[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Problems...
Hello all,
I seem to be having a bit of a problem with OpenLDAP ver 2.0.22-2 (RPM on RedHat 7.2)
I have an email server with over 27K accounts, all in flat file format.... (i.e. /etc/passwd, /etc/groups, /etc/shadow, etc...) I want to migrate over to a central LDAP authentication model for my Qpopper, Postfix, FTP, and Apache Home_Dir stuff....
I downloaded the Migration Tools from podl.com and ran the pass2ldap to get an LDIF file. I then transferred that file to my test LDAP box (that has no local users.) After modifying the LDIF file for the home directories, I imported them using ldapadd. I then tested pop3 auth against ldap and I always get a "Password supplied for "username" is incorrect."
I can use plenty of LDAP administration programs to see everything in the dir, and everything looks fine.... color me a little lost (and an LDAP newbie)
Here are my relevant configs (chopped for space...):
/etc/ldap.conf (I've tried different pam_password values to no avail)
host 127.0.0.1
base dc=suscom,dc=net
uri ldap://127.0.0.1/
binddn cn=Manager,dc=suscom,dc=net
bindpw ldap_test
pam_password crypt
# pam_password exop
#pam_password clear
ssl no
#pam_password md5
/etc/openldap/slapd.conf (played around with suffix and defaultsearchbase to no avail)
loglevel 4
defaultsearchbase "ou=accounts,dc=suscom,dc=net"
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/redhat/rfc822-MailMember.schema
include /etc/openldap/schema/redhat/autofs.schema
include /etc/openldap/schema/redhat/kerberosobject.schema
database ldbm
suffix "dc=suscom,dc=net"
suffix "ou=accounts,dc=suscom,dc=net"
rootdn "cn=Manager,dc=suscom,dc=net"
rootpw {SSHA}sTyh4meQBWdEfopKtyTf9drN2t+e7y9A
directory /var/lib/ldap
index objectClass,uid,uidNumber,gidNumber,memberUid eq
index cn,mail,surname,givenname eq,subinitial
access to attr="userPassword"
by self write
by dn="cn=Manager,dc=suscom,dc=net" write
by dn="cn=lmcadmin,ou=accounts,dc=suscom,dc=net" write
by anonymous auth
by * none
access to dn=".*,ou=accounts,dc=suscom,dc=net"
by dn="cn=Manager,dc=suscom,dc=net" write
by dn="cn=lmcadmin,ou=accounts,dc=suscom,dc=net" write
by * read
access to *
by dn="cn=Manager,dc=suscom,dc=net" write
by * read
/etc/openldap/ldap.conf
HOST 127.0.0.1
BASE dc=suscom,dc=net
my initial LDAP import:
dn: dc=suscom,dc=net
objectclass: top
objectclass: dcObject
dc: suscom
dn: ou=accounts,dc=suscom,dc=net
objectclass: top
objectclass: organizationalUnit
ou: accounts
dn: cn=lmcadmin,ou=accounts,dc=suscom,dc=net
objectclass: top
objectclass: person
objectclass: inetOrgPerson
cn: lmcadmin
sn: lmcadmin
uid: lmcadmin
userPassword: {SSHA}npuxDYqHSDybRycKcNNOjM6ZP+GSfYHr
/etc/pam.d/pop3
#%PAM-1.0
auth sufficient /lib/security/pam_ldap.so
auth required /lib/security/pam_unix_auth.so try_first_pass
account sufficient /lib/security/pam_ldap.so
account required /lib/security/pam_unix_acct.so
I'm using the pam_ldap.so that comes with RH 7.2 with pam-0.75-19
The library is present.....
I have the pam_ldap module from podl.com as well..... haven't tried sliding that one in yet......
Does anyone have any ideas? I've been attempting to read everything I can find everywhere (postfix & ldap looks like a real pain but I can't get there yet).... I'm an LDAP newbie so ..... be gentle....
Sorry for the extensive post.....
Denny Snyder
Network Engineer
Susquehanna Communications
1050 E. King St
York, PA 17403
Office: (717)771-2613
Fax: (717)843-5400
dsnyder@suscom.com
postmaster@suscom.net
"Nothing in life is worse than SPAM.... well.... maybe cold coffee!" ;)
BEGIN:VCARD
VERSION:2.1
X-GWTYPE:USER
FN:Denny Snyder
TEL;WORK:717-771-2613
ORG:;Technical Operations
TEL;PREF;FAX:717-843-5400
EMAIL;WORK;PREF;NGW:DSnyder@suscom.com
N:Snyder;Denny
TITLE:Network Engineer
X-GWUSERID:DSnyder
END:VCARD