Whats interesting is when I put in the wrong passwdord I get this
bash-2.04$ imtest -m login -a newuser localhost
C: C01 CAPABILITY
S: * OK octa8on Cyrus IMAP4 v2.0.12 server ready
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID
NO_ATOMIC_RENAME UNSELECT MULTIAPPEND SORT THREAD=ORDEREDSUBJECT
THREAD=REFERENCES IDLE X-NETSCAPE
S: C01 OK Completed
Password:
C: L01 LOGIN newuser {3}
+ go ahead
C: <omitted>
L01 NO Login failed: authentication failure
Authentication failed. generic failure
Security strength factor: 0
and in my /var/log/messages.
master[10299]: about to exec /usr/cyrus/bin/imapd
service-imapd[10299]: executed
imapd[10299]: accepted connection
slapd[8657]: daemon: conn=45 fd=7 connection from IP=127.0.0.1:34145
(IP=0.0.0.0:34049) accepted.
slapd[8657]: conn=45 op=0 BIND dn="" method=128
slapd[8657]: conn=45 op=0 RESULT tag=97 err=0 text=
slapd[8657]: conn=45 op=1 SRCH base="dc=banda,dc=cxm" scope=2
filter="(uid=newuser)"
slapd[8657]: conn=45 op=1 SEARCH RESULT tag=101 err=0 text=
slapd[8657]: conn=45 op=2 BIND dn="UID=NEWUSER,OU=PEOPLE,DC=BANDA,DC=CXM"
method=128
slapd[8657]: conn=45 op=2 RESULT tag=97 err=49 text=
imapd[10299]: pam_ldap: error trying to bind as user
"uid=newuser,ou=People,dc=banda,dc=cxm" (Invalid credentials)
slapd[8657]: conn=45 op=3 BIND dn="" method=128
slapd[8657]: conn=45 op=3 RESULT tag=97 err=0 text=
slapd[8657]: daemon: conn=46 fd=12 connection from IP=127.0.0.1:34146
(IP=0.0.0.0:34049) accepted.
slapd[8657]: conn=46 op=0 BIND dn="" method=128
slapd[8657]: conn=46 op=0 RESULT tag=97 err=0 text=
slapd[8657]: conn=46 op=1 SRCH base="dc=banda,dc=cxm" scope=2
filter="(&(objectClass=posixAccount)(uid=newuser))"
slapd[8657]: conn=46 op=1 SEARCH RESULT tag=101 err=0 text=
slapd[8657]: conn=46 op=2 SRCH base="dc=banda,dc=cxm" scope=2
filter="(&(objectClass=shadowAccount)(uid=newuser))"
slapd[8657]: conn=46 op=2 SEARCH RESULT tag=101 err=0 text=
PAM_unix[10299]: authentication failure; (uid=96) -> newuser for imap service
So we have a situation here that it probably does get the auth from pam-ldap
, because it can read the userPassword.
I'm open to suggestions. Anyone ?
Thanks in advance.
Chris
On Thursday 17 May 2001 05:04 pm, you wrote:
> I think it might be looking for userpassword.
> Check the configuration file in .../pam/ldap.conf - I did not see where
> it was configurable.
>
> You can do a ldapsearch to see if you can retrieve the info by UID.
> If you have configured slapd to not give read access to userpassword
> then you might try as superuser ldbmcat subject2id.dbm (the slapd
> database file).
>
> johnh...
>
> On Thu, 17 May 2001, Christien Bunting wrote:
> > Date: Thu, 17 May 2001 10:13:11 -0400
> > From: Christien Bunting <[EMAIL PROTECTED]>
> > To: [EMAIL PROTECTED]
> > Subject: Cyrus-Imap + Pam-Ldap
> >
> > Hi all.
> >
> > I'm trying to get this combination going.
> >
> > This is what I get when Itry the imtest
> >
> > bash-2.04$ imtest -m login -a newuser localhost
> > C: C01 CAPABILITY
> > S: * OK octa8on Cyrus IMAP4 v2.0.12 server ready
> > S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID
> > NO_ATOMIC_RENAME UNSELECT MULTIAPPEND SORT THREAD=ORDEREDSUBJECT
> > THREAD=REFERENCES IDLE X-NETSCAPE
> > S: C01 OK Completed
> > Password:
> > C: L01 LOGIN newuser {6}
> > + go ahead
> > C: <omitted>
> > failure: prot layer failure
> >
> > Im my /var/log/messages I get this :
> >
> > master[9707]: about to exec /usr/cyrus/bin/imapd
> > service-imapd[9707]: executed
> > imapd[9707]: accepted connection
> > slapd[8657]: daemon: conn=32 fd=7 connection from IP=127.0.0.1:33787
> > (IP=0.0.0.0:34049) accepted.
> > slapd[8657]: conn=32 op=0 BIND dn="" method=128
> > slapd[8657]: conn=32 op=0 RESULT tag=97 err=0 text=
> > slapd[8657]: conn=32 op=1 SRCH base="dc=banda,dc=cxm" scope=2
> > filter="(uid=newuser)"
> > slapd[8657]: conn=32 op=1 SEARCH RESULT tag=101 err=0 text=
> > slapd[8657]: conn=32 op=2 BIND dn="UID=NEWUSER,OU=PEOPLE,DC=BANDA,DC=CXM"
> > method=128
> > slapd[8657]: conn=32 op=2 RESULT tag=97 err=0 text=
> > slapd[8657]: conn=32 op=3 BIND dn="" method=128
> > slapd[8657]: conn=32 op=3 RESULT tag=97 err=0 text=
> > slapd[8657]: conn=32 op=4 UNBIND
> > slapd[8657]: conn=-1 fd=7 closed
> > master[1124]: process 9707 exited, signaled to death by 11
> >
> >
> > Now it looks to me like it found that account NEWUSER , but it cant get
> > the passwd.
> >
> > Does anyone have any experience with configuring pam-ldap ? I have
> > nss-ldap working well and it uses the rootdn, some how I dont know why
> > pam-ldap doesnt.
> >
> > If I'm wrong and you know whats happenning please do shed some insight.
> >
> > Thanks
> >
> > --
> > Christien Bunting
> >
> > Bunting and Associates
> > The Linux Professionals in The Caribbean
> > http://linux.co.tt [EMAIL PROTECTED]
> >
> > Kmail the Best Mail User Agent
--
Christien Bunting
Bunting and Associates
The Linux Professionals in The Caribbean
http://linux.co.tt [EMAIL PROTECTED]
Kmail the Best Mail User Agent
