[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: 2.1.23 w/ StartTLS not authenticating Courier-IMAP

To: openldap-software@OpenLDAP.org
Subject: Re: 2.1.23 w/ StartTLS not authenticating Courier-IMAP
From: Tony Earnshaw <tonye@billy.demon.nl>
Date: Fri, 02 Jan 2004 10:18:57 +0100
In-reply-to: <20040102045334.GA3633@new.theoretic.com>
Organization: Billy
References: <20040102045334.GA3633@new.theoretic.com>

fre, 02.01.2004 kl. 05.53 skrev Adam Theo:

> I have set up a Postfix + LDAP/StartTLS + Courier-IMAP system. I am 
> attempting to test the connection by using an IMAP client. However, it 
> is returning a "wrong username/password" error, which is odd, since I 
> can bind fine to this account fine using ldapsearch.

I've spent a reasonable amount of time (obviously independent of you :)
getting all the above working for my own setup, and I have no problems -
everything works for me. However, I've found that interaction for
Postfix is highly version-dependent, Courier less so.

I can't make head or tail of your slapd log - log at -d256. Here's the
result of a successful login to Courier IMAP 2.2.1, Openldap 2.1.25,
using STARTTLS from a command line login: 'openssl s_client -connect
localhost:143':
____________________________________________________________________

Jan  2 09:57:59 billy slapd[18456]: conn=1374 fd=23 ACCEPT from
IP=127.0.0.1:3169 (IP=0.0.0.0:389)
Jan  2 09:57:59 billy slapd[18456]: conn=1374 op=1 BIND
dn="cn=admin,dc=billy,dc=demon,dc=nl" method=128
Jan  2 09:57:59 billy slapd[18456]: conn=1374 op=1 BIND
dn="cn=admin,dc=billy,dc=demon,dc=nl" mech=simple ssf=0
Jan  2 09:57:59 billy slapd[18456]: conn=1374 op=1 RESULT tag=97 err=0
text=
Jan  2 09:57:59 billy slapd[18456]: conn=1374 op=2 SRCH
base="dc=billy,dc=demon,dc=nl" scope=2
filter="(&(objectClass=posixAccount)(uid=tonni))"
Jan  2 09:57:59 billy slapd[18456]: conn=1374 op=2 SRCH
attr=homeDirectory mailbox cn userPassword userPassword uidNumber
gidNumber uid
Jan  2 09:57:59 billy slapd[18456]: conn=1374 op=2 SEARCH RESULT tag=101
err=0 nentries=1 text=
Jan  2 09:57:59 billy slapd[18456]: conn=1375 fd=29 ACCEPT from
IP=127.0.0.1:3170 (IP=0.0.0.0:389)
Jan  2 09:57:59 billy slapd[18456]: conn=1375 op=1 BIND
dn="cn=tonni,ou=people,ou=groups,dc=billy,dc=demon,dc=nl"
method=128                                                                                                                            
Jan  2 09:57:59 billy slapd[18456]: conn=1375 op=1 BIND
dn="cn=tonni,ou=people,ou=groups,dc=billy,dc=demon,dc=nl" mech=simple
ssf=0
Jan  2 09:57:59 billy slapd[18456]: conn=1375 op=1 RESULT tag=97 err=0
text=
Jan  2 09:57:59 billy slapd[18456]: conn=1375 op=2 UNBIND
Jan  2 09:57:59 billy slapd[18456]: conn=1375 fd=29 closed
__________________________________________________________________

As you'll see:

1: I'm using a proxy user (admin) with full rights to the directory tree
to read user passwords to do an initial simple (non-SASL) bind and
supply the user password - then using that password to bind as the user;
2: The user is an LDAP-based posixAccount Unix local user, as are all my
Postfix and Courier users on this machine - i.e. I have no virtual users
in this setup.

Dunno if that helps at all. A better forum would be the Courier list for
that utility and the Postfix list for that utility, since many people
are doing what you're trying and you'd probably get better help there.

Incidentally, forget the Courier logging - it's utterly useless and
nobody likes it.

Best,

--Tonni

P.s. don't cc me - with your mail address, you'll get denied access ;)

-- 
mail: billy - at - billy.demon.nl
http://www.billy.demon.nl

Follow-Ups:
- Re: 2.1.23 w/ StartTLS not authenticating Courier-IMAP
  - From: Adam <adamtheo@new.theoretic.com>

References:
- 2.1.23 w/ StartTLS not authenticating Courier-IMAP
  - From: Adam Theo <adamtheo@new.theoretic.com>

Prev by Date: Re: bdb_index_read: failed (-30990)
Next by Date: Re: LDAP Authorization from Apache
Index(es):
- Chronological
- Thread