[RCU] Ldap Addressbook : problem for credentials in private addressbook

Andreas Dick andudi at gmx.ch
Mon Mar 5 14:09:07 CET 2012


Hei
I am i ski hollydays and have not my setup in front.

Your setup seems ok, but can you try to connect with ldapsearch on the commandline?
Another try could be to switch on logging in slapd.conf
Ldap.conf is not used by server but by clients like ldapsearch...

Andreas



"kaifamm at libero.it" <kaifamm at libero.it> schrieb:

>Hi All,
>
>I configured the ldap server and roundcube to manage contacts. I used
>the 
>howto : http://trac.roundcube.net/wiki/Howto_Ldap. It work quite, I
>have only  
>a problem for credentials in private addressbook. The public
>addressbook works 
>fine, I can search and add contacts. 
>
>I checked the Mark's password and it is correct. I tried to use rootpw
>but it 
>doesn't works.
>
>My versions are :
>openldap-servers-2.4.19-6
>php-5.3.3-1
>roundcube  0.7.1
>
>I report the error in ldap log of rouncube, my slapd.conf and my
>main.inc.php.
>
>Thanks a lot 
>
>Mark
>
>--------------------------------
>logs/ldap :
>
>[05-Mar-2012 10:09:01 +0100]: C: Connect [localhost:389]
>[05-Mar-2012 10:09:01 +0100]: S: OK
>[05-Mar-2012 10:09:01 +0100]: C: Bind [dn:
>cn=mark,ou=private,ou=rcabook,
>dc=localhost] [pass: xxxx]
>[05-Mar-2012 10:09:01 +0100]: S: Invalid credentials
>[05-Mar-2012 10:09:01 +0100]: C: Close
>
>
>[05-Mar-2012 10:14:24 +0100]: C: Connect [localhost:389]
>[05-Mar-2012 10:14:24 +0100]: S: OK
>[05-Mar-2012 10:14:24 +0100]: C: Bind [dn:
>cn=mark,ou=private,ou=rcabook,
>dc=localhost] [pass: xxxx]
>[05-Mar-2012 10:14:24 +0100]: S: Invalid credentials
>[05-Mar-2012 10:14:24 +0100]: C: Close
>[05-Mar-2012 10:27:42 +0100]: C: Connect [localhost:389]
>[05-Mar-2012 10:27:42 +0100]: S: OK
>[05-Mar-2012 10:27:42 +0100]: C: Bind [dn:
>cn=mark,ou=private,ou=rcabook,
>dc=localhost] [pass: xxxx]
>[05-Mar-2012 10:27:42 +0100]: S: Invalid credentials
>[05-Mar-2012 10:27:42 +0100]: C: Close
>[05-Mar-2012 10:27:52 +0100]: C: Connect [localhost:389]
>[05-Mar-2012 10:27:52 +0100]: S: OK
>[05-Mar-2012 10:27:52 +0100]: C: Bind [dn:
>cn=mark,ou=private,ou=rcabook,
>dc=localhost] [pass: xxxx]
>[05-Mar-2012 10:27:52 +0100]: S: Invalid credentials
>[05-Mar-2012 10:27:52 +0100]: C: Add [dn: mail=ssssss at iiii.uu,cn=mark,
>ou=private,ou=rcabook,dc=localhost]: Array
>(
>    [cn] => ssssssss sss
>    [sn] => sss
>    [givenname] => ssssssss
>    [mail] => ssssss at iiii.uu
>    [objectClass] => Array
>        (
>            [0] => top
>            [1] => inetOrgPerson
>        )
>
>)
>
>[05-Mar-2012 10:27:52 +0100]: S: Strong(er) authentication required
>[05-Mar-2012 10:27:52 +0100]: C: Close
>------------------------------------------------------------
>config/main.inc.php
>
>$rcmail_config['ldap_public']['public'] = array(
>    'name'              => 'Public LDAP Addressbook',
>    'hosts'              => array('localhost'),
>    'use_tls'         => false,
>    'ldap_version'  => 3,       // using LDAPv3
>    'port'                => 389,
>    'auth_method'    => '',
>    'user_specific' => false,
>    'writable'     => true,
>    'base_dn'         => 'ou=public,ou=rcabook,dc=localhost',
>    'bind_dn'          => 'cn=rcuser,ou=rcabook,dc=localhost',
>    'bind_pass'      => 'rcpass',
>    'fieldmap' => array(
>         'name'        => 'cn',
>         'surname'     => 'sn',
>         'firstname'   => 'givenName',
>         'email'       => 'mail',
>         'phone:home'  => 'homePhone',
>         'phone:work'  => 'telephoneNumber',
>         'phone:mobile' => 'mobile',
>         'street'      => 'street',
>         'zipcode'     => 'postalCode',
>         'locality'    => 'l',
>         'country'     => 'c',
>         'organization' => 'o',
>    ),
>    'LDAP_Object_Classes' => array('top', 'inetOrgPerson'),
>    'LDAP_rdn'       => 'mail',
>    'required_fields' => array('cn', 'sn', 'mail'),
>    'filter'              => '(objectClass=inetOrgPerson)',
>    'groups'           => array(
>  'base_dn'           => '',     // in this Howto, the same base_dn as 
>for the contacts is used
>        'filter'                 => '(objectClass=groupOfNames)',
>        'object_classes' => array("top", "groupOfNames"),
>  ),
>);
>
>$rcmail_config['ldap_public']['private'] = array(
>    'name'              => 'Private LDAP Addressbook',
>    'hosts'              => array('localhost'),
>    'use_tls'         => false,
>    'ldap_version'  => 3,       // using LDAPv3
>    'port'                => 389,
>    'auth_method'    => '',
>    'user_specific' => true,
>    'writable'     => true,
>    'base_dn'         => 'cn=%u,ou=private,ou=rcabook,dc=localhost',
>    'bind_dn'          => 'cn=%u,ou=private,ou=rcabook,dc=localhost',
>    'bind_pass'      => '',   // the user login password is used
>    'fieldmap' => array(
>         'name'        => 'cn',
>         'surname'     => 'sn',
>         'firstname'   => 'givenName',
>         'email'       => 'mail',
>         'phone:home'  => 'homePhone',
>         'phone:work'  => 'telephoneNumber',
>         'phone:mobile' => 'mobile',
>         'street'      => 'street',
>         'zipcode'     => 'postalCode',
>         'locality'    => 'l',
>         'country'     => 'c',
>         'organization' => 'o',
>    ),
>    'LDAP_Object_Classes' => array('top', 'inetOrgPerson'),
>    'LDAP_rdn'       => 'mail',
>    'required_fields' => array('cn', 'sn', 'mail'),
>    'filter'              => '(objectClass=inetOrgPerson)',
>    'groups'           => array(
>  'base_dn'           => '',     // in this Howto, the same base_dn as 
>for the contacts is used
>        'filter'                 => '(objectClass=groupOfNames)',
>        'object_classes' => array("top", "groupOfNames"),
>  ),
>);
>
>-------------------------------------------
>openldap/slapd.conf
>
>#
># See slapd.conf(5) for details on configuration options.
># This file should NOT be world readable.
>#
>
>include		/etc/openldap/schema/corba.schema
>include		/etc/openldap/schema/core.schema
>include		/etc/openldap/schema/cosine.schema
>include		/etc/openldap/schema/duaconf.schema
>include		/etc/openldap/schema/dyngroup.schema
>include		/etc/openldap/schema/inetorgperson.schema
>include		/etc/openldap/schema/java.schema
>include		/etc/openldap/schema/misc.schema
>include		/etc/openldap/schema/nis.schema
>include		/etc/openldap/schema/openldap.schema
>include		/etc/openldap/schema/ppolicy.schema
>include		/etc/openldap/schema/collective.schema
>
># Allow LDAPv2 client connections.  This is NOT the default.
>allow bind_v2
>
># Do not enable referrals until AFTER you have a working directory
># service AND an understanding of referrals.
>#referral	ldap://root.openldap.org
>
>pidfile		/var/run/openldap/slapd.pid
>argsfile	/var/run/openldap/slapd.args
>
>SIZELIMIT       100000
>
>
>#
># if no access controls are present, the default policy
># allows anyone and everyone to read anything but restricts
># updates to rootdn.  (e.g., "access to * by * read")
>#
># rootdn can always read and write EVERYTHING!
>
>#######################################################################
># ldbm and/or bdb database definitions
>#######################################################################
>
>database	bdb
>suffix          "dc=localhost"
>checkpoint	1024 15
>rootdn          "cn=admin,dc=localhost"
># Cleartext passwords, especially for the rootdn, should
># be avoided.  See slappasswd(8) and slapd.conf(5) for details.
># Use of strong authentication encouraged.
>rootpw		{SSHA}xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>
># The database directory MUST exist prior to running slapd AND 
># should only be accessible by the slapd and slap tools.
># Mode 700 recommended.
>directory	/var/lib/ldap
>
># Indices to maintain for this database
>index objectClass                       eq,pres
>index ou,cn,mail,surname,givenname      eq,pres,sub
>index uidNumber,gidNumber,loginShell    eq,pres
>index uid,memberUid                     eq,pres,sub
>index nisMapName,nisMapEntry            eq,pres,sub
>
># Replicas of this database
>#replogfile /var/lib/ldap/openldap-master-replog
>#replica host=ldap-1.example.com:389 starttls=critical
>#     bindmethod=sasl saslmech=GSSAPI
>#     authcId=host/ldap-master.example.com at EXAMPLE.COM
>
>
># Grant the Roundcub user to create private users
>access to dn.one="ou=private,ou=rcabook,dc=localhost"
>attrs=userPassword
>        by dn="cn=rcuser,ou=rcabook,dc=localhost" write
>        by anonymous auth
>        by self write
>        by * none
>
># For user authentication and password change
>access to attrs=userPassword
>        by dn="cn=admin,dc=localhost" write
>        by anonymous auth
>        by self write
>        by * none
>
># Grant the Roundcube users access to their private addressbooks
>access to dn.regex="^.*cn=([^,]+),ou=private,ou=rcabook,dc=localhost$"
>        by dn="cn=admin,dc=localhost" write
>        by dn="cn=rcuser,ou=rcabook,dc=localhost" write
>    by dn.exact,expand="cn=$1,ou=private,ou=rcabook,dc=localhost" write
>
># Grant the Roundcube user access to the whole addressbook
>access to dn.subtree="ou=rcabook,dc=localhost"
>        by dn="cn=admin,dc=localhost" write
>        by dn="cn=rcuser,ou=rcabook,dc=localhost" write
>
># For direcory access
>access to *
>        by dn="cn=admin,dc=localhost" write
>
># enable monitoring
>database monitor
>
>-----------------------------------------

-- 
List info: http://lists.roundcube.net/users/
BT/9b404e9e



More information about the users mailing list