I am not sure if this is a possible option for you. But I use PAM to do all of my authentication. And I have pam do my ldap lookups to validate users. You just need to add the ldap modules to pam. and edit the /etc/ldap.conf to point your host ... and set the base to the base search. Everything else in the file you can pretty much leave alone. I am not sure if I edited the /etc/nsswitch.conf file too ... I think that was w/ something else. But PAM is the way to go in my opinion.
kevin If you want specific details feel free to write me back. On Fri, 2002-04-05 at 10:28, Andre Correa wrote: > > Hi, this is my first post here, but it is an important question > that I have and I will appreciate any help you guys can give me. > > I'm working as a consultant for a company that wants to have an > email server (POP3, IMAP and WebMail) authenticating in their > Windows 2000 Active Directory forest. I installed a Slackware 8, > kernel 2.4.18, with Courier-IMAP/POP3 1.4.3 and OpenLDAP 2.0.23, but > I cannot make it work. > > I configured Courier-IMAP/POP3 to make LDAP queries like this: > (suppose my domain is abcd.br and my user is username@dmz in a server > dmz.abcd.br with IP address 10.96.0.9) > > LDAP_SERVER = 10.96.0.3 > LDAP_PORT = 389 > LDAP_BASEDN = ou=users, dc=abcd, dc=br > > LDAP_BINDDN and LDAP_BINDPW are still misterious to me. Do I need > then? This user must be an AD admins!? > > LDAP_MAIL = cn (Is this the field on AD that should the lookup?) > > LDAP_DOMAIN = abcd.br > LDAP_CLEARPW = clearPassword (Is it the right choice) > > Then I tried to authenticate and sniffied the packets and got some > strange results... > > Packet ID (from_IP.port-to_IP.port): 10.96.0.9.1055-10.96.0.3.389 > E . . . . . @ . @ . . . . ` . . . ` . . . . . . r . O M . . . . . . . . . . > . . . . . . . n . @ . . . . 0 d . . . c _ . . o u = u s e r s , d c = a b > c d , d c = b r . . . . . . . . . . . . . . . . . . . c n . . u s e r n a > m e @ d m z 0 . . h o m e D i r . . c n . . c l e a r P a s s w o r d . . > c n > > Packet ID (from_IP.port-to_IP.port): 10.96.0.3.389-10.96.0.9.1055 > E . . . . . @ . . . . . . ` . . . ` . . . . . . . . . . r . O . . . C . l E > . . . . . . . . . . . n . @ 0 . . . . . . . . e . . . . . . . . . . . L 0 0 > 0 0 2 0 2 B : R e f E r r : D S I D - 0 3 1 0 0 5 E E , d a t a 0 , > 1 a c c e s s p o i n t s . . r e f 1 : ' a b c d . b r ' . . . . > . . . - . + l d a p : / / a b c d . b r / o u = u s e r s , % 2 0 d c = a b > c d , % 2 0 d c = b r > > In my /var/log/syslog I get: > > Apr 4 17:38:45 betamail authdaemond.ldap: ldap_simple_bind_s failed: Invalid >credentials > Apr 4 17:38:50 betamail pop3d: LOGIN FAILED, ip=[::ffff:127.0.0.1] > Apr 5 13:08:49 betamail imapd: DISCONNECTED, ip=[::ffff:127.0.0.1], headers=0, >body=0 > > So here goes my doubts: > > - I think the LDAP query is just fine, am I right? > > - For me the problem seens to be that W2K is not allowing me to query > AD and that this: "Invalid credentials" message is just about it. I've > tried to use LDAP_BINDDN and LDAP_BINDPW with an administrator > username and password with no different results. > > - I couldn't find my password sent in this packets... and couldn't figure > out why... > > Is there somebody who can give me any light on this?! I read the > documentation but it is not oriented to people trying to work with W2K > LDAP database, just a OpenLDAP database... and Microsoft search > for the error message helped nothing... > > Sorry for the long email... I will try to get all the help, solve the > problem and then write a paper about it... maybe a mini-HOWTO for > others that may be in the same situation... > > tks for your attention.. > > Andre Correa > [EMAIL PROTECTED] > > > _______________________________________________ > courier-users mailing list > [EMAIL PROTECTED] > Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
