[Date Prev][Date Next] [Chronological] [Thread] [Top]

problems with userpassword

To: openldap-software@OpenLDAP.org
Subject: problems with userpassword
From: Paco Brufal <paco.brufal@securitydata.es>
Date: Wed, 21 Aug 2002 10:59:49 +0200
Content-disposition: inline
User-agent: Mutt/1.4i

Hello,
      
	Until yesterday, I had libnss-ldap (199-1) and slapd (2.0.23-10)
configured and working on a Linux Debian Sid (unstable). I use libnss-ldap
to lookup for user accounts, and deliver e-mails locally via postfix+cyrus.
Users can retrieve their mails login into cyrus-imapd. cyrus-imapd make
searches in slapd via libnss-ldap, and validate the passwords.

	Last week, in Debian Sid was a major change with libc6 and libdb, I
don't know what were the changes, but some services become to fail until
they were recompiled with the new libdb libraries (I say it only for
information).

	With the new libraries, all was working, but yesterday, for some
reasons, we rebooted the server, and cyrus-imapd stop working. postfix+cyrus
is able to locate the users in LDAP, this is working, but cyrus-imapd is
incapable of compare the passwords. The quick&dirty solution was modify
slapd.conf:

access to attribute=userPassword
        by dn="cn=admin,....." write
        by self write
        by anonymous read # (was 'auth')
        by * none

	libnss-ldap is binding to LDAP server with the admin dn, then it has
all permisions to retrieve the passwords...

        Please, what logs do you want to see? I can send logs from
cyrus-imapd, nssldap (compiled with debugging), slapd...

        Thanks.

--

Paco Brufal, Administrador de Sistemas
e-mail: paco.brufal@securitydata.es
web:    http://www.securitydata.es
portal: http://portal.securitydata.es
SecurityData S.L.

Prev by Date: Re: Openldap 2.1.3 and freeradius 0.7
Next by Date: RE: saslRegexp
Index(es):
- Chronological
- Thread