Re: Courier IMAP authldap with OpenLDAP

[Germán Gutierrez]

Thedore Knab escribio:
> Thanks for your reply. :-)
>
> It appears that courier needs to have 2 enteries for Maldir.
>
> LDAP_MAILDIR homeDirectory
> LDAP_HOMEDIR homeDirectory

Not exactly, if you omit the LDAP_MAILDIR attr, authdaemon will assume
$HOME/Maildir.

>
>> Why are you using uidNumber/gidNumber attributes? In that case
>> you should use LDAP_UID and LDAP_GID instead of the globals
>
> I thought I needed them. I will try and take them out.
>
>
> -
> I feel naked outside of Vim.
> -
Me too;)

-- 
Saludos,
  Germán



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Courier IMAP authldap with OpenLDAP

[Thedore Knab]

Thanks for your reply. :-)

It appears that courier needs to have 2 enteries for Maldir.

LDAP_MAILDIR homeDirectory
LDAP_HOMEDIR homeDirectory

> Why are you using uidNumber/gidNumber attributes? In that case
> you should use LDAP_UID and LDAP_GID instead of the globals

I thought I needed them. I will try and take them out.


-
I feel naked outside of Vim.
-
Ted Knab


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Courier IMAP authldap with OpenLDAP

[Germán Gutierrez]

Thedore Knab escribio:
> I was wondering if anyone is success fully running openldap from the
> debian packages with Courier IMAP's LDAP module for authentication.
>
I'm currently using it in my test box.

(..)
> I am using the woody packages for Courier IMAP and Open-LDAP.
>
> ii  courier-authda 0.37.3-1   Courier Mail Server authentication ii
>  courier-base   0.37.3-1   Courier Mail Server Base System
> ii  courier-debug  0.37.3-1   Debugging Tools for Courier Mail ii
> courier-doc0.37.3-1   Documentation for the Courier Mail ii
> courier-imap   1.4.3-1IMAP daemon with PAM and Maildir ii
> courier-ldap   0.37.3-1   LDAP support for Courier Mail Server ii
> maildrop   1.3.7-2mail delivery agent with filtering
>
I'm using woody and sid for the testing (there are two boxes, in fact, one
at work, and the other one at home).

(..)
> I noticed something in the authldaprc file about openldap having
> memory leaks. Does anyone have any info on this ?
It looks like ITS #1116 is closed.
(..)
> # OpenLDAP that affect this option, see ITS #1116 in openldap.org's bug
> # tracker.  Avoid using this option until these leaks are plugged. #
> # LDAP_AUTHBIND 1
I'm using this option
(..)
> LDAP_GLOB_UID   vmail
> LDAP_GLOB_GID   vmail

Does $HOME/Maildir belong to this UID/GID?
(..)
> My ldap info follows the example in the /usr/doc/courier-ldap package
>
> dn: [EMAIL PROTECTED],ou=mailaccounts,dc=washcoll,dc=edu
> objectclass: couriermailaccount
> mail: [EMAIL PROTECTED]
> mail: useradmin2
> cn: mail user admin
> uidNumber: 1001
> gidNumber: 1001
> homedirectory: /home/staff/useradmin2
> quota: 10M
> clearpassword: useradmin2
> description: courier user admin no shell account

Why are you using uidNumber/gidNumber attributes? In that case
you should use LDAP_UID and LDAP_GID instead of the globals

(..)

You should try some sniffing to see the ldap auth working. I
use it to make my debugging. (ethereal rulez   x))

-- 
Saludos,
  Germán



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Courier IMAP authldap with OpenLDAP

[Thedore Knab]

I was wondering if anyone is success fully running openldap from the debian
packages with Courier IMAP's LDAP module for authentication.

I am getting strange timeouts on a remote client which is preventing successful
authentication.

I have tested logins with both Netscape and Mulberry.

Mulberry gives me a timeout on successful authentication. It gives me
an authentication error with the wrong password.

Same with Netscape.


I don't know how to get around this.

   remote client 
|
[IMAP server]---auth[LDAP Server]

I am using the woody packages for Courier IMAP and Open-LDAP.

ii  courier-authda 0.37.3-1   Courier Mail Server authentication
ii  courier-base   0.37.3-1   Courier Mail Server Base System
ii  courier-debug  0.37.3-1   Debugging Tools for Courier Mail
ii  courier-doc0.37.3-1   Documentation for the Courier Mail
ii  courier-imap   1.4.3-1IMAP daemon with PAM and Maildir
ii  courier-ldap   0.37.3-1   LDAP support for Courier Mail Server
ii  maildrop   1.3.7-2mail delivery agent with filtering

The courier debugger on the server tells me that everything is working fine.
It gets all the data it should.

imap-mail:/home/ted# courierauthtest tester1 tester1
Authenticated: module authdaemon
Home directory: /home/staff/tester1
UID/GID: 1001/1001
AUTHADDR=tester1
AUTHFULLNAME=test t. tinker

I noticed something in the authldaprc file about openldap having
memory leaks. Does anyone have any info on this ?

##VERSION: $Id: authldaprc,v 1.12 2001/11/19 01:04:17 mrsam Exp $
#
# Copyright 2000-2001 Double Precision, Inc.  See COPYING for
# distribution information.
#
# Do not alter lines that begin with ##, they are used when upgrading
# this configuration.
#
# authldaprc created from authldaprc.dist by sysconftool
#
# DO NOT INSTALL THIS FILE with world read permissions.  This file
# might contain the LDAP admin password!
#
# This configuration file specifies LDAP authentication parameters
#
# The format of this file must be as follows:
#
# field[spaces|tabs]value
#
# That is, the name of the field, followed by spaces or tabs, followed
# by
# field value.  No trailing spaces.
#
# Here are the fields:

##NAME: LOCATION:0
#
# Location of your LDAP server:

#LDAP_SERVERldap.example.com
LDAP_SERVER 209.243.37.9
LDAP_PORT   389

##NAME: LDAP_BASEDN:0
#
# Look for authentication here:

#LDAP_BASEDNo=example, c=com
LDAP_BASEDN ou=mailaccounts,dc=washcoll,dc=edu

##NAME: LDAP_BINDDN:0   
# You may or may not need to specify the following.  Because you've got
# a password here, authldaprc should not be world-readable!!!

#LDAP_BINDDNcn=administrator, o=example, c=com
LDAP_BINDDN cn=courier,dc=washcoll,dc=edu
LDAP_BINDPW couriersecret
#LDAP_BINDDNcn=admin,dc=washcoll,dc=edu
#LDAP_BINDPWsecret

##NAME: LDAP_TIMEOUT:0
#
# Timeout for LDAP search

LDAP_TIMEOUT10
LDAP_AUTHBIND   0
##NAME: LDAP_AUTHBIND:0
#
# Define this to have the ldap server authenticate passwords.  If
# LDAP_AUTHBIND
# the password is validated by rebinding with the supplied userid and
# password.
# If rebind succeeds, this is considered to be an authenticated request.
# This
# does not support CRAM-MD5 authentication, which requires userPassword.
#
# WARNING - as of the time this note is written, there are memory leaks
# in
# OpenLDAP that affect this option, see ITS #1116 in openldap.org's bug
# tracker.  Avoid using this option until these leaks are plugged.
#
# LDAP_AUTHBIND 1

##NAME: LDAP_MAIL:0
#
# Here's the field on which we query

LDAP_MAIL   mail

##NAME: LDAP_DOMAIN:0
#
# The following default domain will be appended, if not explicitly
# specified.
#
# LDAP_DOMAIN   example.com
LDAP_DOMAIN washcoll.edu
##NAME: LDAP_GLOB_IDS:0
#
# The following two variables can be used to set everybody's uid and
# gid.
# This is convenient if your LDAP specifies a bunch of virtual mail
# accounts
# The values can be usernames or userids:
#
LDAP_GLOB_UID   vmail
LDAP_GLOB_GID   vmail

##NAME: LDAP_HOMEDIR:0
#
# We will retrieve the following attributes
#
# The HOMEDIR attribute MUST exist, and we MUST be able to chdir to it

LDAP_HOMEDIRhomeDirectory

##NAME: LDAP_MAILDIR:0
#
# The MAILDIR attribute is OPTIONAL, and specifies the location of the
# mail directory.  If not specified, ./Maildir will be used

#LDAP_MAILDIR   mailDir

##NAME: LDAP_MAILDIRQUOTA:0
#
# The following variable, if defined, specifies the field containing the
# maildir quota, see README.maildirquota for more information
#
LDAP_MAILDIRQUOTA   Quota
#LDAP_MAILDIRQUOTA  maildirQuota


##NAME: LDAP_FULLNAME:0
#
# FULLNAME is optional, specifies the user's full name

LDAP_FULLNAME   cn

##NAME: LDAP_PW:0
#
# CLEARPW is the clear text password.  CRYPT is the crypted password.
# ONE OF THESE TWO ATTRIBUTES IS REQUIRE