I was wondering if anyone is success fully running openldap from the debian
packages with Courier IMAP's LDAP module for authentication.
I am getting strange timeouts on a remote client which is preventing successful
authentication.
I have tested logins with both Netscape and Mulberry.
Mulberry gives me a timeout on successful authentication. It gives me
an authentication error with the wrong password.
Same with Netscape.
I don't know how to get around this.
remote client
|
[IMAP server]---auth[LDAP Server]
I am using the woody packages for Courier IMAP and Open-LDAP.
ii courier-authda 0.37.3-1 Courier Mail Server authentication
ii courier-base 0.37.3-1 Courier Mail Server Base System
ii courier-debug 0.37.3-1 Debugging Tools for Courier Mail
ii courier-doc0.37.3-1 Documentation for the Courier Mail
ii courier-imap 1.4.3-1IMAP daemon with PAM and Maildir
ii courier-ldap 0.37.3-1 LDAP support for Courier Mail Server
ii maildrop 1.3.7-2mail delivery agent with filtering
The courier debugger on the server tells me that everything is working fine.
It gets all the data it should.
imap-mail:/home/ted# courierauthtest tester1 tester1
Authenticated: module authdaemon
Home directory: /home/staff/tester1
UID/GID: 1001/1001
AUTHADDR=tester1
AUTHFULLNAME=test t. tinker
I noticed something in the authldaprc file about openldap having
memory leaks. Does anyone have any info on this ?
##VERSION: $Id: authldaprc,v 1.12 2001/11/19 01:04:17 mrsam Exp $
#
# Copyright 2000-2001 Double Precision, Inc. See COPYING for
# distribution information.
#
# Do not alter lines that begin with ##, they are used when upgrading
# this configuration.
#
# authldaprc created from authldaprc.dist by sysconftool
#
# DO NOT INSTALL THIS FILE with world read permissions. This file
# might contain the LDAP admin password!
#
# This configuration file specifies LDAP authentication parameters
#
# The format of this file must be as follows:
#
# field[spaces|tabs]value
#
# That is, the name of the field, followed by spaces or tabs, followed
# by
# field value. No trailing spaces.
#
# Here are the fields:
##NAME: LOCATION:0
#
# Location of your LDAP server:
#LDAP_SERVERldap.example.com
LDAP_SERVER 209.243.37.9
LDAP_PORT 389
##NAME: LDAP_BASEDN:0
#
# Look for authentication here:
#LDAP_BASEDNo=example, c=com
LDAP_BASEDN ou=mailaccounts,dc=washcoll,dc=edu
##NAME: LDAP_BINDDN:0
# You may or may not need to specify the following. Because you've got
# a password here, authldaprc should not be world-readable!!!
#LDAP_BINDDNcn=administrator, o=example, c=com
LDAP_BINDDN cn=courier,dc=washcoll,dc=edu
LDAP_BINDPW couriersecret
#LDAP_BINDDNcn=admin,dc=washcoll,dc=edu
#LDAP_BINDPWsecret
##NAME: LDAP_TIMEOUT:0
#
# Timeout for LDAP search
LDAP_TIMEOUT10
LDAP_AUTHBIND 0
##NAME: LDAP_AUTHBIND:0
#
# Define this to have the ldap server authenticate passwords. If
# LDAP_AUTHBIND
# the password is validated by rebinding with the supplied userid and
# password.
# If rebind succeeds, this is considered to be an authenticated request.
# This
# does not support CRAM-MD5 authentication, which requires userPassword.
#
# WARNING - as of the time this note is written, there are memory leaks
# in
# OpenLDAP that affect this option, see ITS #1116 in openldap.org's bug
# tracker. Avoid using this option until these leaks are plugged.
#
# LDAP_AUTHBIND 1
##NAME: LDAP_MAIL:0
#
# Here's the field on which we query
LDAP_MAIL mail
##NAME: LDAP_DOMAIN:0
#
# The following default domain will be appended, if not explicitly
# specified.
#
# LDAP_DOMAIN example.com
LDAP_DOMAIN washcoll.edu
##NAME: LDAP_GLOB_IDS:0
#
# The following two variables can be used to set everybody's uid and
# gid.
# This is convenient if your LDAP specifies a bunch of virtual mail
# accounts
# The values can be usernames or userids:
#
LDAP_GLOB_UID vmail
LDAP_GLOB_GID vmail
##NAME: LDAP_HOMEDIR:0
#
# We will retrieve the following attributes
#
# The HOMEDIR attribute MUST exist, and we MUST be able to chdir to it
LDAP_HOMEDIRhomeDirectory
##NAME: LDAP_MAILDIR:0
#
# The MAILDIR attribute is OPTIONAL, and specifies the location of the
# mail directory. If not specified, ./Maildir will be used
#LDAP_MAILDIR mailDir
##NAME: LDAP_MAILDIRQUOTA:0
#
# The following variable, if defined, specifies the field containing the
# maildir quota, see README.maildirquota for more information
#
LDAP_MAILDIRQUOTA Quota
#LDAP_MAILDIRQUOTA maildirQuota
##NAME: LDAP_FULLNAME:0
#
# FULLNAME is optional, specifies the user's full name
LDAP_FULLNAME cn
##NAME: LDAP_PW:0
#
# CLEARPW is the clear text password. CRYPT is the crypted password.
# ONE OF THESE TWO ATTRIBUTES IS REQUIRE