[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Trying to get the ldapdb plugin working.

To: Tarjei Huse <tarjei@nu.no>
Subject: Re: Trying to get the ldapdb plugin working.
From: Igor Brezac <igor@ipass.net>
Date: Wed, 8 Oct 2003 11:20:43 -0400 (EDT)
Cc: OpenLDAP <openldap-software@OpenLDAP.org>
In-reply-to: <1065624368.31269.210.camel@elprinsessekaja.mail.nu.no>
References: <1065624368.31269.210.camel@elprinsessekaja.mail.nu.no>

On Wed, 8 Oct 2003, Tarjei Huse wrote:

> Hi, I'm trying to get the ldapdb plugin working with postfix and
> cyrus-imapd. I've come quite far, but I still have some problems.
>
> I'm not sure exactly what fails, right now, the whole thing hangs when I
> try to login. Normal (simple binds ) are ok. It seems to be openldap
> that hangs.
>
> If I try to search directly against the ldap server I get:
> %ldapsearch -h localhost -Y digest-md5 -U tarjei -w tarjei -v
> '(objectClass=*)'
> ldap_init( localhost, 0 )
> SASL/DIGEST-MD5 authentication started
>

You need to have the following work:

ldapsearch -h localhost -Y digest-md5 -U tarjei -w tarjei \
-X u:<some_other_userid> -v '(objectClass=*)'

> THe logs give me:
> (from the local facility:)
> Oct  8 16:18:02 erna slapd[11986]: conn=22 fd=50 ACCEPT from IP=::1 1251
> (IP=:: 389)
>
> Which isn't much to go on. Looking at the logs when I try to log on to
> the cyrus-server, I get:
> Oct  8 16:25:58 erna slapd[12177]: conn=15 op=0 BIND dn="" method=163
> Oct  8 16:25:58 erna slapd[12176]: DIGEST-MD5 client step 2
> Oct  8 16:25:58 erna slapd[12176]: DIGEST-MD5 client step 2
> Oct  8 16:25:58 erna slapd[12177]: conn=15 op=1 BIND dn="" method=163
> Oct  8 16:25:59 erna slapd[12160]: conn=16 fd=44 ACCEPT from IP=::1 1288
> (IP=:: 389)
>
> This is repeated some 10/12 times.
>
> Does anyone have a clue in what is wrong?
>
>
> Tarjei
>
> The system is configured as follows:
>
> This is what I'm getting from slapd:
> Oct  8 16:10:29 erna slapd[11986]: conn=14 fd=39 ACCEPT from IP=::1 1243
> (IP=:: 389)
> Oct  8 16:10:29 erna slapd[12002]: conn=14 op=0 BIND dn="" method=163
> Oct  8 16:10:29 erna slapd[12001]: DIGEST-MD5 client step 2
> Oct  8 16:10:29 erna slapd[12001]: DIGEST-MD5 client step 2
>
> I've configured the services in the following way:
> In slapd.conf:
> sasl-regexp uid=(.*),cn=DIGEST-MD5,cn=auth uid=$1,ou=admins,o=ispman
> sasl-regexp uid=(.*),cn=DIGEST-MD5,cn=auth
> uid=$1,ou=users,ispmanDomain=(.*),o=ispman
>
> password-hash {CLEARTEXT}
>
> # in /usr/lib/sasl2:
> cat /usr/lib/sasl2/slapd.conf
> pwcheck_method: auxprop
> auxprop_plugin: ldapdb
                  ^^^^^^  This causing your hangs.

Change to:
auxprop_plugin: slapd

> ldapdb_uri: ldap://localhost
> ldapdb_id: tarjei
> ldapdb_pw: tarjei
> ldapdb_mech: Digest-MD5
>

/usr/lib/sasl2/slapd.conf is really not needed in your setup.

> in imapd.conf I got:
> sasl_pwcheck_method: auxprop
> sasl_auxprop_plugin: ldapdb
> sasl_ldapdb_uri: ldap://localhost
> sasl_ldapdb_id: tarjei
> sasl_ldapdb_pw: tarjei
> sasl_ldapdb_mech: Digest-MD5 login

'login' mech will not work becuase it does not support proxy
authorization.

-- 
Igor

Follow-Ups:
- Re: Trying to get the ldapdb plugin working.
  - From: Tarjei Huse <tarjei@nu.no>

References:
- Trying to get the ldapdb plugin working.
  - From: Tarjei Huse <tarjei@nu.no>

Prev by Date: Squid + Windows + LDAP
Next by Date: Re: rewrite a login into a dn in simple bind
Index(es):
- Chronological
- Thread