I'm running an enterprise mailservice with
virtual domains and several servers using
cyrus-2.0.7 + postfix + pamldap + mandrake-7.1
I'm trying to make things working on Slackware
using the sasl ldap patch in place of pam ldap.
Did anybody customized the ldap patch to allow
authentication using first ldap_search_s(..) to get
the correct dn then only ldap_simple_bind_s(..) to
authenticate?
At the moment I'm experienced systematic authentication
failure on my test slackware and I don't understand why.
Just trying to authenticate mailadmin...
### --- /etc/imapd.conf
configdirectory: /var/imap
partition-default: /var/spool/imap
admins: mailadmin
sasl_pwcheck_method: ldap
ldap_server: kheops
ldap_basedn: ou=admins, o=myorg
ldap_uidattr: uid
ldap_port: 389
### --- trace of imap process
kheops:/var/log# tail -f -n20 trace.8603
read(11, "\1\0\0\0a\21\0\0\0\0\0\0b1\5\0\10"..., 72) = 72
close(11) = 0
open("/var/imap/mailboxes.db", O_RDWR) = 11
fcntl(11, F_SETFD, FD_CLOEXEC) = 0
fstat(11, {st_mode=0, st_size=0, ...}) = 0
lseek(11, 0, SEEK_SET) = 0
read(11, "\1\0\0\0a\21\0\0\0\0\0\0b1\5\0\10"..., 256) = 256
close(11) = 0
open("/var/imap/mailboxes.db", O_RDWR) = 11
fcntl(11, F_SETFD, FD_CLOEXEC) = 0
fstat(11, {st_mode=0, st_size=0, ...}) = 0
socket(PF_UNIX, SOCK_DGRAM, 0) = 12
fcntl(12, F_GETFD) = 0
fcntl(12, F_SETFL, O_RDONLY|O_NONBLOCK) = 0
sendto(12, "R 1.3.6.1.4.1.3.2.2.2.6.4\n", 26, 0, {sun_family=AF_UNIX,
sun_path="/tmp/.snmp_door"}, 17) = -1 ENOENT (No such file or directory)
sendto(12, "R 1.3.6.1.4.1.3.2.2.2.6.1\n", 26, 0, {sun_family=AF_UNIX,
sun_path="/tmp/.snmp_door"}, 17) = -1 ENOENT (No such file or directory)
sendto(12, "R 1.3.6.1.4.1.3.2.2.2.6.2\n", 26, 0, {sun_family=AF_UNIX,
sun_path="/tmp/.snmp_door"}, 17) = -1 ENOENT (No such file or directory)
sendto(12, "R 1.3.6.1.4.1.3.2.2.2.6.3\n", 26, 0, {sun_family=AF_UNIX,
sun_path="/tmp/.snmp_door"}, 17) = -1 ENOENT (No such file or directory)
sendto(12, "S 1.3.6.1.4.1.3.2.2.2.6.3.0 v2.0"..., 35, 0,
{sun_family=AF_UNIX, sun_path="/tmp/.snmp_door"}, 17) = -1 ENOENT (No such
file or directory)
accept(4,
There is no ldap bind attempt within the trace (???)
### -- Here is telnet transaction
kheops:/var/log# telnet kheops 143
Trying 192.168.0.16...
Connected to kheops.
Escape character is '^]'.
* OK kheops Cyrus IMAP4 v2.0.7 server ready
. capability
* CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS
NO_ATOMIC_RENAME UNSELECT MULTIAPPEND ID SORT THREAD=ORDEREDSUBJECT
. OK Completed
. login mailadmin mailadmin
. NO Login failed: user not found
. login root secret
. NO Login failed: authentication failure
. login bernard bernard
. NO Login failed: authentication failure
. login mailadmin mailadmin
. NO Login failed: user not found
. logout
* BYE LOGOUT received
. OK Completed
Connection closed by foreign host.
### --- ldap directory
kheops:/var/log# ldapsearch ou=admins
uid=bernard, ou=admins, o=myorg
objectclass=top
objectclass=sysadmin
uid=bernard
ou=admins
userpassword=bernard
uid=mailadmin, ou=admins, o=myorg
objectclass=top
objectclass=sysadmin
ou=admins
uid=mailadmin
userpassword=mailadmin
Any hints out there ?
Thanks in advance...
--
Bernard Frit
