atom feed5 messages in net.sourceforge.lists.courier-imapRe: [Courier-imap] RHAS4 conundrum
FromSent OnAttachments
Tony EarnshawFeb 27, 2006 8:51 am 
Jay LeeFeb 27, 2006 9:21 am 
Tony EarnshawFeb 28, 2006 7:54 am 
Sam VarshavchikFeb 28, 2006 3:22 pm 
Tony EarnshawMar 1, 2006 3:52 am 
Subject:Re: [Courier-imap] RHAS4 conundrum
From:Tony Earnshaw (
Date:Feb 28, 2006 7:54:27 am

Jay Lee skrev:

On Mon, February 27, 2006 11:51 am, Tony Earnshaw wrote:

I'm an OpenLDAP fiend, have been so for 4-5 years. OpenLDAP 2.3.20 delta syncrepl is the heart of our 5-IBM eSeries-server high-school (1150+ users) RHAS4/Smooth Wall/LTSP/mail/Samba 2.0.21 network.

I'm using: RHEL4 x86-64, Openldap client libs from RHEL4, Novell eDirectory 8.6.2 LDAP servers, whitebox hardware. This is a certified WFM (works for me) configuration :)

I've worked with Courier IMAP/maildrop for 3 years and was one of the first to adopt and configure LDAP-based authlib on my 2 test rigs, when it appeared. Both for Courier IMAP and maildrop. Obviously I've proved that I can configure both for LDAP. authlib worked perfectly on RHAS3.

Other than a minor compile error that Sam quickly fixed when RHEL4 came out, I've found no compatability issues when moving boxes from RHEL3 to RHEL4.

As soon as I upgraded both test rigs to RHAS4, Courier authlib compiled but would not work with LDAP any more. I'd tried for at least 6 months to get it working. Debug level 2 output to /var/log/maillog indicated that my authldaprc was incorrectly configured. It did this through standalone Courier IMAP 3.0.7 to authlib 0.58. Baloney. The Courier authlib daemon was the only thing on the system that did this, Samba (3.0 all versions), Postfix (2.2 and 2.3), maildrop 1.7.0 etc. all worked perfectly.

What did it say, what did your authldaprc look like?

My authldaprc is standard, it works on all 3 RHAS4 machines, now that I've installed the working rpm om them all.

Test rigs are an IBM ThinkPad T23 and a Compaq E700, both notebooks - e.g. IDE.

Courier could care less as long as the OS presents the filesystem to Courier.

Indeed :)

Last week I installed RHAS4 on an IBM eSeries x256 SCSI RAID5 IBM ServRaid controller mail/OpenLDAP server. Began on Monday (school vacation). Courier authlib 0.58 rpms made on my test servers gave the same errors as above. I tried dovecot (0.99-11 and 1.0.3beta) but ... hmmm ... dovecot ... doesn't seem to like our virtual LDAP setup : /home/vmail/group/user/Maildir ... nuff said about dovecot. Postfix 2.3 LDAP worked, maildrop standalone worked, everything worked, just not authlib LDAP. No, I can't use authlib PAM - doesn't work with our virtual mailbox LDAP setup with quotas.

What doesn't work, what error do you get with verbose logging?

Doesn't matter any more - as I wrote, if the rpms are compiled on the one machine and installed on the others, authdaemond/authldap work, not the other way around.

Friday around 4 pm, in sheer despair (school began again today, Monday) I built authlib 0.58 (rpm) on the new server, instead of using the rpm from my test server. Glory be, it worked (authtest, first). Everything works now. rpms made on the new server work on both my test servers (so I doubt that this is system-specific, e.g. libraries etc). Courier IMAP 4.0.6 built on one of the test machines works on the new server (but that has nothing to do with LDAP, of course).

So something changed... now you have the task of finding out what that something was...

No, thanks. I've been at it for 6 months or more. I simply wanted comments - thanks for yours, Jay :)

Can any RHAS4 boffin on this list even indicate why Courier authlib rpms built on one machine work on all machines and those built on another don't work on any machines? For the record, the new machine was built from RHAS4 update 2 CDROMs and immediately up2dated before any further installs; one test server is pure RHAS4 original and one is RHAS4 partially up2dated to update 2. I've bothered the list once before about this (about 6 months ago), but the only answer I got was from Brian Candler (BSD person, bless him) and I always had the feeling that this was a Red Hat problem and I had to solve it on my own.

My personal feeling is that you should generate the RPMS for a box on that box itself to be 100% the libs/arch/whatnot matches perfectly. Although RPMs generated on RHEL4u1 or RTM should work on u2,

Ok, agreed, but in my case it's the opposite - rpms built on a freshly up2dated u2 machine work on the virgin OSs, and those built on the 2 2 others don't work on any of them ...

I wouldn't try it. You should *never* attempt to use RPMS generated on an older RHEL3 or Fedora box on RHEL4 or vice versa.

No ...

Sam recommends setting up a identical test box and generating the RPMS on that since he's old school unix and doesn't think a production server should ever have a compiler installed on it (I'm not so sound in my Unix doctrine so I just generate the RPMS on the production server).

Having said all this, I've had exactly 1 problem between RHEL4 and Courier, that being fixed by Sam with a quick change in the include files, this was a few weeks after RHEL4 RTM came out...

Ok, I accept that as a valuable comment, thanks

One other thing to consider: Courier-authlib has switched to using LDAP_URI in the authldaprc file instead of LDAP_SERVER, are you defining this?

As I said, my authldaprc works with authlib .58. I not only use LDAP_URI, I've even found out it can be an ldapi URI (Unix socket).

Short of that, your going to need to post some more details about what errors your actually getting...

As I wrote, I'm not getting any errors with the rpms that work; those that don't have identical configs, debugging at level 2 to maillog says that authldaprc is incorrectly configured - but it's exactly the same as that with the rpms that do work ...