[RCU] R: Re: R: Re: Ldap Addressbook : problem for credentials in private addressbook

Andreas Dick andudi at gmx.ch
Tue Mar 6 13:17:34 CET 2012


Great!
I will add this to the wiki and concerning comments when i am at home.
Thanks Andreas



"kaifamm at libero.it" <kaifamm at libero.it> schrieb:

>Hi,
>
>    Thank you for the tips !!!! 
>
>I found the solution !!!!!!!! Yes in the script rcabook-setup.sh there
>is 
>not the creation of single users for private addressbook !!! 
>
>So I made a script ( rc_create_user.sh) that create users in ldap
>server for 
>private addressbook. This script must run for each ldap users.  
>
>#!/bin/bash
># Parameters : USER PASSWORD 
># example : rc_create_user.sh mark xxxx
>#
>#------------ parameters    start --------------------------------
>if [ $# -lt 2 ] ; then
>echo "ERROR - Number of parameters is wrong. Example: rc_create_user.sh
>
>user password"
>    exit 1
>fi
>
>abook_user=$1;
>abook_pass=$2;
>#------------ parameters    end   --------------------------------
>
>#------------ configuration start --------------------------------
>server="ldap://localhost:389";
>suffix="dc=localhost";
>rootdn="cn=admin,$suffix";
>
>abook_name="rcabook";
>
>subdir_public="public";
>subdir_private="private";
>
>base_dn="ou=$subdir_private,ou=$abook_name,$suffix";
>bind_dn="cn=$abook_user,$base_dn";
>bind_pass="$abook_pass";
>#------------ configuration end --------------------------------
>
>echo "
>dn: $bind_dn
>cn: $abook_user
>userPassword: `slappasswd -s $abook_pass`
>objectClass: organizationalRole
>objectClass: simpleSecurityObject
>" | ldapadd -x -c -H $server -D $rootdn -W 2> /dev/null ||
>  { echo "ERROR-unable to create user!"; exit 1; };
> 
>
>
>>----Messaggio originale----
>>Da: andudi at gmx.ch
>>Data: 05/03/2012 20.03
>>A: "kaifamm at libero.it"<kaifamm at libero.it>, "Roundcube Users mailing
>list"
><users at lists.roundcube.net>
>>Ogg: Re: [RCU]	R: Re: Ldap Addressbook : problem for credentials
>in	private	
>addressbook
>>
>>Well. the script was written before private abooks was added... ACL is
>not 
>checked for that yet
>>But have you created the user? Can you show the output of ldapsearch?
>>I have not yet scanned yor slapd log... will do that at home
>>
>>Andreas
>>
>>
>>
>>"kaifamm at libero.it" <kaifamm at libero.it> schrieb:
>>
>>>Hi All,
>>>
>>>   thanks for the answers !!!
>>>
>>>I made other tests :
>>>
>>>If I try this :  ldapsearch -xLLL -H ldap://localhost:389 -D
>cn=rcuser,
>>>ou=rcabook,dc=localhost -w rcpass -b ou=rcabook,dc=localhost
>>>it works fine.
>>>
>>>If I try this : ldapsearch -xLLL -H ldap://localhost:389 -D  cn=mark,
>>>ou=private,ou=rcabook,dc=localhost  -w xxxx
>>>It answer : ldap_bind: Invalid credentials (49),
>>>so I think that there is an ACL problem.
>>>
>>>I think that there is an error in the script rcabook-setup.sh.
>>>
>>>I did run and run again  the script rcabook-setup.sh, it doesn't
>return
>>>errors  and it said :
>>>The LDAP addressbook is ready now for using:
>>>  base_dn: ou=rcabook,dc=localhost
>>>  bind_dn: cn=rcuser,ou=rcabook,dc=localhost
>>> 
>>>Use the following command for reading and checking your setup:
>>>  ldapsearch -xLLL -H ldap://localhost:389 -D cn=rcuser,ou=rcabook,
>>>dc=localhost -w rcpass -b ou=rcabook,dc=localhost
>>>
>>>I report my ldap.log with the debug of ldap server :
>>>
>>>daemon: activity on:
>>>slap_listener_activate(7):
>>>daemon: epoll: listen=7 busy
>>>daemon: epoll: listen=8 active_threads=0 tvp=zero
>>>>>> slap_listener(ldap:///)
>>>daemon: listen=7, new connection on 13
>>>daemon: activity on 1 descriptor
>>>daemon: activity on:
>>>daemon: epoll: listen=7 active_threads=0 tvp=zero
>>>daemon: epoll: listen=8 active_threads=0 tvp=zero
>>>daemon: added 13r (active) listener=(nil)
>>>daemon: activity on 1 descriptor
>>>conn=21 fd=13 ACCEPT from IP=127.0.0.1:45320 (IP=0.0.0.0:389)
>>>daemon: activity on: 13r
>>>daemon: read active on 13
>>>daemon: epoll: listen=7 active_threads=0 tvp=zero
>>>connection_get(13)
>>>daemon: epoll: listen=8 active_threads=0 tvp=zero
>>>connection_get(13): got connid=21
>>>connection_read(13): checking for input on id=21
>>>ber_get_next
>>>ldap_read: want=8, got=8
>>>0000:  30 84 00 00 00 3e 02 01                            0....>..   
> 
>>>   
>>>ldap_read: want=60, got=60
>>>0000:  01 60 84 00 00 00 35 02  01 03 04 2a 63 6e 3d 6d  
>>>.`....5....*cn=m 
>>>0010:  61 72 6b 2c 6f 75 3d 70  72 69 76 61 74 65 2c 6f  
>>>ark,ou=private,o 
>>>0020:  75 3d 72 63 61 62 6f 6f  6b 2c 64 63 3d 6c 6f 63  
>>>u=rcabook,dc=loc 
>>>0030:  61 6c 68 6f 73 74 80 04  78 78 78 78              
>alhost..xxxx 
>>>   
>>>ber_get_next: tag 0x30 len 62 contents:
>>>ber_dump: buf=0xa0b040a8 ptr=0xa0b040a8 end=0xa0b040e6 len=62
>>>0000:  02 01 01 60 84 00 00 00  35 02 01 03 04 2a 63 6e  
>>>...`....5....*cn 
>>>0010:  3d 6d 61 72 6b 2c 6f 75  3d 70 72 69 76 61 74 65  
>>>=mark,ou=private 
>>>0020:  2c 6f 75 3d 72 63 61 62  6f 6f 6b 2c 64 63 3d 6c  
>>>,ou=rcabook,dc=l 
>>>0030:  6f 63 61 6c 68 6f 73 74  80 04 78 78 78 78        
>>>ocalhost..xxxx   
>>>op tag 0x60, time 1330963449
>>>ber_get_next
>>>ldap_read: want=8 error=Resource temporarily unavailable
>>>conn=21 op=0 do_bind
>>>ber_scanf fmt ({imt) ber:
>>>ber_dump: buf=0xa0b040a8 ptr=0xa0b040ab end=0xa0b040e6 len=59
>>>0000:  60 84 00 00 00 35 02 01  03 04 2a 63 6e 3d 6d 61  
>>>`....5....*cn=ma 
>>>0010:  72 6b 2c 6f 75 3d 70 72  69 76 61 74 65 2c 6f 75  
>>>rk,ou=private,ou 
>>>0020:  3d 72 63 61 62 6f 6f 6b  2c 64 63 3d 6c 6f 63 61  
>>>=rcabook,dc=loca 
>>>0030:  6c 68 6f 73 74 80 04 78  78 78 78                  lhost..xxxx
> 
>>>   
>>>ber_scanf fmt (m}) ber:
>>>ber_dump: buf=0xa0b040a8 ptr=0xa0b040e0 end=0xa0b040e6 len=6
>>>0000:  00 04 78 78 78 78                                  ..xxxx     
> 
>>>   
>>>>>> dnPrettyNormal: <cn=mark,ou=private,ou=rcabook,dc=localhost>
>>>=> ldap_bv2dn(cn=mark,ou=private,ou=rcabook,dc=localhost,0)
>>><= ldap_bv2dn(cn=mark,ou=private,ou=rcabook,dc=localhost)=0
>>>=> ldap_dn2bv(272)
>>><= ldap_dn2bv(cn=mark,ou=private,ou=rcabook,dc=localhost)=0
>>>=> ldap_dn2bv(272)
>>><= ldap_dn2bv(cn=mark,ou=private,ou=rcabook,dc=localhost)=0
>>><<< dnPrettyNormal: <cn=mark,ou=private,ou=rcabook,dc=localhost>,
>>><cn=mark,
>>>ou=private,ou=rcabook,dc=localhost>
>>>conn=21 op=0 BIND dn="cn=mark,ou=private,ou=rcabook,dc=localhost"
>>>method=128
>>>do_bind: version=3 dn="cn=mark,ou=private,ou=rcabook,dc=localhost"
>>>method=128
>>>==> bdb_bind: dn: cn=mark,ou=private,ou=rcabook,dc=localhost
>>>bdb_dn2entry("cn=mark,ou=private,ou=rcabook,dc=localhost")
>>>=> bdb_dn2id("cn=mark,ou=private,ou=rcabook,dc=localhost")
>>><= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair
>found
>>>(-30988)
>>>send_ldap_result: conn=21 op=0 p=3
>>>send_ldap_result: err=49 matched="" text=""
>>>send_ldap_response: msgid=1 tag=97 err=49
>>>ber_flush2: 22 bytes to sd 13
>>>0000:  30 84 00 00 00 10 02 01  01 61 84 00 00 00 07 0a  
>>>0........a...... 
>>>0010:  01 31 04 00 04 00                                  .1....     
> 
>>>   
>>>ldap_write: want=22, written=22
>>>0000:  30 84 00 00 00 10 02 01  01 61 84 00 00 00 07 0a  
>>>0........a...... 
>>>0010:  01 31 04 00 04 00                                  .1....     
> 
>>>   
>>>conn=21 op=0 RESULT tag=97 err=49 text=
>>>daemon: activity on 1 descriptor
>>>daemon: activity on:
>>>daemon: epoll: listen=7 active_threads=0 tvp=zero
>>>daemon: epoll: listen=8 active_threads=0 tvp=zero
>>>daemon: activity on 1 descriptor
>>>daemon: activity on: 13r
>>>daemon: read active on 13
>>>daemon: epoll: listen=7 active_threads=0 tvp=zero
>>>connection_get(13)
>>>daemon: epoll: listen=8 active_threads=0 tvp=zero
>>>connection_get(13): got connid=21
>>>connection_read(13): checking for input on id=21
>>>ber_get_next
>>>ldap_read: want=8, got=0
>>>
>>>ber_get_next on fd 13 failed errno=0 (Success)
>>>connection_read(13): input error=-2 id=21, closing.
>>>connection_closing: readying conn=21 sd=13 for close
>>>connection_close: conn=21 sd=13
>>>daemon: activity on 1 descriptor
>>>daemon: removing 13
>>>daemon: activity on:
>>>conn=21 fd=13 closed (connection lost)
>>>daemon: epoll: listen=7 active_threads=0 tvp=zero
>>>daemon: epoll: listen=8 active_threads=0 tvp=zero
>>>
>>>
>>>                                                                     
> 
>>>Thanks a lot
>>>Mark
>>>
>>>>----Messaggio originale----
>>>>Da: andudi at gmx.ch
>>>>Data: 05/03/2012 14.09
>>>>A: "kaifamm at libero.it"<kaifamm at libero.it>,
><users at lists.roundcube.net>
>>>>Ogg: Re: [RCU]	Ldap Addressbook : problem for credentials in
>private	
>>>addressbook
>>>>
>>>>Hei
>>>>I am i ski hollydays and have not my setup in front.
>>>>
>>>>Your setup seems ok, but can you try to connect with ldapsearch on
>the
>>>
>>>commandline?
>>>>Another try could be to switch on logging in slapd.conf
>>>>Ldap.conf is not used by server but by clients like ldapsearch...
>>>>
>>>>Andreas
>>>>
>>>>
>>>>
>>>>"kaifamm at libero.it" <kaifamm at libero.it> schrieb:
>>>>
>>>>>Hi All,
>>>>>
>>>>>I configured the ldap server and roundcube to manage contacts. I
>used
>>>>>the 
>>>>>howto : http://trac.roundcube.net/wiki/Howto_Ldap. It work quite, I
>>>>>have only  
>>>>>a problem for credentials in private addressbook. The public
>>>>>addressb


More information about the users mailing list