[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: LDAP authentication problem
- To: ldap_list <openldap-software@OpenLDAP.org>
- Subject: Re: LDAP authentication problem
- From: Miguel Carvalho <mvieira@ipp.pt>
- Date: Thu, 15 Mar 2001 16:13:57 +0000
- References: <005201c0ad64$3ced3f90$460897c2@avtest.dev>
Alexander Brinkman wrote:
> > /etc/nsswitch.conf file
>
> > passwd: files ldap
> > shadow: files ldap
> > group: files ldap
>
> This configuration suggests that LDAP is used for authentication (through
> PAM), and that user information is still stored in the /etc/blahblah files
> (/etc/passwd & co.). It should work though. Do you check your mail with the
> same username that you also use to login or ftp with?
Yes, it's the same.
>
> Also: does it work when you use pop3?
I have not tested yet, but i will try it.
>
> Perhaps you should enable debugging in openldap. To do this, modify the
> script with which you start openldap, and add -s -1 to the commandline. This
> will tell openldap to debug EVERYTHING. Then tail -f /var/log/ldap.log (or
> whereever the log is stored).
> Watch it: openldap will generate A LOT of debug output in this mode, so be
> prepared for it. Your computer may slow down to a crawl! Also there will be
> a lot of output to the console, so you'll problably are not going to see all
> with tail -f. Use vi (or whatever editor you like) to check afterwards.
>
> Things to look at: does the openldap server get's queried when you login
> with imap? If so, which uids are used (or which dn's)?
>
The server is queried. But the reason it gives for the fail is kind a triky.
The log info a get on maillog file is:
Mar 15 15:48:05 projecto2 imapd[1193]: imap service init from 10.0.3.4
Mar 15 15:48:05 projecto2 imapd[1193]: pam_ldap: error trying to bind as user
"uid=teste_ldap,ou=People,o=idt.ipp.pt" (Invalid credentials)
Mar 15 15:48:29 projecto2 imapd[1193]: AUTHENTICATE LOGIN failure
host=[10.0.3.4]
Mar 15 15:48:29 projecto2 imapd[1193]: pam_ldap: error trying to bind as user
"uid=teste_ldap,ou=People,o=idt.ipp.pt" (Invalid credentials)
Mar 15 15:48:48 projecto2 imapd[1193]: AUTHENTICATE LOGIN failure
host=[10.0.3.4]
Mar 15 15:48:54 projecto2 imapd[1193]: Logout user=teste_ldap host=[10.0.3.4]
It seams, the password or user is invalid, but it isn't.
I loggedin in gq as BIND DN: uid=teste_ldap,ou=People,o=idt.ipp.pt, and
password dn = to the user password.
Isn't it strange?
Miguel