[KLUG Members] debug ldap failure
Adam Williams
members@kalamazoolinux.org
Wed, 10 Dec 2003 09:38:52 -0500
> >>I wanted to start playing with my ldap goals and found this nice article
> >>on ldap and exim...it's just something to start playing with at the moment.
> >I don't know anything about exim, but if you've seen one MTA you've
> >seen 'em all.
> >>I have courier and ldap set up. I managed to add a user and set up the
> >>users mailbox. Once you have courier set up to authenticate to ldap the
> >>instructions have a line to test telnetting in with the ldap account,
> >>which is failing.
> >Is courier calling out to PAM, using saslauthd's direct LDAP support, or
> >attempting to perform it's own bind test?
Can you perform a bind using "ldapsearch"?
ldapsearch -a never -b "o=Morrison Industries,c=US" -D "cn=Adam
Williams,ou=People,o=Morrison Industries,c=US" -h littleboy -x -w
******** uid=adam
> It is using its own bind. It is set up in the courier config. I set up
> the authdaemon config to use ldap authentication.
> ##NAME: authmodulelist:0
> #
> # The authentication modules that are linked into authdaemond. The
> # default list is installed. You may selectively disable modules simply
> # by removing them from the following list. The available modules you
> # can use are: authcustom authcram authuserdb authldap authpgsql
> authmysql authp
> #authmodulelist="authpam"
> authmodulelist="authldap"
Assuming this is really doing the same thing as saslauthd does (probably
just less efficiently).
> Then in the authldaprc file there is:
> # Location of your LDAP server:
> LDAP_SERVER localhost
> LDAP_PORT 389
> ##NAME: LDAP_BASEDN:0
> #
> # Look for authentication here:
> LDAP_BASEDN dc=home,dc=ricksweb,dc=com
> LDAP_BINDPW kakcMyHc7D2pW2O4OjlG8Q/9lqJJkNxF
Why on earth does it need bind credentials to authenticate users? And
you have a binding password but no bind dn. I don't know anything about
Courier, but this smells funny.
> >Do you see anything in /var/log/messages or maillog from courier about
> >why it thinks the authentication failed? I know that cyrus imapd puts
> >out rather helpful messages (truly shocking!).
> All I get in both mail.log and mail.err is:
> Dec 9 18:45:36 debian imaplogin: LOGOUT, ip=[::ffff:127.0.0.1]
Nothing in /var/log/secure?