On Mon, Jan 03, 2005 at 11:45:44AM -0500, Daniel Corbe wrote: > On Mon, 3 Jan 2005 17:31:37 +0100, Claudio Jeker <[EMAIL PROTECTED]> wrote: > > On Mon, Jan 03, 2005 at 11:22:47AM -0500, Daniel Corbe wrote: > > > Hello, > > > > > > I'm attempting to set up qmail-pop3d for POP access to my Maildirs and > > > I can't seem to get the auth_pop module to do its job. > > > > > > I'm having several issues with the daemon > > > > > > 1) It gives me a "unable to write to pipe" error if auth_pop is > > > running as anything other than root > > > > > > 2) If auth_pop is running as root and I attempt to log in with either > > > [EMAIL PROTECTED] or username%domain or just plain old username, I get > > > authorization failed. Note that SMTP delivery works without a > > > problem. > > > > > > I'm not sure what to do. > > > > > > > ... > > > > > Okay, and this is the user which I'm trying to authenticate against: > > > > > > [EMAIL PROTECTED] control]# /var/qmail/bin/qmail-ldaplookup -d 255 -m > > > [EMAIL PROTECTED] > > > init_ldap: control/ldaplogin: > > > uid=qmail,ou=Scripts,dc=voipincorporated,dc=com > > > init_ldap: control/ldappassword: xxxxxxxxxxxxx > > > init_ldap: control/ldapserver: cliff.eglobalphone.com:389 > > > init_ldap: control/ldapbasedn: dc=voipincorporated,dc=com > > > init_ldap: control/ldapobjectclass: qmailuser > > > init_ldap: control/ldaptimeout: 30 > > > init_ldap: control/ldaprebind: 0 > > > init_ldap: control/ldapuid: 1025 > > > init_ldap: control/ldapgid: 1015 > > > init_ldap: control/ldapmessagestore: /usr/local/vpopmail/ > > > init_ldap: control/ldapdefaultdotmode: both > > > init_ldap: control/defaultquotasize: 0 > > > init_ldap: control/defaultquotacount: 0 > > > init: control/ldaplocaldelivery: 0 > > > init: control/ldapcluster: 0 > > > init: control/dirmaker: /usr/local/qmail/bin/dirmaker > > > > ... > > > > Why don't you try /var/qmail/bin/qmail-ldaplookup -d 255 -u <uid> -p > > <passwd>? > > Also try to set control/ldaprebind to 1 especially if you have slapd ACLs. > > > > -- > > :wq Claudio > > > > > Hey man > > [EMAIL PROTECTED] control]# /usr/local/qmail/bin/qmail-ldaplookup -d 255 > -u tuser -p test1234 > init_ldap: control/ldaplogin: uid=qmail,ou=Scripts,dc=voipincorporated,dc=com > init_ldap: control/ldappassword: xxxxxxxx > init_ldap: control/ldapserver: cliff.eglobalphone.com:389 > init_ldap: control/ldapbasedn: dc=voipincorporated,dc=com > init_ldap: control/ldapobjectclass: qmailuser > init_ldap: control/ldaptimeout: 30 > init_ldap: control/ldaprebind: 1 > init_ldap: control/ldapuid: 1025 > init_ldap: control/ldapgid: 1015 > init_ldap: control/ldapmessagestore: /usr/local/vpopmail/ > init_ldap: control/ldapdefaultdotmode: both > init_ldap: control/defaultquotasize: 0 > init_ldap: control/defaultquotacount: 0 > init: control/ldaplocaldelivery: 0 > init: control/ldapcluster: 0 > init: control/dirmaker: /usr/local/qmail/bin/dirmaker > qldap_open: init successful > qldap_set_option: set referrals successful > qldap_open: init successful > qldap_set_option: set referrals successful > qldap_bind: successful > Searching ldap for: (&(objectClass=qmailuser)(uid=tuser)) > under dn: dc=voipincorporated,dc=com > qldap_filter: search for (&(objectClass=qmailuser)(uid=tuser)) succeeded > Found 1 entry: > > dn: uid=tuser,ou=People,dc=voipincorporated,dc=com > ------------------------------------------------------- > qldap_get_attr(objectClass): top:inetOrgPerson:courierMailAccount:qmailUser > objectClass: top > objectClass: inetOrgPerson > objectClass: courierMailAccount > objectClass: qmailUser > qldap_get_attr(mail): [EMAIL PROTECTED] > mail: [EMAIL PROTECTED] > qldap_get_attr(mailAlternateAddress): no such attribute > qldap_get_attr(uid): tuser > uid: tuser > qldap_get_attr(accountStatus): active > accountStatus: active > qldap_get_attr(mailHost): monitor1.mia1.network.eglobalphone.com > mailHost: monitor1.mia1.network.eglobalphone.com > qldap_get_attr(noHomeDir): no such attribute > qldap_get_attr(mailMessageStore): testbed.voipinc.com/tuser/ > homeDirectory: /usr/local/vpopmail/testbed.voipinc.com/tuser/ > aliasEmpty: using default > qldap_get_attr(qmailDotMode): no such attribute > qmailDotMode: both > qldap_get_attr(qmailUID): 1015 > qmailUID: 1015 > qldap_get_attr(qmailGID): 1010 > qmailGID: 1010 > qldap_get_attr(mailSizeMax): no such attribute > qldap_get_attr(mailQuotaSize): no such attribute > qldap_get_attr(mailQuotaCount): no such attribute > mailQuotaSize: 0 (unlimited) > mailQuotaCount: 0 (unlimited) > mailSizeMax: 0 (unlimited) > qldap_get_attr(deliveryMode): no such attribute > qldap_get_attr(mailForwardingAddress): no such attribute > qldap_get_attr(deliveryProgramPath): no such attribute > qldap_get_attr(mailReplyText): no such attribute > mailReplyText: undefined > qldap_bind: successful > > PASSWORD COMPARE was successful. > > > I set ldaprebind to 1 > > Now when I try to pop in it seems to work.. Was it the fact that I > needed to have ldaprebind set perhaps? > > BTW, thanks for all your help. You've been extremely paitent and > helpful towards me over the last week or so. >
You need to set rebind if you have an ACL on UserPassword that disallows qmail-ldap to retrieve the UserPassword. Normaly qmail-ldap does the password compare (and hashing) itself as it supports more digest than OpenLDAP. -- :wq Claudio
