[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP authentication problem



Alexander Brinkman wrote:

> > /etc/nsswitch.conf file
>
> > passwd:     files ldap
> > shadow:     files ldap
> > group:      files ldap
>
> This configuration suggests that LDAP is used for authentication (through
> PAM), and that user information is still stored in the /etc/blahblah files
> (/etc/passwd & co.). It should work though. Do you check your mail with the
> same username that you also use to login or ftp with?

Yes, it's the same.

>
> Also: does it work when you use pop3?

I have not tested yet, but i will try it.

>
> Perhaps you should enable debugging in openldap. To do this, modify the
> script with which you start openldap, and add -s -1 to the commandline. This
> will tell openldap to debug EVERYTHING. Then tail -f /var/log/ldap.log (or
> whereever the log is stored).
> Watch it: openldap will generate A LOT of debug output in this mode, so be
> prepared for it. Your computer may slow down to a crawl! Also there will be
> a lot of output to the console, so you'll problably are not going to see all
> with tail -f. Use vi (or whatever editor you like) to check afterwards.
>
> Things to look at: does the openldap server get's queried when you login
> with imap? If so, which uids are used (or which dn's)?
>

The server is queried. But the reason it gives for the fail is kind a triky.

The log info a get on maillog file is:

Mar 15 15:48:05 projecto2 imapd[1193]: imap service init from 10.0.3.4
Mar 15 15:48:05 projecto2 imapd[1193]: pam_ldap: error trying to bind as user
"uid=teste_ldap,ou=People,o=idt.ipp.pt" (Invalid credentials)
Mar 15 15:48:29 projecto2 imapd[1193]: AUTHENTICATE LOGIN failure
host=[10.0.3.4]
Mar 15 15:48:29 projecto2 imapd[1193]: pam_ldap: error trying to bind as user
"uid=teste_ldap,ou=People,o=idt.ipp.pt" (Invalid credentials)
Mar 15 15:48:48 projecto2 imapd[1193]: AUTHENTICATE LOGIN failure
host=[10.0.3.4]
Mar 15 15:48:54 projecto2 imapd[1193]: Logout user=teste_ldap host=[10.0.3.4]

It seams, the password or user is invalid, but it isn't.

I loggedin in gq as BIND DN: uid=teste_ldap,ou=People,o=idt.ipp.pt, and
password dn = to the user password.

Isn't it strange?


Miguel