OCNS Consulting schrieb am Tue, Apr 02, 2002 at 09:39:28AM -0500: > I have Cyrus IMAP 2.1.3 + SASLV2 2.1.2 deployed and clients > authenticate via "saslauthd" with auth mechanism "PAM" which in > turn looks into "/etc/pam.d/imap" utilizing module "pam_ldap-140" > to check an LDAP repository (OpenLDAP 2.0.23). > > The PAM module "pam_ldap" interrogates the LDAP schema via the "uid" > attribute and if a matching "uid" is found passes the "userPassword" > attribute value to PAM for password verification. To provide for lookup > efficiency, I configured LDAP to -> > > "index uid eq" > > However, with indexing on attribute "uid" set, authentication fails. If > LDAP attribute "uid" is not indexed, authentication is successful.
Check your directory server. Does it return anything useful to "ldapsearch" when indexing is on? I had problems similar to this when something of these facts were true: * the index file was never built (use slapindex) * the index file was built, but has wrong permissions (I built it with slapindex but as root, the slapd runs as "ldap" and could not access it) * the index file is corrupt (delete and rebuild it) Regards, Birger
