On 1/31/07, Claudio Jeker <jeker@n-r-g.com> wrote:
On Tue, Jan 30, 2007 at 04:46:48PM +0200, Scott Ryan wrote:
> Hi I am implementing SMTPAUTH and what I have found is that authentication
> is constantly failing. However, the user can pop their account without any
> problems with the same username and password.
>
> When I debugged my ldap logs I found the following:
>
> Jan 30 16:28:11 himalia slapd2.3[2753]: conn=17962824 fd=46 ACCEPT from
> IP=
192.168.223.100:47944 (IP=0.0.0.0:389)
> Jan 30 16:28:11 himalia slapd2.3[2753]: conn=17962824 op=0 BIND dn=""
> method=128
> Jan 30 16:28:11 himalia slapd2.3[2753]: conn=17962824 op=0 RESULT tag=97
> err=0
> text=
> Jan 30 16:28:11 himalia slapd2.3[2753]: conn=17962824 op=1 SRCH
> base="ou=mail,dc=cybertrade,dc=co,dc=za,dc=isp" scope=2 deref=0
> filter="(uid=gareth1)"
> Jan 30 16:28:11 himalia slapd2.3[2753]: conn=17962824 op=1 SRCH
> attr=accountStatus userPassword
> Jan 30 16:28:11 himalia slapd2.3[2753]: conn=17962824 op=1 SEARCH RESULT
> tag=101 err=0 nentries=0 text=
> Jan 30 16:28:11 himalia slapd2.3[2753]: conn=17962824 op=2 UNBIND
> Jan 30 16:28:11 himalia slapd2.3[2753]: conn=17962824 fd=46 closed
>
> Why is SMTP-AUTH binding with a blank dn?
> I thought that it should be binding with the dn stored in the ldaplogin
> control file
>
> # cd /var/qmail/control/
> [miranda:/var/qmail/control]# cat ldaplogin
> cn=qmail,dc=cybertrade,dc=co,dc=za,dc=isp
>
> the userPassword attribute is not readable anonomously and therefore causing
> the failed authentication.
>
> Is this a bug or have I missed something completely here?
>
Check your file permissions. auth_smtp tries to read ~control/ldappassword if
that fails it tries to bind anonymously. auth_smtp is run under the same
user as qmail-smtpd so it is possible that you need to change file
permissions.
--
:wq Claudio
Yep, that was the issue. Many thanks.
slr
|