[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Getting IMAP to work with OpenLDAP

To: openldap-software@OpenLDAP.org
Subject: Re: Getting IMAP to work with OpenLDAP
From: Martin Fahrendorf <fahrendorf@helix-gmbh.net>
Date: Fri, 11 Apr 2003 07:47:40 +0200
In-reply-to: <3E964F4F.6060109@aitpl.co.in>
Organization: Helix GmbH
References: <3E955E63.3000603@aitpl.co.in> <3E959AFE.4090300@aptalaska.net> <3E964F4F.6060109@aitpl.co.in>
User-agent: KMail/1.5.1

Am Freitag, 11. April 2003 07:14 schrieb Vishal Khanna:
> Hi,
>
> I did some thing else yesterday since everyone mentioned that I should
> use cyrus I installed the latest RPM of Cyrus-imap on my system.
>
cyrus does no use imap. It is not designed to do that. cyrus uses sasl to 
authenticate and sasl can be configured to use pam or ldap.

> How do I check if my cyrus-imap has been compiled with LDAP support, I
> had the complete package from the distro of Suse 8.1 professional.
>
> What I did was that I removed the old IMAP software and installed the
> new one. I started the server and as expected it did not run.
>
> I did the changes in the pam.d/imap file and /etc/nsswitch file.
>
> but to fail all I see now in the log after this is that imap tries to
> autenticate as below
>
> Apr 11 11:37:51 lancer master[26152]: about to exec
> /usr/lib/cyrus/bin/ctl_cyrusdb
> Apr 11 11:37:51 lancer ctl_cyrusdb[26152]: checkpointing cyrus databases
> Apr 11 11:37:51 lancer ctl_cyrusdb[26152]: DBERROR db4:
> /var/lib/imap/db/__db.001: Permission denied
> Apr 11 11:37:51 lancer ctl_cyrusdb[26152]: DBERROR: dbenv->open
> '/var/lib/imap/db' failed: Permission denied
> Apr 11 11:37:51 lancer ctl_cyrusdb[26152]: DBERROR: init
> /var/lib/imap/db: cyrusdb error
> Apr 11 11:37:51 lancer ctl_cyrusdb[26152]: done checkpointing cyrus
> databases
> Apr 11 11:37:51 lancer master[19160]: process 26152 exited, status 1
> Apr 11 11:38:08 lancer master[26154]: about to exec
> /usr/lib/cyrus/bin/imapd Apr 11 11:38:08 lancer imap[26154]: executed

that has nothing to do with authentification. this is the regular check stuff 
cyrus does on every startup. cyrus uses databases internaly to store the 
header of the emails and the users information. These databases are not 
present or the permissions on /var/lib/imap and the subfolders have the wron 
permissions (must be writable and readable to the cyrus user).

>
> Matthew Schumacher wrote:
> > Vishal,
> >
> > There are a couple of things that need to happen to make imap/pam/ldap
> > work:
> >
> > First you need to install the pam modules, then you install nss_ldap and
> > pam_ldap.  Pam_ldap authenticates the user and nss_ldap resolves the
> > user for local files and processes and such.  Onces these packages are
> > installed you need to configure your /etc/ldap.conf to tell these
> > packages how to connect to your directory then you need to edit your
> > /etc/nsswitch.conf to cause the libc libraries to become ldap aware
> > though the nss_ldap module.
> >
> > Once you do those things you should be able to chown a file to a ldap
> > user.  If you can't do that then either your /etc/ldap.conf,
> > /etc/nsswitch.conf, or user record in ldap has a problem.
> >
> > Once you get passed the chown test now compile imap with pam support.
> > And create a /etc/pam.d/imap file and put this in it:
> >
> > auth       sufficient   /lib/security/pam_ldap.so
> > account    sufficient   /lib/security/pam_ldap.so
> >
> > That should be it, it should just work now.
> >
> > schu
> >
> >> Четверг 10 Апрель 2003 14:06, Vishal Khanna написал:
> >>> Hi All,
> >>> I have basic problems in getting LDAP to work with IMAP.
> >>>
> >>> What I want to do
> >>> ------------------
> >>> I want to authenticate my MAIL(IMAP) users on Linux box from the LDAP
> >>> server running on another server
> >>>
> >>> a. Is it possible ?
> >>> b. If yes then how ?
> >>>
> >>> Any help would be really appreciated, I have done the hunting on the
> >>> web
> >>>
> >>> The pacakages I use are (RPMS on 2.4.19 Kernel)
> >>> IMAP
> >>> -----
> >>> imap-2001a-142
> >>> imap-lib-2001a-142
> >>>
> >>> LDAP
> >>> openldap2-client-2.1.4-26
> >>> yast2-ldap-client-2.6.5-66
> >>> nss_ldap-199-31
> >>> openldap2-2.1.4-26
> >>> pam_ldap-150-57
> >>> tclldap-1.1.1-693
> >>> perl-ldap-0.251-20
> >>> perl-ldap-ssl-0.251-20
> >>>
> >>> I did what was mentioned of changing the settings in /etc/nsswitch.conf
> >>> Changed the entries in /etc/pam.d/imap to
> >>>
> >>> auth           required      pam_ldap.so
> >>> account        required        pam_ldap.so
> >>>
> >>> No matter what I do I cannot get it to work. My openLDAP software works
> >>> perfectly fine otherwise.
> >>>
> >>> Cheers
> >>> Vishal

-- 
------------------------------------------------------------
H E L I X Gesellschaft für Software & Engineering mbH
------------------------------------------------------------
Hanauer Landstrasse 52              Telefon (069) 4789 35-30
60314 Frankfurt am Main             Telefax (069) 4789 35-44
------------------------------------------------------------
http://www.helix-gmbh.net                info@helix-gmbh.net
------------------------------------------------------------

Attachment: pgpv8rwxA943c.pgp
Description: signature

Follow-Ups:
- Re: Getting IMAP to work with OpenLDAP
  - From: Vishal Khanna <vishal.khanna@aitpl.co.in>

References:
- Getting IMAP to work with OpenLDAP
  - From: Vishal Khanna <vishal.khanna@aitpl.co.in>
- Re: Getting IMAP to work with OpenLDAP
  - From: Matthew Schumacher <matt.s@aptalaska.net>
- Re: Getting IMAP to work with OpenLDAP
  - From: Vishal Khanna <vishal.khanna@aitpl.co.in>

Prev by Date: Re: Getting IMAP to work with OpenLDAP
Next by Date: Re: Getting IMAP to work with OpenLDAP
Index(es):
- Chronological
- Thread