[RCU] Ldap Addressbook : problem for credentials in private addressbook

kaifamm at libero.it kaifamm at libero.it
Mon Mar 5 10:52:20 CET 2012


Hi All,

   I configured the ldap server and roundcube to manage contacts. I used the 
howto : http://trac.roundcube.net/wiki/Howto_Ldap. It work quite, I have only  
a problem for credentials in private addressbook. The public addressbook works 
fine, I can search and add contacts. 

I checked the Mark's password and it is correct. I tried to use rootpw but it 
doesn't works.

My versions are :
openldap-servers-2.4.19-6
php-5.3.3-1
roundcube  0.7.1

I report the error in ldap log of rouncube, my slapd.conf and my main.inc.php.

Thanks a lot 

Mark

--------------------------------
logs/ldap :

[05-Mar-2012 10:09:01 +0100]: C: Connect [localhost:389]
[05-Mar-2012 10:09:01 +0100]: S: OK
[05-Mar-2012 10:09:01 +0100]: C: Bind [dn: cn=mark,ou=private,ou=rcabook,
dc=localhost] [pass: xxxx]
[05-Mar-2012 10:09:01 +0100]: S: Invalid credentials
[05-Mar-2012 10:09:01 +0100]: C: Close


[05-Mar-2012 10:14:24 +0100]: C: Connect [localhost:389]
[05-Mar-2012 10:14:24 +0100]: S: OK
[05-Mar-2012 10:14:24 +0100]: C: Bind [dn: cn=mark,ou=private,ou=rcabook,
dc=localhost] [pass: xxxx]
[05-Mar-2012 10:14:24 +0100]: S: Invalid credentials
[05-Mar-2012 10:14:24 +0100]: C: Close
[05-Mar-2012 10:27:42 +0100]: C: Connect [localhost:389]
[05-Mar-2012 10:27:42 +0100]: S: OK
[05-Mar-2012 10:27:42 +0100]: C: Bind [dn: cn=mark,ou=private,ou=rcabook,
dc=localhost] [pass: xxxx]
[05-Mar-2012 10:27:42 +0100]: S: Invalid credentials
[05-Mar-2012 10:27:42 +0100]: C: Close
[05-Mar-2012 10:27:52 +0100]: C: Connect [localhost:389]
[05-Mar-2012 10:27:52 +0100]: S: OK
[05-Mar-2012 10:27:52 +0100]: C: Bind [dn: cn=mark,ou=private,ou=rcabook,
dc=localhost] [pass: xxxx]
[05-Mar-2012 10:27:52 +0100]: S: Invalid credentials
[05-Mar-2012 10:27:52 +0100]: C: Add [dn: mail=ssssss at iiii.uu,cn=mark,
ou=private,ou=rcabook,dc=localhost]: Array
(
    [cn] => ssssssss sss
    [sn] => sss
    [givenname] => ssssssss
    [mail] => ssssss at iiii.uu
    [objectClass] => Array
        (
            [0] => top
            [1] => inetOrgPerson
        )

)

[05-Mar-2012 10:27:52 +0100]: S: Strong(er) authentication required
[05-Mar-2012 10:27:52 +0100]: C: Close
------------------------------------------------------------
config/main.inc.php

$rcmail_config['ldap_public']['public'] = array(
    'name'              => 'Public LDAP Addressbook',
    'hosts'              => array('localhost'),
    'use_tls'         => false,
    'ldap_version'  => 3,       // using LDAPv3
    'port'                => 389,
    'auth_method'    => '',
    'user_specific' => false,
    'writable'     => true,
    'base_dn'         => 'ou=public,ou=rcabook,dc=localhost',
    'bind_dn'          => 'cn=rcuser,ou=rcabook,dc=localhost',
    'bind_pass'      => 'rcpass',
    'fieldmap' => array(
         'name'        => 'cn',
         'surname'     => 'sn',
         'firstname'   => 'givenName',
         'email'       => 'mail',
         'phone:home'  => 'homePhone',
         'phone:work'  => 'telephoneNumber',
         'phone:mobile' => 'mobile',
         'street'      => 'street',
         'zipcode'     => 'postalCode',
         'locality'    => 'l',
         'country'     => 'c',
         'organization' => 'o',
    ),
    'LDAP_Object_Classes' => array('top', 'inetOrgPerson'),
    'LDAP_rdn'       => 'mail',
    'required_fields' => array('cn', 'sn', 'mail'),
    'filter'              => '(objectClass=inetOrgPerson)',
    'groups'           => array(
        'base_dn'           => '',     // in this Howto, the same base_dn as 
for the contacts is used
        'filter'                 => '(objectClass=groupOfNames)',
        'object_classes' => array("top", "groupOfNames"),
  ),
);

$rcmail_config['ldap_public']['private'] = array(
    'name'              => 'Private LDAP Addressbook',
    'hosts'              => array('localhost'),
    'use_tls'         => false,
    'ldap_version'  => 3,       // using LDAPv3
    'port'                => 389,
    'auth_method'    => '',
    'user_specific' => true,
    'writable'     => true,
    'base_dn'         => 'cn=%u,ou=private,ou=rcabook,dc=localhost',
    'bind_dn'          => 'cn=%u,ou=private,ou=rcabook,dc=localhost',
    'bind_pass'      => '',   // the user login password is used
    'fieldmap' => array(
         'name'        => 'cn',
         'surname'     => 'sn',
         'firstname'   => 'givenName',
         'email'       => 'mail',
         'phone:home'  => 'homePhone',
         'phone:work'  => 'telephoneNumber',
         'phone:mobile' => 'mobile',
         'street'      => 'street',
         'zipcode'     => 'postalCode',
         'locality'    => 'l',
         'country'     => 'c',
         'organization' => 'o',
    ),
    'LDAP_Object_Classes' => array('top', 'inetOrgPerson'),
    'LDAP_rdn'       => 'mail',
    'required_fields' => array('cn', 'sn', 'mail'),
    'filter'              => '(objectClass=inetOrgPerson)',
    'groups'           => array(
        'base_dn'           => '',     // in this Howto, the same base_dn as 
for the contacts is used
        'filter'                 => '(objectClass=groupOfNames)',
        'object_classes' => array("top", "groupOfNames"),
  ),
);

-------------------------------------------
openldap/slapd.conf

#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#

include		/etc/openldap/schema/corba.schema
include		/etc/openldap/schema/core.schema
include		/etc/openldap/schema/cosine.schema
include		/etc/openldap/schema/duaconf.schema
include		/etc/openldap/schema/dyngroup.schema
include		/etc/openldap/schema/inetorgperson.schema
include		/etc/openldap/schema/java.schema
include		/etc/openldap/schema/misc.schema
include		/etc/openldap/schema/nis.schema
include		/etc/openldap/schema/openldap.schema
include		/etc/openldap/schema/ppolicy.schema
include		/etc/openldap/schema/collective.schema

# Allow LDAPv2 client connections.  This is NOT the default.
allow bind_v2

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral	ldap://root.openldap.org

pidfile		/var/run/openldap/slapd.pid
argsfile	/var/run/openldap/slapd.args

SIZELIMIT       100000


#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn.  (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!

#######################################################################
# ldbm and/or bdb database definitions
#######################################################################

database	bdb
suffix          "dc=localhost"
checkpoint	1024 15
rootdn          "cn=admin,dc=localhost"
# Cleartext passwords, especially for the rootdn, should
# be avoided.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw		{SSHA}xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

# The database directory MUST exist prior to running slapd AND 
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory	/var/lib/ldap

# Indices to maintain for this database
index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub

# Replicas of this database
#replogfile /var/lib/ldap/openldap-master-replog
#replica host=ldap-1.example.com:389 starttls=critical
#     bindmethod=sasl saslmech=GSSAPI
#     authcId=host/ldap-master.example.com at EXAMPLE.COM


# Grant the Roundcub user to create private users
access to dn.one="ou=private,ou=rcabook,dc=localhost" attrs=userPassword
        by dn="cn=rcuser,ou=rcabook,dc=localhost" write
        by anonymous auth
        by self write
        by * none

# For user authentication and password change
access to attrs=userPassword
        by dn="cn=admin,dc=localhost" write
        by anonymous auth
        by self write
        by * none

# Grant the Roundcube users access to their private addressbooks
access to dn.regex="^.*cn=([^,]+),ou=private,ou=rcabook,dc=localhost$"
        by dn="cn=admin,dc=localhost" write
        by dn="cn=rcuser,ou=rcabook,dc=localhost" write
        by dn.exact,expand="cn=$1,ou=private,ou=rcabook,dc=localhost" write

# Grant the Roundcube user access to the whole addressbook
access to dn.subtree="ou=rcabook,dc=localhost"
        by dn="cn=admin,dc=localhost" write
        by dn="cn=rcuser,ou=rcabook,dc=localhost" write

# For direcory access
access to *
        by dn="cn=admin,dc=localhost" write

# enable monitoring
database monitor

-----------------------------------------
openldap/ldap.conf

#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

#BASE	dc=example,dc=com
#URI	ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT	12
#TIMELIMIT	15
#DEREF		never
URI ldap://127.0.0.1/
BASE dc=localhost
TLS_REQCERT never
TLS_CACERTDIR /etc/openldap/cacerts


-- 
List info: http://lists.roundcube.net/users/
BT/9b404e9e



More information about the users mailing list