On Tue, Jan 30, 2007 at 04:46:48PM +0200, Scott Ryan wrote: > Hi I am implementing SMTPAUTH and what I have found is that authentication > is constantly failing. However, the user can pop their account without any > problems with the same username and password. > > When I debugged my ldap logs I found the following: > > Jan 30 16:28:11 himalia slapd2.3[2753]: conn=17962824 fd=46 ACCEPT from > IP=192.168.223.100:47944 (IP=0.0.0.0:389) > Jan 30 16:28:11 himalia slapd2.3[2753]: conn=17962824 op=0 BIND dn="" > method=128 > Jan 30 16:28:11 himalia slapd2.3[2753]: conn=17962824 op=0 RESULT tag=97 > err=0 > text= > Jan 30 16:28:11 himalia slapd2.3[2753]: conn=17962824 op=1 SRCH > base="ou=mail,dc=cybertrade,dc=co,dc=za,dc=isp" scope=2 deref=0 > filter="(uid=gareth1)" > Jan 30 16:28:11 himalia slapd2.3[2753]: conn=17962824 op=1 SRCH > attr=accountStatus userPassword > Jan 30 16:28:11 himalia slapd2.3[2753]: conn=17962824 op=1 SEARCH RESULT > tag=101 err=0 nentries=0 text= > Jan 30 16:28:11 himalia slapd2.3[2753]: conn=17962824 op=2 UNBIND > Jan 30 16:28:11 himalia slapd2.3[2753]: conn=17962824 fd=46 closed > > Why is SMTP-AUTH binding with a blank dn? > I thought that it should be binding with the dn stored in the ldaplogin > control file > > # cd /var/qmail/control/ > [miranda:/var/qmail/control]# cat ldaplogin > cn=qmail,dc=cybertrade,dc=co,dc=za,dc=isp > > the userPassword attribute is not readable anonomously and therefore causing > the failed authentication. > > Is this a bug or have I missed something completely here? >
Check your file permissions. auth_smtp tries to read ~control/ldappassword if that fails it tries to bind anonymously. auth_smtp is run under the same user as qmail-smtpd so it is possible that you need to change file permissions. -- :wq Claudio
