Hei I am i ski hollydays and have not my setup in front.
Your setup seems ok, but can you try to connect with ldapsearch on the commandline? Another try could be to switch on logging in slapd.conf Ldap.conf is not used by server but by clients like ldapsearch...
Andreas
"kaifamm@libero.it" kaifamm@libero.it schrieb:
Hi All,
I configured the ldap server and roundcube to manage contacts. I used the howto : http://trac.roundcube.net/wiki/Howto_Ldap. It work quite, I have only
a problem for credentials in private addressbook. The public addressbook works fine, I can search and add contacts.I checked the Mark's password and it is correct. I tried to use rootpw but it doesn't works.
My versions are : openldap-servers-2.4.19-6 php-5.3.3-1 roundcube 0.7.1
I report the error in ldap log of rouncube, my slapd.conf and my main.inc.php.
Thanks a lot
Mark
logs/ldap :
[05-Mar-2012 10:09:01 +0100]: C: Connect [localhost:389] [05-Mar-2012 10:09:01 +0100]: S: OK [05-Mar-2012 10:09:01 +0100]: C: Bind [dn: cn=mark,ou=private,ou=rcabook, dc=localhost] [pass: xxxx] [05-Mar-2012 10:09:01 +0100]: S: Invalid credentials [05-Mar-2012 10:09:01 +0100]: C: Close
[05-Mar-2012 10:14:24 +0100]: C: Connect [localhost:389] [05-Mar-2012 10:14:24 +0100]: S: OK [05-Mar-2012 10:14:24 +0100]: C: Bind [dn: cn=mark,ou=private,ou=rcabook, dc=localhost] [pass: xxxx] [05-Mar-2012 10:14:24 +0100]: S: Invalid credentials [05-Mar-2012 10:14:24 +0100]: C: Close [05-Mar-2012 10:27:42 +0100]: C: Connect [localhost:389] [05-Mar-2012 10:27:42 +0100]: S: OK [05-Mar-2012 10:27:42 +0100]: C: Bind [dn: cn=mark,ou=private,ou=rcabook, dc=localhost] [pass: xxxx] [05-Mar-2012 10:27:42 +0100]: S: Invalid credentials [05-Mar-2012 10:27:42 +0100]: C: Close [05-Mar-2012 10:27:52 +0100]: C: Connect [localhost:389] [05-Mar-2012 10:27:52 +0100]: S: OK [05-Mar-2012 10:27:52 +0100]: C: Bind [dn: cn=mark,ou=private,ou=rcabook, dc=localhost] [pass: xxxx] [05-Mar-2012 10:27:52 +0100]: S: Invalid credentials [05-Mar-2012 10:27:52 +0100]: C: Add [dn: mail=ssssss@iiii.uu,cn=mark, ou=private,ou=rcabook,dc=localhost]: Array ( [cn] => ssssssss sss [sn] => sss [givenname] => ssssssss [mail] => ssssss@iiii.uu [objectClass] => Array ( [0] => top [1] => inetOrgPerson )
)
[05-Mar-2012 10:27:52 +0100]: S: Strong(er) authentication required [05-Mar-2012 10:27:52 +0100]: C: Close
config/main.inc.php
$rcmail_config['ldap_public']['public'] = array( 'name' => 'Public LDAP Addressbook', 'hosts' => array('localhost'), 'use_tls' => false, 'ldap_version' => 3, // using LDAPv3 'port' => 389, 'auth_method' => '', 'user_specific' => false, 'writable' => true, 'base_dn' => 'ou=public,ou=rcabook,dc=localhost', 'bind_dn' => 'cn=rcuser,ou=rcabook,dc=localhost', 'bind_pass' => 'rcpass', 'fieldmap' => array( 'name' => 'cn', 'surname' => 'sn', 'firstname' => 'givenName', 'email' => 'mail', 'phone:home' => 'homePhone', 'phone:work' => 'telephoneNumber', 'phone:mobile' => 'mobile', 'street' => 'street', 'zipcode' => 'postalCode', 'locality' => 'l', 'country' => 'c', 'organization' => 'o', ), 'LDAP_Object_Classes' => array('top', 'inetOrgPerson'), 'LDAP_rdn' => 'mail', 'required_fields' => array('cn', 'sn', 'mail'), 'filter' => '(objectClass=inetOrgPerson)', 'groups' => array( 'base_dn' => '', // in this Howto, the same base_dn as for the contacts is used 'filter' => '(objectClass=groupOfNames)', 'object_classes' => array("top", "groupOfNames"), ), );
$rcmail_config['ldap_public']['private'] = array( 'name' => 'Private LDAP Addressbook', 'hosts' => array('localhost'), 'use_tls' => false, 'ldap_version' => 3, // using LDAPv3 'port' => 389, 'auth_method' => '', 'user_specific' => true, 'writable' => true, 'base_dn' => 'cn=%u,ou=private,ou=rcabook,dc=localhost', 'bind_dn' => 'cn=%u,ou=private,ou=rcabook,dc=localhost', 'bind_pass' => '', // the user login password is used 'fieldmap' => array( 'name' => 'cn', 'surname' => 'sn', 'firstname' => 'givenName', 'email' => 'mail', 'phone:home' => 'homePhone', 'phone:work' => 'telephoneNumber', 'phone:mobile' => 'mobile', 'street' => 'street', 'zipcode' => 'postalCode', 'locality' => 'l', 'country' => 'c', 'organization' => 'o', ), 'LDAP_Object_Classes' => array('top', 'inetOrgPerson'), 'LDAP_rdn' => 'mail', 'required_fields' => array('cn', 'sn', 'mail'), 'filter' => '(objectClass=inetOrgPerson)', 'groups' => array( 'base_dn' => '', // in this Howto, the same base_dn as for the contacts is used 'filter' => '(objectClass=groupOfNames)', 'object_classes' => array("top", "groupOfNames"), ), );
openldap/slapd.conf
# # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. #
include /etc/openldap/schema/corba.schema include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/duaconf.schema include /etc/openldap/schema/dyngroup.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/java.schema include /etc/openldap/schema/misc.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/openldap.schema include /etc/openldap/schema/ppolicy.schema include /etc/openldap/schema/collective.schema
# Allow LDAPv2 client connections. This is NOT the default. allow bind_v2
# Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org
pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args
SIZELIMIT 100000
# # if no access controls are present, the default policy # allows anyone and everyone to read anything but restricts # updates to rootdn. (e.g., "access to * by * read") # # rootdn can always read and write EVERYTHING!
####################################################################### # ldbm and/or bdb database definitions #######################################################################
database bdb suffix "dc=localhost" checkpoint 1024 15 rootdn "cn=admin,dc=localhost" # Cleartext passwords, especially for the rootdn, should # be avoided. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw {SSHA}xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
# The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /var/lib/ldap
# Indices to maintain for this database index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub
# Replicas of this database #replogfile /var/lib/ldap/openldap-master-replog #replica host=ldap-1.example.com:389 starttls=critical # bindmethod=sasl saslmech=GSSAPI # authcId=host/ldap-master.example.com@EXAMPLE.COM
# Grant the Roundcub user to create private users access to dn.one="ou=private,ou=rcabook,dc=localhost" attrs=userPassword by dn="cn=rcuser,ou=rcabook,dc=localhost" write by anonymous auth by self write by * none
# For user authentication and password change access to attrs=userPassword by dn="cn=admin,dc=localhost" write by anonymous auth by self write by * none
# Grant the Roundcube users access to their private addressbooks access to dn.regex="^.*cn=([^,]+),ou=private,ou=rcabook,dc=localhost$" by dn="cn=admin,dc=localhost" write by dn="cn=rcuser,ou=rcabook,dc=localhost" write by dn.exact,expand="cn=$1,ou=private,ou=rcabook,dc=localhost" write
# Grant the Roundcube user access to the whole addressbook access to dn.subtree="ou=rcabook,dc=localhost" by dn="cn=admin,dc=localhost" write by dn="cn=rcuser,ou=rcabook,dc=localhost" write
# For direcory access access to * by dn="cn=admin,dc=localhost" write
# enable monitoring database monitor