Re: [courier-users] IMAP authenticate against Active Directory

Fri, 31 Mar 2006 15:36:07 -0800 

This is what I did in authldaprc to enable AD authentication:


##NAME: LDAP_AUTHBIND:0
#
# Define this to have the ldap server authenticate passwords.  If LDAP_AUTHBIND
# the password is validated by rebinding with the supplied userid and password.
# If rebind succeeds, this is considered to be an authenticated request.  This
# does not support CRAM-MD5 authentication, which requires clearPassword.
# Additionally, if LDAP_AUTHBIND is 1 then password changes are done under
# the credentials of the user themselves, not LDAP_BINDDN/BINDPW
#
LDAP_AUTHBIND           1



On Fri, 31 Mar 2006 17:09:22 -0600 [EMAIL PROTECTED] wrote:
> From what I read courier-imap will authenticate with various ldap system
> including active directory.  I have a Debian Sarge install using
> courier-imap
> 3.0.8-4, courier-ldap  0.47,courier-authdaemon 0.47. ldapsearch works
> fine. I
> have another server that I can authenticate against the active directory
> using both apache and php. However I cannot seem to get the imap authdaemon
> to authenticate against the active directory. My /var/log/debug has the
> following (modified to remove real names and passwords):
> 
> 
> Mar 31 16:42:23 localhost imaplogin: LOGIN: DEBUG: ip=[::ffff:127.0.0.1],
> command=LOGIN
> Mar 31 16:42:23 localhost imaplogin: LOGIN: DEBUG: ip=[::ffff:127.0.0.1],
> username=LDAPtest
> Mar 31 16:42:23 localhost imaplogin: LOGIN: DEBUG: ip=[::ffff:127.0.0.1],
> password=test
> Mar 31 16:42:23 localhost imaplogin: authdaemon: starting client module
> Mar 31 16:42:23 localhost authdaemond.ldap: received auth request,
> service=imap, authtype=login
> Mar 31 16:42:23 localhost authdaemond.ldap: authldap: trying this module
> Mar 31 16:42:23 localhost authdaemond.ldap: selected ldap protocol
> version 3
> Mar 31 16:42:23 localhost authdaemond.ldap: binding to LDAP server as DN
> 'cn=LDAPAuth,cn=Users,dc=test,dc=com', passwo
> rd 'test'
> Mar 31 16:42:23 localhost authdaemond.ldap: using search filter:
> (sAMAccountName=LDAPtest)
> Mar 31 16:42:23 localhost authdaemond.ldap: ldap_search_st() failed
> Mar 31 16:42:23 localhost authdaemond.ldap: authldap: TEMPFAIL - no more
> modules will be tried
> Mar 31 16:42:24 localhost imaplogin: authdaemon: TEMPFAIL - no more modules
> will be tried
> Mar 31 16:42:29 localhost imaplogin: LOGIN FAILED, ip=[::ffff:127.0.0.1]
> 
> I generated this using the following telnet string:
> 
> mail:~# telnet localhost 143
> Trying 127.0.0.1...
> Connected to localhost.localdomain.
> Escape character is '^]'.
> * OK [CAPABILITY IMAP4rev1 NAMESPACE AUTH=CRAM-MD5 CHILDREN IDLE QUOTA SORT
> THREAD=ORDEREDSUBJECT THREAD=REFERENCES UIDPLUS ACL ACL2=UNION STARTTLS]
> Courier-IMAP ready. Copyright 1998-2004 Double Precision, Inc.  See COPYING
> for distribution information.
> 001 login LDAPtest test
> 001 NO Login failed.
> 
> My authldaprc has:
> 
> LDAP_SERVER dc1.test.com
> LDAP_PORT 389
> LDAP_PROTOCOL_VERSION 3
> LDAP_BASEDN dc=test,dc=com
> LDAP_BINDDN cn=LDAPtest,cn=Users,dc=test,dc=com
> LDAP_BINDPW test
> LDAP_AUTHBIND 1
> LDAP_MAILROOT /home/virtual
> LDAP_MAIL sAMAccountName
> #LDAP_MAIL userPrincipalName
> #LDAP_FILTER sAMAccountName
> #LDAP_DOMAIN test.com
> LDAP_HOMEDIR homeDirectory
> LDAP_CLEARPW userPassword
> LDAP_UID 103
> LDAP_GID 104
> LDAP_TLS 0
> 
> However the following ldapsearch string works:
> 
> ldapsearch -x -b "dc=test,dc=com" -D
> cn=LDAPtest,cn=Users,dc=test,dc=com -W -h
> dc1.test.comv sAMAccountName=LDAPtest
> 
> anyone have an idea what I am doing wrong? I have played with the
> authldaprc
> file for a day trying different things with the same error. I can get the
> authmysql to work but not the authldap.
> 
> Also  authdaemon.ldap is running:
> 
> oot      5875  0.0  0.0  1656  460 ?        S    16:41
> 0:00 /usr/sbin/courierlogger -pid=/var/run/courier/authdaemon/pid
> -start /usr/lib/courier/authlib/authdaemond.ldap
> root      5876  0.0  0.0  3532  904 ?        S    16:41
> 0:00 /usr/lib/courier/authlib/authdaemond.ldap
> 
> what am I doing wrong?
> 
> 
> Phil
> 
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by xPML, a groundbreaking scripting language
> that extends applications into web and mobile media. Attend the live
> webcast
> and join the prime developer group breaking into this new coding territory!
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid0944&bid$1720&dat1642
> _______________________________________________
> courier-users mailing list
> [email protected]
> Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


--
Lyndon Tiu


-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
courier-users mailing list
[email protected]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Reply via email to