try it without APOP and things work fine.
>
>ldap_lookup: search for (uid=kate.dreyer) succeeded
>ldap_lookup: rebind with cn=Kathleen C Dreyer,
> dc=fwp,dc=pvt,dc=k12,dc=il,dc=us succeeded
>ldap_get_userinfo: qmailUID: 1004 (default)
>ldap_get_userinfo: qmailGID: 1005 (default)
>ldap_get_userinfo: uid: kate.dreyer (from server)
>ldap_get_userinfo: accountStatus: undefined
>ldap_get_userinfo: mailHost: fwp-5.fwp.pvt.k12.il.us (from server)
>ldap_get_userinfo: mailMessageStore & homeDirectory:
> homeDirectory=undefined mailMessageStore=kate.dreyer
> (from server) using /home/email/ as prefix
> homeDirectory=(null pointer) & mailMessageStore=/home/email//kate.dreyer
>check_ldap: ldap_lookup sucessfully authenticated with rebind
>auth_success: login=kate.dreyer, uid=1004, gid=1005,
> home=/home/email//kate.dreyer, maildir=,
> aliasempty=Maildir, hdm=/var/qmail/bin/create_homedir
>auth_success: setgid succeeded (1005)
>auth_success: setuid succeeded (1004)
>auth_success: environment successfully set: USER=kate.dreyer,
> HOME=/home/email//kate.dreyer, MAILDIR=unset using aliasempty
> > +OK
