Hi All,
I configured the ldap server and roundcube to manage contacts. I used the
howto : http://trac.roundcube.net/wiki/Howto_Ldap. It work quite, I have only
a problem for credentials in private addressbook. The public addressbook works
fine, I can search and add contacts.
I checked the Mark's password and it is correct. I tried to use rootpw but it doesn't works.
My versions are : openldap-servers-2.4.19-6 php-5.3.3-1 roundcube 0.7.1
I report the error in ldap log of rouncube, my slapd.conf and my main.inc.php.
Thanks a lot
Mark
logs/ldap :
[05-Mar-2012 10:09:01 +0100]: C: Connect [localhost:389] [05-Mar-2012 10:09:01 +0100]: S: OK [05-Mar-2012 10:09:01 +0100]: C: Bind [dn: cn=mark,ou=private,ou=rcabook, dc=localhost] [pass: xxxx] [05-Mar-2012 10:09:01 +0100]: S: Invalid credentials [05-Mar-2012 10:09:01 +0100]: C: Close
[05-Mar-2012 10:14:24 +0100]: C: Connect [localhost:389] [05-Mar-2012 10:14:24 +0100]: S: OK [05-Mar-2012 10:14:24 +0100]: C: Bind [dn: cn=mark,ou=private,ou=rcabook, dc=localhost] [pass: xxxx] [05-Mar-2012 10:14:24 +0100]: S: Invalid credentials [05-Mar-2012 10:14:24 +0100]: C: Close [05-Mar-2012 10:27:42 +0100]: C: Connect [localhost:389] [05-Mar-2012 10:27:42 +0100]: S: OK [05-Mar-2012 10:27:42 +0100]: C: Bind [dn: cn=mark,ou=private,ou=rcabook, dc=localhost] [pass: xxxx] [05-Mar-2012 10:27:42 +0100]: S: Invalid credentials [05-Mar-2012 10:27:42 +0100]: C: Close [05-Mar-2012 10:27:52 +0100]: C: Connect [localhost:389] [05-Mar-2012 10:27:52 +0100]: S: OK [05-Mar-2012 10:27:52 +0100]: C: Bind [dn: cn=mark,ou=private,ou=rcabook, dc=localhost] [pass: xxxx] [05-Mar-2012 10:27:52 +0100]: S: Invalid credentials [05-Mar-2012 10:27:52 +0100]: C: Add [dn: mail=ssssss@iiii.uu,cn=mark, ou=private,ou=rcabook,dc=localhost]: Array ( [cn] => ssssssss sss [sn] => sss [givenname] => ssssssss [mail] => ssssss@iiii.uu [objectClass] => Array ( [0] => top [1] => inetOrgPerson )
)
[05-Mar-2012 10:27:52 +0100]: S: Strong(er) authentication required [05-Mar-2012 10:27:52 +0100]: C: Close
config/main.inc.php
$rcmail_config['ldap_public']['public'] = array( 'name' => 'Public LDAP Addressbook', 'hosts' => array('localhost'), 'use_tls' => false, 'ldap_version' => 3, // using LDAPv3 'port' => 389, 'auth_method' => '', 'user_specific' => false, 'writable' => true, 'base_dn' => 'ou=public,ou=rcabook,dc=localhost', 'bind_dn' => 'cn=rcuser,ou=rcabook,dc=localhost', 'bind_pass' => 'rcpass', 'fieldmap' => array( 'name' => 'cn', 'surname' => 'sn', 'firstname' => 'givenName', 'email' => 'mail', 'phone:home' => 'homePhone', 'phone:work' => 'telephoneNumber', 'phone:mobile' => 'mobile', 'street' => 'street', 'zipcode' => 'postalCode', 'locality' => 'l', 'country' => 'c', 'organization' => 'o', ), 'LDAP_Object_Classes' => array('top', 'inetOrgPerson'), 'LDAP_rdn' => 'mail', 'required_fields' => array('cn', 'sn', 'mail'), 'filter' => '(objectClass=inetOrgPerson)', 'groups' => array( 'base_dn' => '', // in this Howto, the same base_dn as for the contacts is used 'filter' => '(objectClass=groupOfNames)', 'object_classes' => array("top", "groupOfNames"), ), );
$rcmail_config['ldap_public']['private'] = array( 'name' => 'Private LDAP Addressbook', 'hosts' => array('localhost'), 'use_tls' => false, 'ldap_version' => 3, // using LDAPv3 'port' => 389, 'auth_method' => '', 'user_specific' => true, 'writable' => true, 'base_dn' => 'cn=%u,ou=private,ou=rcabook,dc=localhost', 'bind_dn' => 'cn=%u,ou=private,ou=rcabook,dc=localhost', 'bind_pass' => '', // the user login password is used 'fieldmap' => array( 'name' => 'cn', 'surname' => 'sn', 'firstname' => 'givenName', 'email' => 'mail', 'phone:home' => 'homePhone', 'phone:work' => 'telephoneNumber', 'phone:mobile' => 'mobile', 'street' => 'street', 'zipcode' => 'postalCode', 'locality' => 'l', 'country' => 'c', 'organization' => 'o', ), 'LDAP_Object_Classes' => array('top', 'inetOrgPerson'), 'LDAP_rdn' => 'mail', 'required_fields' => array('cn', 'sn', 'mail'), 'filter' => '(objectClass=inetOrgPerson)', 'groups' => array( 'base_dn' => '', // in this Howto, the same base_dn as for the contacts is used 'filter' => '(objectClass=groupOfNames)', 'object_classes' => array("top", "groupOfNames"), ), );
openldap/slapd.conf
# # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. #
include /etc/openldap/schema/corba.schema include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/duaconf.schema include /etc/openldap/schema/dyngroup.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/java.schema include /etc/openldap/schema/misc.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/openldap.schema include /etc/openldap/schema/ppolicy.schema include /etc/openldap/schema/collective.schema
# Allow LDAPv2 client connections. This is NOT the default. allow bind_v2
# Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org
pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args
SIZELIMIT 100000
# # if no access controls are present, the default policy # allows anyone and everyone to read anything but restricts # updates to rootdn. (e.g., "access to * by * read") # # rootdn can always read and write EVERYTHING!
####################################################################### # ldbm and/or bdb database definitions #######################################################################
database bdb suffix "dc=localhost" checkpoint 1024 15 rootdn "cn=admin,dc=localhost" # Cleartext passwords, especially for the rootdn, should # be avoided. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw {SSHA}xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
# The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /var/lib/ldap
# Indices to maintain for this database index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub
# Replicas of this database #replogfile /var/lib/ldap/openldap-master-replog #replica host=ldap-1.example.com:389 starttls=critical # bindmethod=sasl saslmech=GSSAPI # authcId=host/ldap-master.example.com@EXAMPLE.COM
# Grant the Roundcub user to create private users access to dn.one="ou=private,ou=rcabook,dc=localhost" attrs=userPassword by dn="cn=rcuser,ou=rcabook,dc=localhost" write by anonymous auth by self write by * none
# For user authentication and password change access to attrs=userPassword by dn="cn=admin,dc=localhost" write by anonymous auth by self write by * none
# Grant the Roundcube users access to their private addressbooks access to dn.regex="^.*cn=([^,]+),ou=private,ou=rcabook,dc=localhost$" by dn="cn=admin,dc=localhost" write by dn="cn=rcuser,ou=rcabook,dc=localhost" write by dn.exact,expand="cn=$1,ou=private,ou=rcabook,dc=localhost" write
# Grant the Roundcube user access to the whole addressbook access to dn.subtree="ou=rcabook,dc=localhost" by dn="cn=admin,dc=localhost" write by dn="cn=rcuser,ou=rcabook,dc=localhost" write
# For direcory access access to * by dn="cn=admin,dc=localhost" write
# enable monitoring database monitor
openldap/ldap.conf
# # LDAP Defaults #
# See ldap.conf(5) for details # This file should be world readable but not world writable.
#BASE dc=example,dc=com #URI ldap://ldap.example.com ldap://ldap-master.example.com:666
#SIZELIMIT 12 #TIMELIMIT 15 #DEREF never URI ldap://127.0.0.1/ BASE dc=localhost TLS_REQCERT never TLS_CACERTDIR /etc/openldap/cacerts