Re: [courier-users] authldap problem when not using LDAP_AUTHBIND

Sun, 01 Feb 2009 06:39:13 -0800 

Harry Duncan wrote:

On Sun, Feb 1, 2009 at 10:03 AM, Sebastiaan van Erk <[email protected]> wrote:

Hi,

I'm using FreeBSD 7.1 with the following versions of courier/squirrel:

courier-authlib-base-0.62.1
courier-authlib-ldap-0.62.1_1
courier-imap-4.4.1,2
squirrelmail-1.4.17
squirrelmail-change_ldappass-plugin-2.2_2

When I set the password for a mail user using ldappasswd, everything works
fine and well. When I change the password using the squirrelmail password
change plugin, courier no longer authenticates my user:

# authtest sebster aaa
Authentication FAILED: Operation not permitted


try:

# authtest sebster

and not

# authtest sebster aaa

Harry.
I had already reset the password (aaa was just for testing), so I set LDAP_AUTHBIND back to 0, reset my password to 'test' using ldappasswd, and changed my password back to aaa using squirrelmail. This reproduces the above conditions... 

# authtest sebster
Authentication succeeded.

     Authenticated: sebster  (uid 2000, gid 2000)
    Home Directory: /data/mail/popboxes/sebster-com/sebster
           Maildir: (none)
             Quota: (none)
Encrypted Password: {SSHA}nGQ1TI/bDAEAsndKHI63o63eAOk5OTlhNjMzNg==
Cleartext Password: (none)
           Options: wbnodsn=1
The encrypted password looks fine to me (I tested it, it really is a hash of "aaa" + salt).
The following commands show that an ldap bind with password aaa works, and the authtest sebster aaa command fails. 

# authtest sebster aaa
Authentication FAILED: Operation not permitted

# ldapsearch -D 'uid=sebster,ou=users,dc=sebster,dc=com,dc=dot' -W
Enter LDAP Password: [email protected]
# extended LDIF
#
# LDAPv3
# base <> (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 32 No such object

# numResponses: 1

Regards,
Sebastiaan

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

------------------------------------------------------------------------------
This SF.net email is sponsored by:
SourcForge Community
SourceForge wants to tell your story.
http://p.sf.net/sfu/sf-spreadtheword
_______________________________________________
courier-users mailing list
[email protected]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Reply via email to