I'm new to qmail-ldap but have experience with qmail. I've built
qmail-ldap from the FreeBSD port:
Radish# pkg_info -c '*qmail*'
Information for qmail-ldap2-with_tls-1.03.20020901
and configured per info in the docs:
* Life With Qmail LDAP
* Using OpenLDAP v2.x with Qmail and CourierImap
* Mr Zesty's Brin Dump: qmail LDAP
I've populated with a couple users and I can SMTP in and watch it
delivery to any of the variant mailAlternateAddress attributes. Great
so far.
I have set my test user `cshenton' password to `cshenton' like:
Radish# ldappasswd -xv -w secret -D "cn=Manager,ou=Headquarters,o=National
Aeronautics and Space Administration,c=US" -s cshenton
"uid=cshenton,ou=accounts,ou=Headquarters,o=National Aeronautics and Space
Administration,c=US"
ldap_initialize( <DEFAULT> )
Result: Success (0)
I haven't been able to get POP to authenticate my user to retrieve
mail and I can't tell why. My POP session looks like this, complete
with lame test passwords:
[EMAIL PROTECTED](346> telnet radish.saic.hq.nasa.gov pop3
Connected to radish.saic.hq.nasa.gov.
Escape character is '^]'.
+OK <[EMAIL PROTECTED]>
user cshenton
+OK
pass cshenton
-ERR user record incorrect
Connection closed by foreign host.
Does "user record incorrect" mean the authentication failed, or
there's something more seriously wrong? I've included various config
files and logs below. Any pointers would be appreciated.
Thanks.
My qmail-ldap control/ldaplogin:
cn=qmail,ou=Headquarters,o=National Aeronautics and Space Administration,c=US
and control/ldappassword:
qmailsecret
My slapd.conf:
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetOrgPerson.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/qmail.schema
loglevel 4095
schemacheck on
pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
database ldbm
suffix "ou=Headquarters,o=National Aeronautics and Space Administration,c=US"
rootdn "cn=Manager,ou=Headquarters,o=National Aeronautics and Space
Administration,c=US"
rootpw secret
directory /var/db/openldap-ldbm
index objectClass eq
index cn,sn,uid pres,eq
index mail,mailAlternateAddress eq
I had some ACLs defined by commented them out to avoid complication.
LDAP emits plenty of logs and I'm still learning how to interpret
them. Below I'll just include ones which seem significant; it would be
a little difficult for me to post complete logs to a public site but I
could if it would be helpful:
daemon: activity on 1 descriptors
connection_read(9): checking for input on id=3
ber_get_next on fd 9 failed errno=35 (Resource temporarily unavailable)
[should I be worried about the above ber_get_next failure?]
=> access_allowed: auth access to "cn=qmail,ou=Headquarters,o=National Aeronautics and
Space Administration,c=US" "userPassword" requested
=> access_allowed: backend default auth access granted to ""
====> cache_return_entry_r( 4 ): returned (0)
do_bind: v2 bind:
Aeronautics and Space Administration,c=US" to "cn=qmail,ou=Headquarters,o=National
Aeronautics and Space Administration,c=US"
connection_read(9): checking for input on id=3
ber_get_next on fd 9 failed errno=35 (Resource temporarily unavailable)
[again, should fd 9 failure bother me?]
end get_filter 0
filter: (&(objectClass=qmailuser)(uid=cshenton))
attrs:
uid
qmailUID
qmailGID
accountStatus
mailHost
mailMessageStore
homeDirectory
userPassword
conn=3 op=1 SRCH base="ou=Headquarters,o=National Aeronautics and Space
Administration,c=US" scope=2 filter="(&(objectClass=qmailuser)(uid=cshenton))"
=> access_allowed: read access to "uid=cshenton,ou=accounts,ou=Headquarters,o=National
Aeronautics and Space Administration,c=US" "entry" requested
=> access_allowed: backend default read access granted to
"cn=qmail,ou=Headquarters,o=National Aeronautics and Space Administration,c=US"
=> access_allowed: read access to "uid=cshenton,ou=accounts,ou=Headquarters,o=National
Aeronautics and Space Administration,c=US" "mailHost" requested
=> access_allowed: backend default read access granted to
"cn=qmail,ou=Headquarters,o=National Aeronautics and Space Administration,c=US"
=> access_allowed: read access to "uid=cshenton,ou=accounts,ou=Headquarters,o=National
Aeronautics and Space Administration,c=US" "mailHost" requested
=> access_allowed: backend default read access granted to
"cn=qmail,ou=Headquarters,o=National Aeronautics and Space Administration,c=US"
=> access_allowed: read access to "uid=cshenton,ou=accounts,ou=Headquarters,o=National
Aeronautics and Space Administration,c=US" "mailMessageStore" requested
=> access_allowed: backend default read access granted to
"cn=qmail,ou=Headquarters,o=National Aeronautics and Space Administration,c=US"
=> access_allowed: read access to "uid=cshenton,ou=accounts,ou=Headquarters,o=National
Aeronautics and Space Administration,c=US" "mailMessageStore" requested
=> access_allowed: backend default read access granted to
"cn=qmail,ou=Headquarters,o=National Aeronautics and Space Administration,c=US"
=> access_allowed: read access to "uid=cshenton,ou=accounts,ou=Headquarters,o=National
Aeronautics and Space Administration,c=US" "uid" requested
=> access_allowed: backend default read access granted to
"cn=qmail,ou=Headquarters,o=National Aeronautics and Space Administration,c=US"
=> access_allowed: read access to "uid=cshenton,ou=accounts,ou=Headquarters,o=National
Aeronautics and Space Administration,c=US" "uid" requested
=> access_allowed: backend default read access granted to
"cn=qmail,ou=Headquarters,o=National Aeronautics and Space Administration,c=US"
=> access_allowed: read access to "uid=cshenton,ou=accounts,ou=Headquarters,o=National
Aeronautics and Space Administration,c=US" "accountStatus" requested
=> access_allowed: backend default read access granted to
"cn=qmail,ou=Headquarters,o=National Aeronautics and Space Administration,c=US"
=> access_allowed: read access to "uid=cshenton,ou=accounts,ou=Headquarters,o=National
Aeronautics and Space Administration,c=US" "accountStatus" requested
=> access_allowed: backend default read access granted to
"cn=qmail,ou=Headquarters,o=National Aeronautics and Space Administration,c=US"
=> access_allowed: read access to "uid=cshenton,ou=accounts,ou=Headquarters,o=National
Aeronautics and Space Administration,c=US" "userPassword" requested
=> access_allowed: backend default read access granted to
"cn=qmail,ou=Headquarters,o=National Aeronautics and Space Administration,c=US"
=> access_allowed: read access to "uid=cshenton,ou=accounts,ou=Headquarters,o=National
Aeronautics and Space Administration,c=US" "userPassword" requested
=> access_allowed: backend default read access granted to
"cn=qmail,ou=Headquarters,o=National Aeronautics and Space Administration,c=US"
conn=3 op=1 ENTRY dn="uid=cshenton,ou=accounts,ou=Headquarters,o=National Aeronautics
and Space Administration,c=US"
<= send_search_entry
====> cache_return_entry_r( 8 ): returned (0)
daemon: select: listen=8 active_threads=1 tvp=NULL
send_ldap_search_result 0::
send_ldap_response: msgid=2 tag=101 err=0
conn=3 op=1 SEARCH RESULT tag=101 err=0 text=
daemon: activity on 1 descriptors
daemon: activity on:
9r
daemon: read activity on 9
connection_get(9)
connection_get(9): got connid=3
connection_read(9): checking for input on id=3
ber_get_next on fd 9 failed errno=0 (Undefined error: 0)
connection_read(9): input error=-2 id=3, closing.
connection_closing: readying conn=3 sd=9 for close
connection_close: deferring conn=3 sd=9
do_unbind
conn=3 op=2 UNBIND
connection_resched: attempting closing conn=3 sd=9
connection_close: conn=3 sd=9
daemon: removing 9
conn=-1 fd=9 closed
