Hi All, thanks for the answers !!!
I made other tests : If I try this : ldapsearch -xLLL -H ldap://localhost:389 -D cn=rcuser, ou=rcabook,dc=localhost -w rcpass -b ou=rcabook,dc=localhost it works fine. If I try this : ldapsearch -xLLL -H ldap://localhost:389 -D cn=mark, ou=private,ou=rcabook,dc=localhost -w xxxx It answer : ldap_bind: Invalid credentials (49), so I think that there is an ACL problem. I think that there is an error in the script rcabook-setup.sh. I did run and run again the script rcabook-setup.sh, it doesn't return errors and it said : The LDAP addressbook is ready now for using: base_dn: ou=rcabook,dc=localhost bind_dn: cn=rcuser,ou=rcabook,dc=localhost Use the following command for reading and checking your setup: ldapsearch -xLLL -H ldap://localhost:389 -D cn=rcuser,ou=rcabook, dc=localhost -w rcpass -b ou=rcabook,dc=localhost I report my ldap.log with the debug of ldap server : daemon: activity on: slap_listener_activate(7): daemon: epoll: listen=7 busy daemon: epoll: listen=8 active_threads=0 tvp=zero >>> slap_listener(ldap:///) daemon: listen=7, new connection on 13 daemon: activity on 1 descriptor daemon: activity on: daemon: epoll: listen=7 active_threads=0 tvp=zero daemon: epoll: listen=8 active_threads=0 tvp=zero daemon: added 13r (active) listener=(nil) daemon: activity on 1 descriptor conn=21 fd=13 ACCEPT from IP=127.0.0.1:45320 (IP=0.0.0.0:389) daemon: activity on: 13r daemon: read active on 13 daemon: epoll: listen=7 active_threads=0 tvp=zero connection_get(13) daemon: epoll: listen=8 active_threads=0 tvp=zero connection_get(13): got connid=21 connection_read(13): checking for input on id=21 ber_get_next ldap_read: want=8, got=8 0000: 30 84 00 00 00 3e 02 01 0....>.. ldap_read: want=60, got=60 0000: 01 60 84 00 00 00 35 02 01 03 04 2a 63 6e 3d 6d .`....5....*cn=m 0010: 61 72 6b 2c 6f 75 3d 70 72 69 76 61 74 65 2c 6f ark,ou=private,o 0020: 75 3d 72 63 61 62 6f 6f 6b 2c 64 63 3d 6c 6f 63 u=rcabook,dc=loc 0030: 61 6c 68 6f 73 74 80 04 78 78 78 78 alhost..xxxx ber_get_next: tag 0x30 len 62 contents: ber_dump: buf=0xa0b040a8 ptr=0xa0b040a8 end=0xa0b040e6 len=62 0000: 02 01 01 60 84 00 00 00 35 02 01 03 04 2a 63 6e ...`....5....*cn 0010: 3d 6d 61 72 6b 2c 6f 75 3d 70 72 69 76 61 74 65 =mark,ou=private 0020: 2c 6f 75 3d 72 63 61 62 6f 6f 6b 2c 64 63 3d 6c ,ou=rcabook,dc=l 0030: 6f 63 61 6c 68 6f 73 74 80 04 78 78 78 78 ocalhost..xxxx op tag 0x60, time 1330963449 ber_get_next ldap_read: want=8 error=Resource temporarily unavailable conn=21 op=0 do_bind ber_scanf fmt ({imt) ber: ber_dump: buf=0xa0b040a8 ptr=0xa0b040ab end=0xa0b040e6 len=59 0000: 60 84 00 00 00 35 02 01 03 04 2a 63 6e 3d 6d 61 `....5....*cn=ma 0010: 72 6b 2c 6f 75 3d 70 72 69 76 61 74 65 2c 6f 75 rk,ou=private,ou 0020: 3d 72 63 61 62 6f 6f 6b 2c 64 63 3d 6c 6f 63 61 =rcabook,dc=loca 0030: 6c 68 6f 73 74 80 04 78 78 78 78 lhost..xxxx ber_scanf fmt (m}) ber: ber_dump: buf=0xa0b040a8 ptr=0xa0b040e0 end=0xa0b040e6 len=6 0000: 00 04 78 78 78 78 ..xxxx >>> dnPrettyNormal: <cn=mark,ou=private,ou=rcabook,dc=localhost> => ldap_bv2dn(cn=mark,ou=private,ou=rcabook,dc=localhost,0) <= ldap_bv2dn(cn=mark,ou=private,ou=rcabook,dc=localhost)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=mark,ou=private,ou=rcabook,dc=localhost)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=mark,ou=private,ou=rcabook,dc=localhost)=0 <<< dnPrettyNormal: <cn=mark,ou=private,ou=rcabook,dc=localhost>, <cn=mark, ou=private,ou=rcabook,dc=localhost> conn=21 op=0 BIND dn="cn=mark,ou=private,ou=rcabook,dc=localhost" method=128 do_bind: version=3 dn="cn=mark,ou=private,ou=rcabook,dc=localhost" method=128 ==> bdb_bind: dn: cn=mark,ou=private,ou=rcabook,dc=localhost bdb_dn2entry("cn=mark,ou=private,ou=rcabook,dc=localhost") => bdb_dn2id("cn=mark,ou=private,ou=rcabook,dc=localhost") <= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30988) send_ldap_result: conn=21 op=0 p=3 send_ldap_result: err=49 matched="" text="" send_ldap_response: msgid=1 tag=97 err=49 ber_flush2: 22 bytes to sd 13 0000: 30 84 00 00 00 10 02 01 01 61 84 00 00 00 07 0a 0........a...... 0010: 01 31 04 00 04 00 .1.... ldap_write: want=22, written=22 0000: 30 84 00 00 00 10 02 01 01 61 84 00 00 00 07 0a 0........a...... 0010: 01 31 04 00 04 00 .1.... conn=21 op=0 RESULT tag=97 err=49 text= daemon: activity on 1 descriptor daemon: activity on: daemon: epoll: listen=7 active_threads=0 tvp=zero daemon: epoll: listen=8 active_threads=0 tvp=zero daemon: activity on 1 descriptor daemon: activity on: 13r daemon: read active on 13 daemon: epoll: listen=7 active_threads=0 tvp=zero connection_get(13) daemon: epoll: listen=8 active_threads=0 tvp=zero connection_get(13): got connid=21 connection_read(13): checking for input on id=21 ber_get_next ldap_read: want=8, got=0 ber_get_next on fd 13 failed errno=0 (Success) connection_read(13): input error=-2 id=21, closing. connection_closing: readying conn=21 sd=13 for close connection_close: conn=21 sd=13 daemon: activity on 1 descriptor daemon: removing 13 daemon: activity on: conn=21 fd=13 closed (connection lost) daemon: epoll: listen=7 active_threads=0 tvp=zero daemon: epoll: listen=8 active_threads=0 tvp=zero Thanks a lot Mark >----Messaggio originale---- >Da: [email protected] >Data: 05/03/2012 14.09 >A: "[email protected]"<[email protected]>, <[email protected]> >Ogg: Re: [RCU] Ldap Addressbook : problem for credentials in private addressbook > >Hei >I am i ski hollydays and have not my setup in front. > >Your setup seems ok, but can you try to connect with ldapsearch on the commandline? >Another try could be to switch on logging in slapd.conf >Ldap.conf is not used by server but by clients like ldapsearch... > >Andreas > > > >"[email protected]" <[email protected]> schrieb: > >>Hi All, >> >>I configured the ldap server and roundcube to manage contacts. I used >>the >>howto : http://trac.roundcube.net/wiki/Howto_Ldap. It work quite, I >>have only >>a problem for credentials in private addressbook. The public >>addressbook works >>fine, I can search and add contacts. >> >>I checked the Mark's password and it is correct. I tried to use rootpw >>but it >>doesn't works. >> >>My versions are : >>openldap-servers-2.4.19-6 >>php-5.3.3-1 >>roundcube 0.7.1 >> >>I report the error in ldap log of rouncube, my slapd.conf and my >>main.inc.php. >> >>Thanks a lot >> >>Mark >> >>-------------------------------- >>logs/ldap : >> >>[05-Mar-2012 10:09:01 +0100]: C: Connect [localhost:389] >>[05-Mar-2012 10:09:01 +0100]: S: OK >>[05-Mar-2012 10:09:01 +0100]: C: Bind [dn: >>cn=mark,ou=private,ou=rcabook, >>dc=localhost] [pass: xxxx] >>[05-Mar-2012 10:09:01 +0100]: S: Invalid credentials >>[05-Mar-2012 10:09:01 +0100]: C: Close >> >> >>[05-Mar-2012 10:14:24 +0100]: C: Connect [localhost:389] >>[05-Mar-2012 10:14:24 +0100]: S: OK >>[05-Mar-2012 10:14:24 +0100]: C: Bind [dn: >>cn=mark,ou=private,ou=rcabook, >>dc=localhost] [pass: xxxx] >>[05-Mar-2012 10:14:24 +0100]: S: Invalid credentials >>[05-Mar-2012 10:14:24 +0100]: C: Close >>[05-Mar-2012 10:27:42 +0100]: C: Connect [localhost:389] >>[05-Mar-2012 10:27:42 +0100]: S: OK >>[05-Mar-2012 10:27:42 +0100]: C: Bind [dn: >>cn=mark,ou=private,ou=rcabook, >>dc=localhost] [pass: xxxx] >>[05-Mar-2012 10:27:42 +0100]: S: Invalid credentials >>[05-Mar-2012 10:27:42 +0100]: C: Close >>[05-Mar-2012 10:27:52 +0100]: C: Connect [localhost:389] >>[05-Mar-2012 10:27:52 +0100]: S: OK >>[05-Mar-2012 10:27:52 +0100]: C: Bind [dn: >>cn=mark,ou=private,ou=rcabook, >>dc=localhost] [pass: xxxx] >>[05-Mar-2012 10:27:52 +0100]: S: Invalid credentials >>[05-Mar-2012 10:27:52 +0100]: C: Add [dn: [email protected],cn=mark, >>ou=private,ou=rcabook,dc=localhost]: Array >>( >> [cn] => ssssssss sss >> [sn] => sss >> [givenname] => ssssssss >> [mail] => [email protected] >> [objectClass] => Array >> ( >> [0] => top >> [1] => inetOrgPerson >> ) >> >>) >> >>[05-Mar-2012 10:27:52 +0100]: S: Strong(er) authentication required >>[05-Mar-2012 10:27:52 +0100]: C: Close >>------------------------------------------------------------ >>config/main.inc.php >> >>$rcmail_config['ldap_public']['public'] = array( >> 'name' => 'Public LDAP Addressbook', >> 'hosts' => array('localhost'), >> 'use_tls' => false, >> 'ldap_version' => 3, // using LDAPv3 >> 'port' => 389, >> 'auth_method' => '', >> 'user_specific' => false, >> 'writable' => true, >> 'base_dn' => 'ou=public,ou=rcabook,dc=localhost', >> 'bind_dn' => 'cn=rcuser,ou=rcabook,dc=localhost', >> 'bind_pass' => 'rcpass', >> 'fieldmap' => array( >> 'name' => 'cn', >> 'surname' => 'sn', >> 'firstname' => 'givenName', >> 'email' => 'mail', >> 'phone:home' => 'homePhone', >> 'phone:work' => 'telephoneNumber', >> 'phone:mobile' => 'mobile', >> 'street' => 'street', >> 'zipcode' => 'postalCode', >> 'locality' => 'l', >> 'country' => 'c', >> 'organization' => 'o', >> ), >> 'LDAP_Object_Classes' => array('top', 'inetOrgPerson'), >> 'LDAP_rdn' => 'mail', >> 'required_fields' => array('cn', 'sn', 'mail'), >> 'filter' => '(objectClass=inetOrgPerson)', >> 'groups' => array( >> 'base_dn' => '', // in this Howto, the same base_dn as >>for the contacts is used >> 'filter' => '(objectClass=groupOfNames)', >> 'object_classes' => array("top", "groupOfNames"), >> ), >>); >> >>$rcmail_config['ldap_public']['private'] = array( >> 'name' => 'Private LDAP Addressbook', >> 'hosts' => array('localhost'), >> 'use_tls' => false, >> 'ldap_version' => 3, // using LDAPv3 >> 'port' => 389, >> 'auth_method' => '', >> 'user_specific' => true, >> 'writable' => true, >> 'base_dn' => 'cn=%u,ou=private,ou=rcabook,dc=localhost', >> 'bind_dn' => 'cn=%u,ou=private,ou=rcabook,dc=localhost', >> 'bind_pass' => '', // the user login password is used >> 'fieldmap' => array( >> 'name' => 'cn', >> 'surname' => 'sn', >> 'firstname' => 'givenName', >> 'email' => 'mail', >> 'phone:home' => 'homePhone', >> 'phone:work' => 'telephoneNumber', >> 'phone:mobile' => 'mobile', >> 'street' => 'street', >> 'zipcode' => 'postalCode', >> 'locality' => 'l', >> 'country' => 'c', >> 'organization' => 'o', >> ), >> 'LDAP_Object_Classes' => array('top', 'inetOrgPerson'), >> 'LDAP_rdn' => 'mail', >> 'required_fields' => array('cn', 'sn', 'mail'), >> 'filter' => '(objectClass=inetOrgPerson)', >> 'groups' => array( >> 'base_dn' => '', // in this Howto, the same base_dn as >>for the contacts is used >> 'filter' => '(objectClass=groupOfNames)', >> 'object_classes' => array("top", "groupOfNames"), >> ), >>); >> >>------------------------------------------- >>openldap/slapd.conf >> >># >># See slapd.conf(5) for details on configuration options. >># This file should NOT be world readable. >># >> >>include /etc/openldap/schema/corba.schema >>include /etc/openldap/schema/core.schema >>include /etc/openldap/schema/cosine.schema >>include /etc/openldap/schema/duaconf.schema >>include /etc/openldap/schema/dyngroup.schema >>include /etc/openldap/schema/inetorgperson.schema >>include /etc/openldap/schema/java.schema >>include /etc/openldap/schema/misc.schema >>include /etc/openldap/schema/nis.schema >>include /etc/openldap/schema/openldap.schema >>include /etc/openldap/schema/ppolicy.schema >>include /etc/openldap/schema/collective.schema >> >># Allow LDAPv2 client connections. This is NOT the default. >>allow bind_v2 >> >># Do not enable referrals until AFTER you have a working directory >># service AND an understanding of referrals. >>#referral ldap://root.openldap.org >> >>pidfile /var/run/openldap/slapd.pid >>argsfile /var/run/openldap/slapd.args >> >>SIZELIMIT 100000 >> >> >># >># if no access controls are present, the default policy >># allows anyone and everyone to read anything but restricts >># updates to rootdn. (e.g., "access to * by * read") >># >># rootdn can always read and write EVERYTHING! >> >>####################################################################### >># ldbm and/or bdb database definitions >>####################################################################### >> >>database bdb >>suffix "dc=localhost" >>checkpoint 1024 15 >>rootdn "cn=admin,dc=localhost" >># Cleartext passwords, especially for the rootdn, should >># be avoided. See slappasswd(8) and slapd.conf(5) for details. >># Use of strong authentication encouraged. >>rootpw {SSHA}xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx >> >># The database directory MUST exist prior to running slapd AND >># should only be accessible by the slapd and slap tools. >># Mode 700 recommended. >>directory /var/lib/ldap >> >># Indices to maintain for this database >>index objectClass eq,pres >>index ou,cn,mail,surname,givenname eq,pres,sub >>index uidNumber,gidNumber,loginShell eq,pres >>index uid,memberUid eq,pres,sub >>index nisMapName,nisMapEntry eq,pres,sub >> >># Replicas of this database >>#replogfile /var/lib/ldap/openldap-master-replog >>#replica host=ldap-1.example.com:389 starttls=critical >># bindmethod=sasl saslmech=GSSAPI >># authcId=host/[email protected] >> >> >># Grant the Roundcub user to create private users >>access to dn.one="ou=private,ou=rcabook,dc=localhost" >>attrs=userPassword >> by dn="cn=rcuser,ou=rcabook,dc=localhost" write >> by anonymous auth >> by self write >> by * none >> >># For user authentication and password change >>access to attrs=userPassword >> by dn="cn=admin,dc=localhost" write >> by anonymous auth >> by self write >> by * none >> >># Grant the Roundcube users access to their private addressbooks >>access to dn.regex="^.*cn=([^,]+),ou=private,ou=rcabook,dc=localhost$" >> by dn="cn=admin,dc=localhost" write >> by dn="cn=rcuser,ou=rcabook,dc=localhost" write >> by dn.exact,expand="cn=$1,ou=private,ou=rcabook,dc=localhost" write >> >># Grant the Roundcube user access to the whole addressbook >>access to dn.subtree="ou=rcabook,dc=localhost" >> by dn="cn=admin,dc=localhost" write >> by dn="cn=rcuser,ou=rcabook,dc=localhost" write >> >># For direcory access >>access to * >> by dn="cn=admin,dc=localhost" write >> >># enable monitoring >>database monitor >> >>----------------------------------------- > >-- >List info: http://lists.roundcube.net/users/ >BT/09979466 > _______________________________________________ Roundcube Users mailing list [email protected] http://lists.roundcube.net/mailman/listinfo/users
