[Date Prev][Date Next] [Chronological] [Thread] [Top]

Open-LDAP and Active Directory and Courier-IMAP (please help)

To: courier-users@lists.sourceforge.net
Subject: Open-LDAP and Active Directory and Courier-IMAP (please help)
From: Andre Correa <andre.correa@pobox.com>
Date: Fri, 5 Apr 2002 13:28:13 -0300

Hi, this is my first post here, but it is an important question
that I have and I will appreciate any help you guys can give me.

I'm working as a consultant for a company that wants to have an
email server (POP3, IMAP and WebMail) authenticating in their
Windows 2000 Active Directory forest. I installed a Slackware 8,
kernel 2.4.18, with Courier-IMAP/POP3 1.4.3 and OpenLDAP 2.0.23, but
I cannot make it work.

I configured Courier-IMAP/POP3 to make LDAP queries like this:
(suppose my domain is abcd.br and my user is username@dmz in a server
dmz.abcd.br with IP address 10.96.0.9)

LDAP_SERVER = 10.96.0.3
LDAP_PORT   = 389
LDAP_BASEDN = ou=users, dc=abcd, dc=br

LDAP_BINDDN and LDAP_BINDPW are still misterious to me. Do I need
then? This user must be an AD admins!?

LDAP_MAIL   = cn     (Is this the field on AD that should the lookup?)

LDAP_DOMAIN = abcd.br
LDAP_CLEARPW = clearPassword  (Is it the right choice)

Then I tried to authenticate and sniffied the packets and got some
strange results...

Packet ID (from_IP.port-to_IP.port): 10.96.0.9.1055-10.96.0.3.389
 E . . . . . @ . @ . . . . ` . . . ` . . . . . . r . O M . . . . . . . . . .
 . . . . . . . n . @ . . . . 0 d . . . c _ . . o u = u s e r s ,   d c = a b
 c d ,   d c = b r . . . . . . . . . . . . . . . . . . . c n . . u s e r n a
 m e @ d m z 0   . . h o m e D i r . . c n . . c l e a r P a s s w o r d . .
 c n

Packet ID (from_IP.port-to_IP.port): 10.96.0.3.389-10.96.0.9.1055
 E . . . . . @ . . . . . . ` . . . ` . . . . . . . . . . r . O . . . C . l E
 . . . . . . . . . . . n . @ 0 . . . . . . . . e . . . . . . . . . . . L 0 0
 0 0 2 0 2 B :   R e f E r r :   D S I D - 0 3 1 0 0 5 E E ,   d a t a   0 ,
   1   a c c e s s   p o i n t s . . r e f   1 :   ' a b c d . b r ' . . . .
 . . . - . + l d a p : / / a b c d . b r / o u = u s e r s , % 2 0 d c = a b
 c d , % 2 0 d c = b r

In my /var/log/syslog I get:

Apr  4 17:38:45 betamail authdaemond.ldap: ldap_simple_bind_s failed: Invalid credentials
Apr  4 17:38:50 betamail pop3d: LOGIN FAILED, ip=[::ffff:127.0.0.1]
Apr  5 13:08:49 betamail imapd: DISCONNECTED, ip=[::ffff:127.0.0.1], headers=0, body=0 

So here goes my doubts:

- I think the LDAP query is just fine, am I right?

- For me the problem seens to be that W2K is not allowing me to query
AD and that this: "Invalid credentials" message is just about it. I've
tried to use LDAP_BINDDN and LDAP_BINDPW with an administrator
username and password with no different results.

- I couldn't find my password sent in this packets... and couldn't figure
out why...

Is there somebody who can give me any light on this?! I read the
documentation but it is not oriented to people trying to work with W2K
LDAP database, just a OpenLDAP database... and Microsoft search
for the error message helped nothing...

Sorry for the long email... I will try to get all the help, solve the
problem and then write a paper about it... maybe a mini-HOWTO for
others that may be in the same situation...

tks for your attention..

Andre Correa
andre.correa@pobox.com

Prev by Date: Re: A Few Questions
Next by Date: multi-master docs
Index(es):
- Chronological
- Thread