[EMAIL PROTECTED] wrote:
>
> hi everyone,
>
> i've search thru the mailing list without success to look for an answer to my
>question. simply put, i have to login the first time with a wrong password and then
>again with the correct one to login to the imap server. if on the first try i supply
>a correct one, the server will return a <prot layer failure>.
>
> i do not know where the problem lies, so after thinking for a while i decided to go
>for the pwcheck_ldap option. but then i discovered that i can't use it on
>cyrus-imapd > 1.6
Unfortunately, I've nailed the problem down to pam_ldap/nss_ldap, both
of which have bugs
that close the LDAP connections before they should be closed.
I want to find the people who wrote the pam & nss ldap modules, and beat
them over the head
with a 17" monitor - the source code consists of a ton of macros... it's
ridiculous. I'm afraid
to patch the source for fear I'll generate more bugs.
My solution was to do pwcheck_ldap -- actually, a patched pwcheck that
can authenticate
out of /etc/shadow OR ldap - but as you've mentioned, that isn't an
option with 2.0.
Perhaps we can make some noise on the nss_ldap and pam_ldap mailing
lists. :) I'm already
subscribed. I'm going to see if someone has patches for the current
versions of pam_ldap
and nss_ldap that will fix the problems.
Just to confirm that I'm seeing the same thing you are, please telnet to
port 110 of
your mail server and manually enter the correct Pop3 User and Pass
commands for an account
that is authenticated off your LDAP server, and tell me you get an error
message about
an assertion regarding ldo_valid(). Also try manually logging in via a
telnet session to
port 143 (IMAP).
Thanks.
--
Tired of Earthlink? Get JustTheNet!
Nationwide Dialup, ISDN, DSL, ATM, Frame Relay, T-1, T-3, and more.
EARTHLINK AMNESTY PROGRAM: Buy a year, get two months free
More info coming soon to http://JustThe.net, or e-mail me!
B!ff: K3wl, w3'v3 r00t3D da [EMAIL PROTECTED] 0h CrAp, INC0M!Ng $%^NO CARRIER
