 | Start a set with this search |
 | Include this search in one of my sets |
 | Exclude this search from one of my sets |
 | Permalink to these results Paste this link in email or IM: |
 | Atom feed for tracking future search results Paste this URL into your reader: |
5 messages in net.sourceforge.lists.courier-users[courier-users] Open-LDAP and Active ...| From | Sent On | Attachments |
|---|---|---|
| Andre Correa | Apr 5, 2002 8:33 am | |
| Kevin Reck | Apr 5, 2002 8:55 am | |
| Phil Brutsche | Apr 5, 2002 12:44 pm | |
| Dhiren Pankhania | Apr 8, 2002 1:29 am | |
| Norbert Klasen | Apr 11, 2002 8:16 am |
| Permalink for this message Paste this link in email or IM: |
| Permalink for this thread Paste this link in email or IM: |
| Atom feed for this thread Paste this URL into your reader: |
| Subject: | [courier-users] Open-LDAP and Active Directory and Courier-IMAP (please help) | Actions... |
|---|---|---|
| From: | Andre Correa (andr...@pobox.com) | |
| Date: | Apr 5, 2002 8:33:44 am | |
| List: | net.sourceforge.lists.courier-users | |
Hi, this is my first post here, but it is an important question that I have and I will appreciate any help you guys can give me.
I'm working as a consultant for a company that wants to have an email server (POP3, IMAP and WebMail) authenticating in their Windows 2000 Active Directory forest. I installed a Slackware 8, kernel 2.4.18, with Courier-IMAP/POP3 1.4.3 and OpenLDAP 2.0.23, but I cannot make it work.
I configured Courier-IMAP/POP3 to make LDAP queries like this: (suppose my domain is abcd.br and my user is username@dmz in a server dmz.abcd.br with IP address 10.96.0.9)
LDAP_SERVER = 10.96.0.3 LDAP_PORT = 389 LDAP_BASEDN = ou=users, dc=abcd, dc=br
LDAP_BINDDN and LDAP_BINDPW are still misterious to me. Do I need then? This user must be an AD admins!?
LDAP_MAIL = cn (Is this the field on AD that should the lookup?)
LDAP_DOMAIN = abcd.br LDAP_CLEARPW = clearPassword (Is it the right choice)
Then I tried to authenticate and sniffied the packets and got some strange results...
Packet ID (from_IP.port-to_IP.port): 10.96.0.9.1055-10.96.0.3.389 E . . . . . @ . @ . . . . ` . . . ` . . . . . . r . O M . . . . . . . . . . . . . . . . . n . @ . . . . 0 d . . . c _ . . o u = u s e r s , d c = a b c d , d c = b r . . . . . . . . . . . . . . . . . . . c n . . u s e r n a m e @ d m z 0 . . h o m e D i r . . c n . . c l e a r P a s s w o r d . . c n
Packet ID (from_IP.port-to_IP.port): 10.96.0.3.389-10.96.0.9.1055 E . . . . . @ . . . . . . ` . . . ` . . . . . . . . . . r . O . . . C . l E . . . . . . . . . . . n . @ 0 . . . . . . . . e . . . . . . . . . . . L 0 0 0 0 2 0 2 B : R e f E r r : D S I D - 0 3 1 0 0 5 E E , d a t a 0 , 1 a c c e s s p o i n t s . . r e f 1 : ' a b c d . b r ' . . . . . . . - . + l d a p : / / a b c d . b r / o u = u s e r s , % 2 0 d c = a b c d , % 2 0 d c = b r
In my /var/log/syslog I get:
Apr 4 17:38:45 betamail authdaemond.ldap: ldap_simple_bind_s failed: Invalid
credentials
Apr 4 17:38:50 betamail pop3d: LOGIN FAILED, ip=[::ffff:127.0.0.1]
Apr 5 13:08:49 betamail imapd: DISCONNECTED, ip=[::ffff:127.0.0.1], headers=0,
body=0
So here goes my doubts:
- I think the LDAP query is just fine, am I right?
- For me the problem seens to be that W2K is not allowing me to query AD and that this: "Invalid credentials" message is just about it. I've tried to use LDAP_BINDDN and LDAP_BINDPW with an administrator username and password with no different results.
- I couldn't find my password sent in this packets... and couldn't figure out why...
Is there somebody who can give me any light on this?! I read the documentation but it is not oriented to people trying to work with W2K LDAP database, just a OpenLDAP database... and Microsoft search for the error message helped nothing...
Sorry for the long email... I will try to get all the help, solve the problem and then write a paper about it... maybe a mini-HOWTO for others that may be in the same situation...
tks for your attention..
Andre Correa andr...@pobox.com