abhilash s wrote:
Could you please include the config line that you used for it? It looks
like the ldap_auth_filter_attr is unset, and/or it looks like the
username isn't coming through.
In my
/home/smtpd/config/plugin for using ldap_bind I just used the plugin
name like following
auth_ldap_bind
whitelist_soft
and in /home/smtpd/config/ldap file
ldap_base ou=People,dc=domain,dc=com
ldap_auth_filter_attr uid
Is your ldap base really dc=domain,dc=com? I'm assuming it's not, as
you have 'dc=achu,dc=com' in your ldap logs below... If you could
copy/paste the actual lines, that would help.
What is the client that you are using? Could you try using swaks[0] and
test authenticating that way?
[0]: http://jetmore.org/john/code/#swaks
I tried swaks from my localmachine using the following command :
cat test | ./swaks -g -n -t [EMAIL PROTECTED] -tlso -a LOGIN -au
"[EMAIL PROTECTED]" -ap passwd
and I got the output like this :
=== Trying mail.achu:25...
=== Connected to mail.achu.com.
<- 220 mail.achu.com ESMTP qpsmtpd 0.32 ready; send us your mail, but
not your spam.
-> EHLO localhost.localdomain
<- 250-mail.achu.com Hi static-1.2.3.4.abc.net[1.2.3.4]
<- 250-PIPELINING
<- 250-8BITMIME
<- 250 AUTH PLAIN LOGIN
*** STARTTLS not supported
-> AUTH LOGIN
<- 334 VXNl3y7cWpa9
-> YWJoaWxhc2hAdHVydGxlaXNsWTod5487YRS==
<- 334 UGFzc387S94TYG
-> SNIPSNIPSNIPSNIPSNIP
<** 535 Authentication failed for [EMAIL PROTECTED] -
*** No authentication type succeeded
-> QUIT
<- 221 mail.achu.com closing connection. Have a wonderful day.
=== Connection closed with remote host.
You will want to change your password if that was not a testing machine.
The above SNIPSNIPSNIPSNIP string was your password (base64 encoded,
I believe.)
and in qpsmtpd log :
@40000000466e86b90680d92c 7187 250-PIPELINING
@40000000466e86b90680ecb4 7187 250-8BITMIME
@40000000466e86b90681003c 7187 250 AUTH PLAIN LOGIN
@40000000466e86b931dbfffc 7187 dispatching AUTH LOGIN
@40000000466e86b931e1d814 7187 334 VXNl3y7cWpa9
@40000000466e86ba0acf3064 7187 334 UGFzc387S94TYG
@40000000466e86ba1f9d25b4 7187 running plugin (auth-login): auth_ldap_bind
@40000000466e86ba20da648c 7187 auth_ldap_bind plugin: authldap/login -
user not found
@40000000466e86ba20e4670c 7187 Plugin auth_ldap_bind, hook auth-login
returned DECLINED, authldap/login - wrong username or password
@40000000466e86ba20e7a714 7187 535 Authentication failed for
[EMAIL PROTECTED] -
@40000000466e86ba20eb1214 7187 Authentication failed for
[EMAIL PROTECTED] -
@40000000466e86ba35b95d54 7187 dispatching QUIT
@40000000466e86ba35b978ac 7187 running plugin (quit): quit_fortune
And the LDAP log shows :
Jun 12 07:44:38 cobra slapd[3074]: conn=3106 fd=18 ACCEPT from
IP=127.0.0.1:36475 (IP=0.0.0.0:389)
Jun 12 07:44:38 cobra slapd[3074]: conn=3104 fd=14 closed (idletimeout)
Jun 12 07:44:38 cobra slapd[3074]: conn=3107 fd=14 ACCEPT from
IP=127.0.0.1:36476 (IP=0.0.0.0:389)
Jun 12 07:44:38 cobra slapd[3074]: conn=3107 op=0 BIND dn="
uid=abhilash,dc=achu,dc=com" method=128
Jun 12 07:44:38 cobra slapd[3074]: conn=3107 op=0 BIND
dn="uid=abhilash,dc=achu,dc=com" mech=SIMPLE ssf=0
Jun 12 07:44:38 cobra slapd[3074]: conn=3107 op=0 RESULT tag=97 err=0 text=
Jun 12 07:44:38 cobra slapd[3074]: conn=3106 op=0 SRCH
base="ou=People,dc=achu,dc=com" scope=2 deref=2
filter="(uid=abhilash)"
Jun 12 07:44:38 cobra slapd[3074]: conn=3106 op=0 SRCH attr=uid
Jun 12 07:44:38 cobra slapd[3074]: conn=3106 op=0 SEARCH RESULT
tag=101 err=0 nentries=0 text=
The auth_ldap_bind plugin doesn't seem to be able to find that user, and
your LDAP logs show that the user isn't being returned when it's
searched for. It also shows a bind using the DN
'uid=abhilash,dc=achu,dc=com'.
What happens when you:
ldapsearch -x -D cn=admin,dc=achu,dc=com -W -s sub -b
ou=People,dc=achu,dc=com 'uid=abhilash'
or
ldapsearch -x -D cn=admin,dc=achu,dc=com -W -s sub -b dc=achu,dc=com
'uid=abhilash'
Does the second one turn up the user?
Also, are you no longer getting the 'use of uninitialized value in
concatenation' in your qpsmtpd logs when you use swaks?
Hope to get help.
Thanks,
Abhilash.S
