I'm trying so set up authldap and discovered a strange problem:
When I try to connect to the server with my Email Programm I get
an Error that the Login has failed.
(SYSLOG says only "imapd-ssl ....LOGIN FALIED, ip=...." I tried also the
DEBUG Option in the /etc/courier/imapd but this switch is quite a bite effective, eh? ;-) )
I tried the authtest programm that ships with the courier-packages and I've got the following:
ivev7:/etc/courier# ivev7:/etc/courier# courierauthtest -s imap mahlmann ******
Authenticated: module authdaemon
Home directory: /home/mahlmann
UID/GID: 1001/100
AUTHADDR=mahlmann
AUTHFULLNAME=mahlmann
ivev7:/etc/courier#
ivev7:/etc/courier# courierauthtest -s imap mahlmann Test Temporary authentication failure from module authdaemon Authentication FAILED! ivev7:/etc/courier#
Which tells me, that Authentification via LDAP works correct so far.
But why does still the login not work?
The mailDir is /home/mahlmann/
Can someone help me please?
Thanks in advance
Tobias Mahlmann
##VERSION: $Id: authdaemonrc.in,v 1.8 2001/10/07 02:16:22 mrsam Exp $
[...]
##NAME: authmodulelist:0
#
# The authentication modules that are linked into authdaemond. The
# default list is installed. You may selectively disable modules simply
# by removing them from the following list. The available modules you
# can use are: authcustom authcram authuserdb authldap authpgsql authmysql authpam
authmodulelist="authpam authldap"
##NAME: authmodulelistorig:1 # # This setting is used by Courier's webadmin module, and should be left # alone
authmodulelistorig="authcustom authcram authuserdb authldap authpgsql authmysql authpam"
##NAME: daemons:0
#
# The number of daemon processes that are started. authdaemon is typically
# installed where authentication modules are relatively expensive: such
# as authldap, or authmysql, so it's better to have a number of them running.
# PLEASE NOTE: Some platforms may experience a problem if there's more than
# one daemon. Specifically, SystemV derived platforms that use TLI with
# socket emulation. I'm suspicious of TLI's ability to handle multiple
# processes accepting connections on the same filesystem domain socket.
#
# You may need to increase daemons if as your system load increases. Symptoms
# include sporadic authentication failures. If you start getting
# authentication failures, increase daemons. However, the default of 5
# SHOULD be sufficient. Bumping up daemon count is only a short-term
# solution. The permanent solution is to add more resources: RAM, faster
# disks, faster CPUs...
daemons=5
##NAME: version:0 # # When you have multiple versions of authdaemond.* installed, authdaemond # just picks the first one it finds. Set "version" to override that. # For example: version=authdaemond.plain
version=""
##NAME: authdaemonvar:0 # # authdaemonvar is here, but is not used directly by authdaemond. It's # used by various configuration and build scripts, so don't touch it!
authdaemonvar=/var/run/courier/authdaemon
##VERSION: $Id: authldaprc,v 1.18 2003/05/09 18:15:15 mrsam Exp $ # # Copyright 2000-2001 Double Precision, Inc. See COPYING for # distribution information. # # Do not alter lines that begin with ##, they are used when upgrading # this configuration. # # authldaprc created from authldaprc.dist by sysconftool # # DO NOT INSTALL THIS FILE with world read permissions. This file # might contain the LDAP admin password! # # This configuration file specifies LDAP authentication parameters # # The format of this file must be as follows: # # field[spaces|tabs]value # # That is, the name of the field, followed by spaces or tabs, followed by # field value. No trailing spaces. # # Here are the fields:
##NAME: LDAP_TIMEOUT:0 # # Timeout for LDAP search
LDAP_TIMEOUT 5
##NAME: LDAP_AUTHBIND:0
#
# Define this to have the ldap server authenticate passwords. If LDAP_AUTHBIND
# the password is validated by rebinding with the supplied userid and password.
# If rebind succeeds, this is considered to be an authenticated request. This
# does not support CRAM-MD5 authentication, which requires userPassword.
#
# LDAP_AUTHBIND 1
##NAME: LDAP_MAIL:0 # # Here's the field on which we query
LDAP_MAIL uid
##NAME: LDAP_FILTER:0
#
# This LDAP filter will be ANDed with the query for the field defined above
# in LDAP_MAIL. So if you are querying for mail, and you have LDAP_FILTER
# defined to be "(objectClass=CourierMailAccount)" the query that is performed
# will be "(&(objectClass=CourierMailAccount)(mail=<someAccount>))"
#
LDAP_FILTER (objectClass=ShadowAccount)
##NAME: LDAP_DOMAIN:0
#
# The following default domain will be appended, if not explicitly specified.
#
# LDAP_DOMAIN example.com
##NAME: LDAP_GLOB_IDS:0 # # The following two variables can be used to set everybody's uid and gid. # This is convenient if your LDAP specifies a bunch of virtual mail accounts # The values can be usernames or userids: # LDAP_GLOB_UID nobody LDAP_GLOB_GID mail
##NAME: LDAP_HOMEDIR:0
#
# We will retrieve the following attributes
#
# The HOMEDIR attribute MUST exist, and we MUST be able to chdir to it
LDAP_HOMEDIR mail
##NAME: LDAP_MAILROOT:0 # # If homeDirectory is not an absolute path, define the root of the # relative paths in LDAP_MAILROOT # LDAP_MAILROOT /home/
##NAME: LDAP_MAILDIR:0 # # The MAILDIR attribute is OPTIONAL, and specifies the location of the # mail directory. If not specified, ./Maildir will be used
LDAP_MAILDIR mail
##NAME: LDAP_DEFAULTDELIVERY:0
#
# Courier mail server only: optional attribute specifies custom mail delivery
# instructions for this account (if defined) -- essentially overrides
# DEFAULTDELIVERY from ${sysconfdir}/courierd
LDAP_DEFAULTDELIVERY defaultDelivery
##NAME: LDAP_MAILDIRQUOTA:0 # # The following variable, if defined, specifies the field containing the # maildir quota, see README.maildirquota for more information # # LDAP_MAILDIRQUOTA quota
##NAME: LDAP_FULLNAME:0 # # FULLNAME is optional, specifies the user's full name
#LDAP_FULLNAME cn
##NAME: LDAP_PW:0 # # CLEARPW is the clear text password. CRYPT is the crypted password. # ONE OF THESE TWO ATTRIBUTES IS REQUIRED. If CLEARPW is provided, and # libhmac.a is available, CRAM authentication will be possible!
#LDAP_CLEARPW clearPassword LDAP_CRYPTPW userPassword
##NAME: LDAP_IDS:0 # # Uncomment the following, and modify as appropriate, if your LDAP database # stores individual userids and groupids. Otherwise, you must uncomment # LDAP_GLOB_UID and LDAP_GLOB_GID above. LDAP_GLOB_UID and LDAP_GLOB_GID # specify a uid/gid for everyone. Otherwise, LDAP_UID and LDAP_GID must # be defined as attributes for everyone. # LDAP_UID nobody LDAP_GID mail
##NAME: LDAP_DEREF:0
#
# Determines how aliases are handled during a search. This option is available
# only with OpenLDAP 2.0
#
# LDAP_DEREF can be one of the following values:
# never, searching, finding, always. If not specified, aliases are
# never dereferenced.
LDAP_DEREF never
##NAME: LDAP_TLS:0 # # Set LDAP_TLS to 1 to enable LDAP over SSL/TLS. Experimental setting. # Requires OpenLDAP 2.0 #
LDAP_TLS 0
##NAME: LDAP_EMAILMAP:0
#
# The following optional settings, if enabled, result in an extra LDAP
# lookup to first locate a handle for an E-mail address, then a second lookup
# on that handle to get the actual authentication record. You'll need
# to uncomment these settings to enable an email handle lookup.
#
# The E-mail address must be of the form [EMAIL PROTECTED], and this is plugged
# into the following search string. "@user@" and "@realm@" are placeholders
# for the user and the realm portions of the login ID.
#
# LDAP_EMAILMAP (&([EMAIL PROTECTED]@)([EMAIL PROTECTED]@))
##NAME: LDAP_EMAILMAP_BASEDN:0 # # Specify the basedn for the email lookup. The default is LDAP_BASEDN. # # LDAP_EMAILMAP_BASEDN o=emailmap, c=com
##NAME: LDAP_EMAILMAP_ATTRIBUTE:0
#
# The attribute which holds the handle. The contents of this attribute
# are then plugged into the regular authentication lookup, and you must set
# LDAP_EMAILMAP_MAIL to the name of this attribute in the authentication
# records (which may be the same as LDAP_MAIL).
# You MUST also leave LDAP_DOMAIN undefined. This enables authenticating
# by handles only.
#
# Here's an example:
#
# dn: userid=john, realm=example.com, o=emailmap, c=com # LDAP_EMAILMAP_BASEDN
# userid: john # LDAP_EMAILMAP search
# realm: example.com # LDAP_EMAILMAP search
# handle: cc223344 # LDAP_EMAILMAP_ATTRIBUTE
#
#
# dn: controlHandle=cc223344, o=example, c=com # LDAP_BASEDN
# controlHandle: cc223344 # LDAP_EMAILMAP_MAIL set to "controlHandle"
# uid: ...
# gid: ...
# [ etc... ]
#
# LDAP_EMAILMAP_ATTRIBUTE handle
##NAME: LDAP_EMAILMAP_MAIL:0 # # After reading LDAP_EMAIL_ATTRIBUTE, the second query will go against # LDAP_BASEDN, but will key against LDAP_EMAILMAP_MAIL instead of LDAP_MAIL. # # LDAP_EMAILMAP_MAIL mail
------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
