 | Start a set with this search |
 | Include this search in one of my sets |
 | Exclude this search from one of my sets |
 | Permalink to these results Paste this link in email or IM: |
 | Atom feed for tracking future search results Paste this URL into your reader: |
1 message in net.sourceforge.lists.courier-users[courier-users] LDAP login failure| From | Sent On | Attachments |
|---|---|---|
| Eric N. Valor | Jun 26, 2004 12:17 am |
| Permalink for this message Paste this link in email or IM: |
| Permalink for this thread Paste this link in email or IM: |
| Atom feed for this thread Paste this URL into your reader: |
| Subject: | [courier-users] LDAP login failure | Actions... |
|---|---|---|
| From: | Eric N. Valor (eri...@cruzio.com) | |
| Date: | Jun 26, 2004 12:17:38 am | |
| List: | net.sourceforge.lists.courier-users | |
Hello: I am new to Courier, and would like to use it as a Maildrop and POP server in conjunction with Postfix. I am using an LDAP database for authentication, as none of my users will have UNIX accounts on the mail machine in question. I am setting up Courier-LDAP now, and am having authentication problems. From what I can see from the LDAP logs, the process is authenticated, but Courier refuses to authenticate. Here are the relevant portions from the manual connection attempt, the LDAP log, and syslog (in order). I have redacted personally identifying information out of paranoia...
The connection attempt:
telnet localhost 110 Trying ::1... Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. +OK Hello there. user <user> +OK Password required. pass <password> -ERR Login failed. quit +OK Better luck next time. Connection closed by foreign host.
From my LDAP logs (Netscape, from the Solaris 8 installation set)
[26/Jun/2004:00:00:29 -0700] conn=544 op=6 SRCH base="o=<domain>.com" scope=2 filter="(uid=<user>)" [26/Jun/2004:00:00:29 -0700] conn=544 op=6 RESULT err=0 tag=101 nentries=1 etime=0 [26/Jun/2004:00:00:29 -0700] conn=550 fd=47 slot=47 connection from XXX.XXX.XXX.XXX to YYY.YYY.YYY.YYY [26/Jun/2004:00:00:29 -0700] conn=550 op=0 BIND dn="uid=<user>,ou=People,o=<domain>.com" method=128 version=2 [26/Jun/2004:00:00:29 -0700] conn=550 op=0 RESULT err=0 tag=97 nentries=0 etime=0 [26/Jun/2004:00:00:29 -0700] conn=550 op=1 UNBIND [26/Jun/2004:00:00:29 -0700] conn=550 op=1 fd=47 closed - U1
I'm surmising that the "err=0" means the LDAP server was happy with the connection. Passing a known-bad username/password combo results in errors at this point.
From syslog:
Jun 26 00:00:19 <machine> courierpop3login: Connection, ip=[::ffff:127.0.0.1] Jun 26 00:00:29 <machine> authdaemond.ldap: authlib: refuse to authenticate <user>: uid=0, gid=0 Jun 26 00:00:34 <machine> courierpop3login: LOGIN FAILED, ip=[::ffff:127.0.0.1] Jun 26 00:00:39 <machine> courierpop3login: Disconnected, ip=[::ffff:127.0.0.1]
From my authldaprc:
LDAP_SERVER <server> LDAP_PORT 389 LDAP_BASEDN o=<domain>.com LDAP_TIMEOUT 200 LDAP_AUTHBIND 1 LDAP_MAIL uid LDAP_HOMEDIR homeDirectory LDAP_HOMEDIR mailMessageStore LDAP_MAILDIR mailMessageStore LDAP_CLEARPW clearPassword LDAP_CRYPTPW userPassword LDAP_UID uidNumber LDAP_GID gidNumber LDAP_DEREF never LDAP_TLS 0
From authdaemonrc:
authmodulelist="authldap" authmodulelistorig="authcustom authcram authuserdb \ authldap authmysql authpam" daemons=5 version="authdaemond.ldap" authdaemonvar=/var/run/courier/authdaemon
Any clues would be helpful. Thanks.
--
Eric N. Valor eri...@cruzio.com PGP Key 2048/1024 227B04CB Key Fingerprint = 766C CA15 0FFF E54B 2FEE C7D7 0F87 3AFB 227B 04CB
: This Space Intentionally Left Blank :