Hi All,
thanks for the answers !!!
I made other tests :
If I try this : ldapsearch -xLLL -H ldap://localhost:389 -D cn=rcuser, ou=rcabook,dc=localhost -w rcpass -b ou=rcabook,dc=localhost it works fine.
If I try this : ldapsearch -xLLL -H ldap://localhost:389 -D cn=mark, ou=private,ou=rcabook,dc=localhost -w xxxx It answer : ldap_bind: Invalid credentials (49), so I think that there is an ACL problem.
I think that there is an error in the script rcabook-setup.sh.
I did run and run again the script rcabook-setup.sh, it doesn't return errors and it said : The LDAP addressbook is ready now for using: base_dn: ou=rcabook,dc=localhost bind_dn: cn=rcuser,ou=rcabook,dc=localhost
Use the following command for reading and checking your setup: ldapsearch -xLLL -H ldap://localhost:389 -D cn=rcuser,ou=rcabook, dc=localhost -w rcpass -b ou=rcabook,dc=localhost
I report my ldap.log with the debug of ldap server :
daemon: activity on: slap_listener_activate(7): daemon: epoll: listen=7 busy daemon: epoll: listen=8 active_threads=0 tvp=zero
slap_listener(ldap:///)
daemon: listen=7, new connection on 13
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=zero
daemon: epoll: listen=8 active_threads=0 tvp=zero
daemon: added 13r (active) listener=(nil)
daemon: activity on 1 descriptor
conn=21 fd=13 ACCEPT from IP=127.0.0.1:45320 (IP=0.0.0.0:389)
daemon: activity on: 13r
daemon: read active on 13
daemon: epoll: listen=7 active_threads=0 tvp=zero
connection_get(13)
daemon: epoll: listen=8 active_threads=0 tvp=zero
connection_get(13): got connid=21
connection_read(13): checking for input on id=21
ber_get_next
ldap_read: want=8, got=8
0000: 30 84 00 00 00 3e 02 01 0....>..
ldap_read: want=60, got=60
0000: 01 60 84 00 00 00 35 02 01 03 04 2a 63 6e 3d 6d .....5....*cn=m 0010: 61 72 6b 2c 6f 75 3d 70 72 69 76 61 74 65 2c 6f ark,ou=private,o 0020: 75 3d 72 63 61 62 6f 6f 6b 2c 64 63 3d 6c 6f 63 u=rcabook,dc=loc 0030: 61 6c 68 6f 73 74 80 04 78 78 78 78 alhost..xxxx ber_get_next: tag 0x30 len 62 contents: ber_dump: buf=0xa0b040a8 ptr=0xa0b040a8 end=0xa0b040e6 len=62 0000: 02 01 01 60 84 00 00 00 35 02 01 03 04 2a 63 6e .......5....*cn
0010: 3d 6d 61 72 6b 2c 6f 75 3d 70 72 69 76 61 74 65 =mark,ou=private
0020: 2c 6f 75 3d 72 63 61 62 6f 6f 6b 2c 64 63 3d 6c ,ou=rcabook,dc=l
0030: 6f 63 61 6c 68 6f 73 74 80 04 78 78 78 78 ocalhost..xxxx
op tag 0x60, time 1330963449
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable
conn=21 op=0 do_bind
ber_scanf fmt ({imt) ber:
ber_dump: buf=0xa0b040a8 ptr=0xa0b040ab end=0xa0b040e6 len=59
0000: 60 84 00 00 00 35 02 01 03 04 2a 63 6e 3d 6d 61 `....5....*cn=ma
0010: 72 6b 2c 6f 75 3d 70 72 69 76 61 74 65 2c 6f 75 rk,ou=private,ou
0020: 3d 72 63 61 62 6f 6f 6b 2c 64 63 3d 6c 6f 63 61 =rcabook,dc=loca
0030: 6c 68 6f 73 74 80 04 78 78 78 78 lhost..xxxx
ber_scanf fmt (m}) ber:
ber_dump: buf=0xa0b040a8 ptr=0xa0b040e0 end=0xa0b040e6 len=6
0000: 00 04 78 78 78 78 ..xxxx
dnPrettyNormal: <cn=mark,ou=private,ou=rcabook,dc=localhost>
=> ldap_bv2dn(cn=mark,ou=private,ou=rcabook,dc=localhost,0)
<= ldap_bv2dn(cn=mark,ou=private,ou=rcabook,dc=localhost)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=mark,ou=private,ou=rcabook,dc=localhost)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=mark,ou=private,ou=rcabook,dc=localhost)=0
<<< dnPrettyNormal: <cn=mark,ou=private,ou=rcabook,dc=localhost>, <cn=mark,
ou=private,ou=rcabook,dc=localhost>
conn=21 op=0 BIND dn="cn=mark,ou=private,ou=rcabook,dc=localhost" method=128
do_bind: version=3 dn="cn=mark,ou=private,ou=rcabook,dc=localhost" method=128
==> bdb_bind: dn: cn=mark,ou=private,ou=rcabook,dc=localhost
bdb_dn2entry("cn=mark,ou=private,ou=rcabook,dc=localhost")
=> bdb_dn2id("cn=mark,ou=private,ou=rcabook,dc=localhost")
<= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found
(-30988)
send_ldap_result: conn=21 op=0 p=3
send_ldap_result: err=49 matched="" text=""
send_ldap_response: msgid=1 tag=97 err=49
ber_flush2: 22 bytes to sd 13
0000: 30 84 00 00 00 10 02 01 01 61 84 00 00 00 07 0a 0........a......
0010: 01 31 04 00 04 00 .1....
ldap_write: want=22, written=22
0000: 30 84 00 00 00 10 02 01 01 61 84 00 00 00 07 0a 0........a......
0010: 01 31 04 00 04 00 .1....
conn=21 op=0 RESULT tag=97 err=49 text=
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=zero
daemon: epoll: listen=8 active_threads=0 tvp=zero
daemon: activity on 1 descriptor
daemon: activity on: 13r
daemon: read active on 13
daemon: epoll: listen=7 active_threads=0 tvp=zero
connection_get(13)
daemon: epoll: listen=8 active_threads=0 tvp=zero
connection_get(13): got connid=21
connection_read(13): checking for input on id=21
ber_get_next
ldap_read: want=8, got=0
ber_get_next on fd 13 failed errno=0 (Success) connection_read(13): input error=-2 id=21, closing. connection_closing: readying conn=21 sd=13 for close connection_close: conn=21 sd=13 daemon: activity on 1 descriptor daemon: removing 13 daemon: activity on: conn=21 fd=13 closed (connection lost) daemon: epoll: listen=7 active_threads=0 tvp=zero daemon: epoll: listen=8 active_threads=0 tvp=zero
Thanks a lot Mark
----Messaggio originale---- Da: andudi@gmx.ch Data: 05/03/2012 14.09 A: "kaifamm@libero.it"kaifamm@libero.it, users@lists.roundcube.net Ogg: Re: [RCU] Ldap Addressbook : problem for credentials in private
addressbook
Hei I am i ski hollydays and have not my setup in front.
Your setup seems ok, but can you try to connect with ldapsearch on the
commandline?
Another try could be to switch on logging in slapd.conf Ldap.conf is not used by server but by clients like ldapsearch...
Andreas
"kaifamm@libero.it" kaifamm@libero.it schrieb:
Hi All,
I configured the ldap server and roundcube to manage contacts. I used the howto : http://trac.roundcube.net/wiki/Howto_Ldap. It work quite, I have only
a problem for credentials in private addressbook. The public addressbook works fine, I can search and add contacts.I checked the Mark's password and it is correct. I tried to use rootpw but it doesn't works.
My versions are : openldap-servers-2.4.19-6 php-5.3.3-1 roundcube 0.7.1
I report the error in ldap log of rouncube, my slapd.conf and my main.inc.php.
Thanks a lot
Mark
logs/ldap :
[05-Mar-2012 10:09:01 +0100]: C: Connect [localhost:389] [05-Mar-2012 10:09:01 +0100]: S: OK [05-Mar-2012 10:09:01 +0100]: C: Bind [dn: cn=mark,ou=private,ou=rcabook, dc=localhost] [pass: xxxx] [05-Mar-2012 10:09:01 +0100]: S: Invalid credentials [05-Mar-2012 10:09:01 +0100]: C: Close
[05-Mar-2012 10:14:24 +0100]: C: Connect [localhost:389] [05-Mar-2012 10:14:24 +0100]: S: OK [05-Mar-2012 10:14:24 +0100]: C: Bind [dn: cn=mark,ou=private,ou=rcabook, dc=localhost] [pass: xxxx] [05-Mar-2012 10:14:24 +0100]: S: Invalid credentials [05-Mar-2012 10:14:24 +0100]: C: Close [05-Mar-2012 10:27:42 +0100]: C: Connect [localhost:389] [05-Mar-2012 10:27:42 +0100]: S: OK [05-Mar-2012 10:27:42 +0100]: C: Bind [dn: cn=mark,ou=private,ou=rcabook, dc=localhost] [pass: xxxx] [05-Mar-2012 10:27:42 +0100]: S: Invalid credentials [05-Mar-2012 10:27:42 +0100]: C: Close [05-Mar-2012 10:27:52 +0100]: C: Connect [localhost:389] [05-Mar-2012 10:27:52 +0100]: S: OK [05-Mar-2012 10:27:52 +0100]: C: Bind [dn: cn=mark,ou=private,ou=rcabook, dc=localhost] [pass: xxxx] [05-Mar-2012 10:27:52 +0100]: S: Invalid credentials [05-Mar-2012 10:27:52 +0100]: C: Add [dn: mail=ssssss@iiii.uu,cn=mark, ou=private,ou=rcabook,dc=localhost]: Array ( [cn] => ssssssss sss [sn] => sss [givenname] => ssssssss [mail] => ssssss@iiii.uu [objectClass] => Array ( [0] => top [1] => inetOrgPerson )
)
[05-Mar-2012 10:27:52 +0100]: S: Strong(er) authentication required [05-Mar-2012 10:27:52 +0100]: C: Close
config/main.inc.php
$rcmail_config['ldap_public']['public'] = array( 'name' => 'Public LDAP Addressbook', 'hosts' => array('localhost'), 'use_tls' => false, 'ldap_version' => 3, // using LDAPv3 'port' => 389, 'auth_method' => '', 'user_specific' => false, 'writable' => true, 'base_dn' => 'ou=public,ou=rcabook,dc=localhost', 'bind_dn' => 'cn=rcuser,ou=rcabook,dc=localhost', 'bind_pass' => 'rcpass', 'fieldmap' => array( 'name' => 'cn', 'surname' => 'sn', 'firstname' => 'givenName', 'email' => 'mail', 'phone:home' => 'homePhone', 'phone:work' => 'telephoneNumber', 'phone:mobile' => 'mobile', 'street' => 'street', 'zipcode' => 'postalCode', 'locality' => 'l', 'country' => 'c', 'organization' => 'o', ), 'LDAP_Object_Classes' => array('top', 'inetOrgPerson'), 'LDAP_rdn' => 'mail', 'required_fields' => array('cn', 'sn', 'mail'), 'filter' => '(objectClass=inetOrgPerson)', 'groups' => array( 'base_dn' => '', // in this Howto, the same base_dn as for the contacts is used 'filter' => '(objectClass=groupOfNames)', 'object_classes' => array("top", "groupOfNames"), ), );
$rcmail_config['ldap_public']['private'] = array( 'name' => 'Private LDAP Addressbook', 'hosts' => array('localhost'), 'use_tls' => false, 'ldap_version' => 3, // using LDAPv3 'port' => 389, 'auth_method' => '', 'user_specific' => true, 'writable' => true, 'base_dn' => 'cn=%u,ou=private,ou=rcabook,dc=localhost', 'bind_dn' => 'cn=%u,ou=private,ou=rcabook,dc=localhost', 'bind_pass' => '', // the user login password is used 'fieldmap' => array( 'name' => 'cn', 'surname' => 'sn', 'firstname' => 'givenName', 'email' => 'mail', 'phone:home' => 'homePhone', 'phone:work' => 'telephoneNumber', 'phone:mobile' => 'mobile', 'street' => 'street', 'zipcode' => 'postalCode', 'locality' => 'l', 'country' => 'c', 'organization' => 'o', ), 'LDAP_Object_Classes' => array('top', 'inetOrgPerson'), 'LDAP_rdn' => 'mail', 'required_fields' => array('cn', 'sn', 'mail'), 'filter' => '(objectClass=inetOrgPerson)', 'groups' => array( 'base_dn' => '', // in this Howto, the same base_dn as for the contacts is used 'filter' => '(objectClass=groupOfNames)', 'object_classes' => array("top", "groupOfNames"), ), );
openldap/slapd.conf
# # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. #
include /etc/openldap/schema/corba.schema include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/duaconf.schema include /etc/openldap/schema/dyngroup.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/java.schema include /etc/openldap/schema/misc.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/openldap.schema include /etc/openldap/schema/ppolicy.schema include /etc/openldap/schema/collective.schema
# Allow LDAPv2 client connections. This is NOT the default. allow bind_v2
# Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org
pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args
SIZELIMIT 100000
# # if no access controls are present, the default policy # allows anyone and everyone to read anything but restricts # updates to rootdn. (e.g., "access to * by * read") # # rootdn can always read and write EVERYTHING!
####################################################################### # ldbm and/or bdb database definitions #######################################################################
database bdb suffix "dc=localhost" checkpoint 1024 15 rootdn "cn=admin,dc=localhost" # Cleartext passwords, especially for the rootdn, should # be avoided. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw {SSHA}xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
# The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /var/lib/ldap
# Indices to maintain for this database index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub
# Replicas of this database #replogfile /var/lib/ldap/openldap-master-replog #replica host=ldap-1.example.com:389 starttls=critical # bindmethod=sasl saslmech=GSSAPI # authcId=host/ldap-master.example.com@EXAMPLE.COM
# Grant the Roundcub user to create private users access to dn.one="ou=private,ou=rcabook,dc=localhost" attrs=userPassword by dn="cn=rcuser,ou=rcabook,dc=localhost" write by anonymous auth by self write by * none
# For user authentication and password change access to attrs=userPassword by dn="cn=admin,dc=localhost" write by anonymous auth by self write by * none
# Grant the Roundcube users access to their private addressbooks access to dn.regex="^.*cn=([^,]+),ou=private,ou=rcabook,dc=localhost$" by dn="cn=admin,dc=localhost" write by dn="cn=rcuser,ou=rcabook,dc=localhost" write by dn.exact,expand="cn=$1,ou=private,ou=rcabook,dc=localhost" write
# Grant the Roundcube user access to the whole addressbook access to dn.subtree="ou=rcabook,dc=localhost" by dn="cn=admin,dc=localhost" write by dn="cn=rcuser,ou=rcabook,dc=localhost" write
# For direcory access access to * by dn="cn=admin,dc=localhost" write
# enable monitoring database monitor
-- List info: http://lists.roundcube.net/users/ BT/09979466
-
kaifamm@libero.it