**********************************************************************
[EMAIL PROTECTED] wrote on Fri Jun 08 15:42:17 CST 2001
**********************************************************************
hi!
thanks a lot 4 ur reply. it seems to me that there's no simple way that we can use
cyrus 2.x with ldap at this moment?? i swtiched back to cyrus 1.5.19 w/ pwcheck_ldap
compiled in. it is working ok now, and i can continue with the testing.
i m still interested in setting up 2.x with ldap. but it will not be on my priority
list now. we'll keep an eye on the development of the pam_ldap issue that u have
spotted. let's hope it will get resolved soon.
concerning on the error code, i didn't get "ldo_valid()" exception. maybe i didn't
set syslogd facility properly to log the error. imapd certainly exits. it got killed
"by 11" (sigseg??) i've also checked the ldap logs and the connection was unbind
cleanly after successful binding to the desired dn. however, there is no log of
pam_ldap module (so i guess u r right that pam_ldap died prematurely). if u can mail
me some instructions, then i can setup to see if the error is what u expected.
thanks again,
manuel.
**********************************************************************
[EMAIL PROTECTED] wrote on Fri Jun 08 05:34:45 CST 2001
**********************************************************************
[EMAIL PROTECTED] wrote:
>
> hi everyone,
>
> i've search thru the mailing list without success to look for an answer to my
>question. simply put, i have to login the first time with a wrong password and then
>again with the correct one to login to the imap server. if on the first try i supply
>a correct one, the server will return a <prot layer failure>.
>
> i do not know where the problem lies, so after thinking for a while i decided to go
>for the pwcheck_ldap option. but then i discovered that i can't use it on
>cyrus-imapd > 1.6
Unfortunately, I've nailed the problem down to pam_ldap/nss_ldap, both
of which have bugs
that close the LDAP connections before they should be closed.
I want to find the people who wrote the pam & nss ldap modules, and beat
them over the head
with a 17" monitor - the source code consists of a ton of macros... it's
ridiculous. I'm afraid
to patch the source for fear I'll generate more bugs.
My solution was to do pwcheck_ldap -- actually, a patched pwcheck that
can authenticate
out of /etc/shadow OR ldap - but as you've mentioned, that isn't an
option with 2.0.
Perhaps we can make some noise on the nss_ldap and pam_ldap mailing
lists. :) I'm already
subscribed. I'm going to see if someone has patches for the current
versions of pam_ldap
and nss_ldap that will fix the problems.
Just to confirm that I'm seeing the same thing you are, please telnet to
port 110 of
your mail server and manually enter the correct Pop3 User and Pass
commands for an account
that is authenticated off your LDAP server, and tell me you get an error
message about
an assertion regarding ldo_valid(). Also try manually logging in via a
telnet session to
port 143 (IMAP).
Thanks.
--
Tired of Earthlink? Get JustTheNet!
Nationwide Dialup, ISDN, DSL, ATM, Frame Relay, T-1, T-3, and more.
EARTHLINK AMNESTY PROGRAM: Buy a year, get two months free
More info coming soon to http://JustThe.net, or e-mail me!
B!ff: K3wl, w3'v3 r00t3D da [EMAIL PROTECTED] 0h CrAp, INC0M!Ng $%^NO CARRIER
