[RCU] R: Re: R: Re: Ldap Addressbook : problem for credentials in private addressbook

kaifamm at libero.it kaifamm at libero.it
Tue Mar 6 09:59:26 CET 2012


Hi,

    Thank you for the tips !!!! 

     I found the solution !!!!!!!! Yes in the script rcabook-setup.sh there is 
not the creation of single users for private addressbook !!! 

So I made a script ( rc_create_user.sh) that create users in ldap server for 
private addressbook. This script must run for each ldap users.  

#!/bin/bash
# Parameters : USER PASSWORD 
# example : rc_create_user.sh mark xxxx
#
#------------ parameters    start --------------------------------
if [ $# -lt 2 ] ; then
    echo "ERROR - Number of parameters is wrong. Example: rc_create_user.sh 
user password"
    exit 1
fi

abook_user=$1;
abook_pass=$2;
#------------ parameters    end   --------------------------------

#------------ configuration start --------------------------------
server="ldap://localhost:389";
suffix="dc=localhost";
rootdn="cn=admin,$suffix";

abook_name="rcabook";

subdir_public="public";
subdir_private="private";

base_dn="ou=$subdir_private,ou=$abook_name,$suffix";
bind_dn="cn=$abook_user,$base_dn";
bind_pass="$abook_pass";
#------------ configuration end --------------------------------

echo "
dn: $bind_dn
cn: $abook_user
userPassword: `slappasswd -s $abook_pass`
objectClass: organizationalRole
objectClass: simpleSecurityObject
" | ldapadd -x -c -H $server -D $rootdn -W 2> /dev/null ||
  { echo "ERROR-unable to create user!"; exit 1; };
 


>----Messaggio originale----
>Da: andudi at gmx.ch
>Data: 05/03/2012 20.03
>A: "kaifamm at libero.it"<kaifamm at libero.it>, "Roundcube Users mailing list"
<users at lists.roundcube.net>
>Ogg: Re: [RCU]	R: Re: Ldap Addressbook : problem for credentials in	private	
addressbook
>
>Well. the script was written before private abooks was added... ACL is not 
checked for that yet
>But have you created the user? Can you show the output of ldapsearch?
>I have not yet scanned yor slapd log... will do that at home
>
>Andreas
>
>
>
>"kaifamm at libero.it" <kaifamm at libero.it> schrieb:
>
>>Hi All,
>>
>>   thanks for the answers !!!
>>
>>I made other tests :
>>
>>If I try this :  ldapsearch -xLLL -H ldap://localhost:389 -D cn=rcuser,
>>ou=rcabook,dc=localhost -w rcpass -b ou=rcabook,dc=localhost
>>it works fine.
>>
>>If I try this : ldapsearch -xLLL -H ldap://localhost:389 -D  cn=mark,
>>ou=private,ou=rcabook,dc=localhost  -w xxxx
>>It answer : ldap_bind: Invalid credentials (49),
>>so I think that there is an ACL problem.
>>
>>I think that there is an error in the script rcabook-setup.sh.
>>
>>I did run and run again  the script rcabook-setup.sh, it doesn't return
>>errors  and it said :
>>The LDAP addressbook is ready now for using:
>>  base_dn: ou=rcabook,dc=localhost
>>  bind_dn: cn=rcuser,ou=rcabook,dc=localhost
>> 
>>Use the following command for reading and checking your setup:
>>  ldapsearch -xLLL -H ldap://localhost:389 -D cn=rcuser,ou=rcabook,
>>dc=localhost -w rcpass -b ou=rcabook,dc=localhost
>>
>>I report my ldap.log with the debug of ldap server :
>>
>>daemon: activity on:
>>slap_listener_activate(7):
>>daemon: epoll: listen=7 busy
>>daemon: epoll: listen=8 active_threads=0 tvp=zero
>>>>> slap_listener(ldap:///)
>>daemon: listen=7, new connection on 13
>>daemon: activity on 1 descriptor
>>daemon: activity on:
>>daemon: epoll: listen=7 active_threads=0 tvp=zero
>>daemon: epoll: listen=8 active_threads=0 tvp=zero
>>daemon: added 13r (active) listener=(nil)
>>daemon: activity on 1 descriptor
>>conn=21 fd=13 ACCEPT from IP=127.0.0.1:45320 (IP=0.0.0.0:389)
>>daemon: activity on: 13r
>>daemon: read active on 13
>>daemon: epoll: listen=7 active_threads=0 tvp=zero
>>connection_get(13)
>>daemon: epoll: listen=8 active_threads=0 tvp=zero
>>connection_get(13): got connid=21
>>connection_read(13): checking for input on id=21
>>ber_get_next
>>ldap_read: want=8, got=8
>>0000:  30 84 00 00 00 3e 02 01                            0....>..     
>>   
>>ldap_read: want=60, got=60
>>0000:  01 60 84 00 00 00 35 02  01 03 04 2a 63 6e 3d 6d  
>>.`....5....*cn=m 
>>0010:  61 72 6b 2c 6f 75 3d 70  72 69 76 61 74 65 2c 6f  
>>ark,ou=private,o 
>>0020:  75 3d 72 63 61 62 6f 6f  6b 2c 64 63 3d 6c 6f 63  
>>u=rcabook,dc=loc 
>>0030:  61 6c 68 6f 73 74 80 04  78 78 78 78               alhost..xxxx 
>>   
>>ber_get_next: tag 0x30 len 62 contents:
>>ber_dump: buf=0xa0b040a8 ptr=0xa0b040a8 end=0xa0b040e6 len=62
>>0000:  02 01 01 60 84 00 00 00  35 02 01 03 04 2a 63 6e  
>>...`....5....*cn 
>>0010:  3d 6d 61 72 6b 2c 6f 75  3d 70 72 69 76 61 74 65  
>>=mark,ou=private 
>>0020:  2c 6f 75 3d 72 63 61 62  6f 6f 6b 2c 64 63 3d 6c  
>>,ou=rcabook,dc=l 
>>0030:  6f 63 61 6c 68 6f 73 74  80 04 78 78 78 78        
>>ocalhost..xxxx   
>>op tag 0x60, time 1330963449
>>ber_get_next
>>ldap_read: want=8 error=Resource temporarily unavailable
>>conn=21 op=0 do_bind
>>ber_scanf fmt ({imt) ber:
>>ber_dump: buf=0xa0b040a8 ptr=0xa0b040ab end=0xa0b040e6 len=59
>>0000:  60 84 00 00 00 35 02 01  03 04 2a 63 6e 3d 6d 61  
>>`....5....*cn=ma 
>>0010:  72 6b 2c 6f 75 3d 70 72  69 76 61 74 65 2c 6f 75  
>>rk,ou=private,ou 
>>0020:  3d 72 63 61 62 6f 6f 6b  2c 64 63 3d 6c 6f 63 61  
>>=rcabook,dc=loca 
>>0030:  6c 68 6f 73 74 80 04 78  78 78 78                  lhost..xxxx  
>>   
>>ber_scanf fmt (m}) ber:
>>ber_dump: buf=0xa0b040a8 ptr=0xa0b040e0 end=0xa0b040e6 len=6
>>0000:  00 04 78 78 78 78                                  ..xxxx       
>>   
>>>>> dnPrettyNormal: <cn=mark,ou=private,ou=rcabook,dc=localhost>
>>=> ldap_bv2dn(cn=mark,ou=private,ou=rcabook,dc=localhost,0)
>><= ldap_bv2dn(cn=mark,ou=private,ou=rcabook,dc=localhost)=0
>>=> ldap_dn2bv(272)
>><= ldap_dn2bv(cn=mark,ou=private,ou=rcabook,dc=localhost)=0
>>=> ldap_dn2bv(272)
>><= ldap_dn2bv(cn=mark,ou=private,ou=rcabook,dc=localhost)=0
>><<< dnPrettyNormal: <cn=mark,ou=private,ou=rcabook,dc=localhost>,
>><cn=mark,
>>ou=private,ou=rcabook,dc=localhost>
>>conn=21 op=0 BIND dn="cn=mark,ou=private,ou=rcabook,dc=localhost"
>>method=128
>>do_bind: version=3 dn="cn=mark,ou=private,ou=rcabook,dc=localhost"
>>method=128
>>==> bdb_bind: dn: cn=mark,ou=private,ou=rcabook,dc=localhost
>>bdb_dn2entry("cn=mark,ou=private,ou=rcabook,dc=localhost")
>>=> bdb_dn2id("cn=mark,ou=private,ou=rcabook,dc=localhost")
>><= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found
>>(-30988)
>>send_ldap_result: conn=21 op=0 p=3
>>send_ldap_result: err=49 matched="" text=""
>>send_ldap_response: msgid=1 tag=97 err=49
>>ber_flush2: 22 bytes to sd 13
>>0000:  30 84 00 00 00 10 02 01  01 61 84 00 00 00 07 0a  
>>0........a...... 
>>0010:  01 31 04 00 04 00                                  .1....       
>>   
>>ldap_write: want=22, written=22
>>0000:  30 84 00 00 00 10 02 01  01 61 84 00 00 00 07 0a  
>>0........a...... 
>>0010:  01 31 04 00 04 00                                  .1....       
>>   
>>conn=21 op=0 RESULT tag=97 err=49 text=
>>daemon: activity on 1 descriptor
>>daemon: activity on:
>>daemon: epoll: listen=7 active_threads=0 tvp=zero
>>daemon: epoll: listen=8 active_threads=0 tvp=zero
>>daemon: activity on 1 descriptor
>>daemon: activity on: 13r
>>daemon: read active on 13
>>daemon: epoll: listen=7 active_threads=0 tvp=zero
>>connection_get(13)
>>daemon: epoll: listen=8 active_threads=0 tvp=zero
>>connection_get(13): got connid=21
>>connection_read(13): checking for input on id=21
>>ber_get_next
>>ldap_read: want=8, got=0
>>
>>ber_get_next on fd 13 failed errno=0 (Success)
>>connection_read(13): input error=-2 id=21, closing.
>>connection_closing: readying conn=21 sd=13 for close
>>connection_close: conn=21 sd=13
>>daemon: activity on 1 descriptor
>>daemon: removing 13
>>daemon: activity on:
>>conn=21 fd=13 closed (connection lost)
>>daemon: epoll: listen=7 active_threads=0 tvp=zero
>>daemon: epoll: listen=8 active_threads=0 tvp=zero
>>
>>
>>                                                                       
>>Thanks a lot
>>Mark
>>
>>>----Messaggio originale----
>>>Da: andudi at gmx.ch
>>>Data: 05/03/2012 14.09
>>>A: "kaifamm at libero.it"<kaifamm at libero.it>, <users at lists.roundcube.net>
>>>Ogg: Re: [RCU]	Ldap Addressbook : problem for credentials in private	
>>addressbook
>>>
>>>Hei
>>>I am i ski hollydays and have not my setup in front.
>>>
>>>Your setup seems ok, but can you try to connect with ldapsearch on the
>>
>>commandline?
>>>Another try could be to switch on logging in slapd.conf
>>>Ldap.conf is not used by server but by clients like ldapsearch...
>>>
>>>Andreas
>>>
>>>
>>>
>>>"kaifamm at libero.it" <kaifamm at libero.it> schrieb:
>>>
>>>>Hi All,
>>>>
>>>>I configured the ldap server and roundcube to manage contacts. I used
>>>>the 
>>>>howto : http://trac.roundcube.net/wiki/Howto_Ldap. It work quite, I
>>>>have only  
>>>>a problem for credentials in private addressbook. The public
>>>>addressbook works 
>>>>fine, I can search and add contacts. 
>>>>
>>>>I checked the Mark's password and it is correct. I tried to use
>>rootpw
>>>>but it 
>>>>doesn't works.
>>>>
>>>>My versions are :
>>>>openldap-servers-2.4.19-6
>>>>php-5.3.3-1
>>>>roundcube  0.7.1
>>>>
>>>>I report the error in ldap log of rouncube, my slapd.conf and my
>>>>main.inc.php.
>>>>
>>>>Thanks a lot 
>>>>
>>>>Mark
>>>>
>>>>--------------------------------
>>>>logs/ldap :
>>>>
>>>>[05-Mar-2012 10:09:01 +0100]: C: Connect [localhost:389]
>>>>[05-Mar-2012 10:09:01 +0100]: S: OK
>>>>[05-Mar-2012 10:09:01 +0100]: C: Bind [dn:
>>>>cn=mark,ou=private,ou=rcabook,
>>>>dc=localhost] [pass: xxxx]
>>>>[05-Mar-2012 10:09:01 +0100]: S: Invalid credentials
>>>>[05-Mar-2012 10:09:01 +0100]: C: Close
>>>>
>>>>
>>>>[05-Mar-2012 10:14:24 +0100]: C: Connect [localhost:389]
>>>>[05-Mar-2012 10:14:24 +0100]: S: OK
>>>>[05-Mar-2012 10:14:24 +0100]: C: Bind [dn:
>>>>cn=mark,ou=private,ou=rcabook,
>>>>dc=localhost] [pass: xxxx]
>>>>[05-Mar-2012 10:14:24 +0100]: S: Invalid credentials
>>>>[05-Mar-2012 10:14:24 +0100]: C: Close
>>>>[05-Mar-2012 10:27:42 +0100]: C: Connect [localhost:389]
>>>>[05-Mar-2012 10:27:42 +0100]: S: OK
>>>>[05-Mar-2012 10:27:42 +0100]: C: Bind [dn:
>>>>cn=mark,ou=private,ou=rcabook,
>>>>dc=localhost] [pass: xxxx]
>>>>[05-Mar-2012 10:27:42 +0100]: S: Invalid credentials
>>>>[05-Mar-2012 10:27:42 +0100]: C: Close
>>>>[05-Mar-2012 10:27:52 +0100]: C: Connect [localhost:389]
>>>>[05-Mar-2012 10:27:52 +0100]: S: OK
>>>>[05-Mar-2012 10:27:52 +0100]: C: Bind [dn:
>>>>cn=mark,ou=private,ou=rcabook,
>>>>dc=localhost] [pass: xxxx]
>>>>[05-Mar-2012 10:27:52 +0100]: S: Invalid credentials
>>>>[05-Mar-2012 10:27:52 +0100]: C: Add [dn:
>>mail=ssssss at iiii.uu,cn=mark,
>>>>ou=private,ou=rcabook,dc=localhost]: Array
>>>>(
>>>>    [cn] => ssssssss sss
>>>>    [sn] => sss
>>>>    [givenname] => ssssssss
>>>>    [mail] => ssssss at iiii.uu
>>>>    [objectClass] => Array
>>>>        (
>>>>            [0] => top
>>>>            [1] => inetOrgPerson
>>>>        )
>>>>
>>>>)
>>>>
>>>>[05-Mar-2012 10:27:52 +0100]: S: Strong(er) authentication required
>>>>[05-Mar-2012 10:27:52 +0100]: C: Close
>>>>------------------------------------------------------------
>>>>config/main.inc.php
>>>>
>>>>$rcmail_config['ldap_public']['public'] = array(
>>>>    'name'              => 'Public LDAP Addressbook',
>>>>    'hosts'              => array('localhost'),
>>>>    'use_tls'         =>
>_______________________________________________
>Roundcube Users mailing list
>users at lists.roundcube.net
>http://lists.roundcube.net/mailman/listinfo/users
>




More information about the users mailing list