<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/3.10.3">
</HEAD>
<BODY>
I reported this a month or two back as well but got no responses. It happens for us when the user enters an incorrect password.<BR>
<BR>
I am using "auth_bind = yes" in my config and summized that the ldap code in dovecot may be caching the previous user's credentials for use in subsequent bind lookups instead of using the credentials specified by dn / dnpass. That would explain why a failed authentication might result in all subsequent ldap_search() calls failing.<BR>
<BR>
Our production server is currently running dovecot-1.0-0.beta8.2.fc5 from the Fedora 5 distribution, but I have tested that the problem still exists up to the rc9 release. I have not tried it with rc10 yet.<BR>
<BR>
These are the typical messages I get in the logs:<BR>
<BR>
Oct 22 09:50:35 gm-ho-lin-06 dovecot: auth(default): client in: AUTH 1 PLAIN service=POP3 lip=::ffff:10.1.101.10 rip=::ffff:10.0.25.193 resp=<BR>
Oct 22 09:50:35 gm-ho-lin-06 dovecot: auth(default): client out: CONT 1<BR>
Oct 22 09:50:35 gm-ho-lin-06 dovecot: auth(default): client in: CONT 1 ADAyMDdAc3RvcmVzLmdhbWUuY28udWsAMDcwMg==<BR>
Oct 22 09:50:35 gm-ho-lin-06 dovecot: auth(default): ldap(0207@stores.game.co.uk,::ffff:10.0.25.193): bind search: base=OU=Stores,OU=UK,DC=group,DC=game,DC=net filter=(&(objectClass=user)(mail=<A HREF="mailto:0207@stores.game.co.uk">0207@stores.game.co.uk</A>))<BR>
Oct 22 09:50:36 gm-ho-lin-06 dovecot: auth(default): client out: FAIL 1 user=<A HREF="mailto:0207@stores.game.co.uk">0207@stores.game.co.uk</A><BR>
Oct 22 09:50:36 gm-ho-lin-06 dovecot: auth(default): client in: AUTH 2 PLAIN service=POP3 lip=::ffff:10.1.101.10 rip=::ffff:10.0.25.193 resp=ADAyMDdAc3RvcmVzLmdhbWUuY28udWsAMDcwMg==<BR>
Oct 22 09:50:36 gm-ho-lin-06 dovecot: auth(default): ldap(0207@stores.game.co.uk,::ffff:10.0.25.193): bind search: base=OU=Stores,OU=UK,DC=group,DC=game,DC=net filter=(&(objectClass=user)(mail=<A HREF="mailto:0207@stores.game.co.uk">0207@stores.game.co.uk</A>))<BR>
Oct 22 09:50:36 gm-ho-lin-06 dovecot: auth(default): ldap(0207@stores.game.co.uk,::ffff:10.0.25.193): ldap_search() failed: Operations error<BR>
Oct 22 09:50:38 gm-ho-lin-06 dovecot: auth(default): client in: AUTH 1 PLAIN service=POP3 lip=::ffff:10.1.101.10 rip=::ffff:10.0.70.193 resp=<BR>
Oct 22 09:50:38 gm-ho-lin-06 dovecot: auth(default): client out: CONT 1<BR>
Oct 22 09:50:38 gm-ho-lin-06 dovecot: auth(default): client in: CONT 1 ADA1NjdAc3RvcmVzLmdhbWUuY28udWsANzY1MA==<BR>
Oct 22 09:50:38 gm-ho-lin-06 dovecot: auth(default): ldap(0567@stores.game.co.uk,::ffff:10.0.70.193): bind search: base=OU=Stores,OU=UK,DC=group,DC=game,DC=net filter=(&(objectClass=user)(mail=<A HREF="mailto:0567@stores.game.co.uk">0567@stores.game.co.uk</A>))<BR>
Oct 22 09:50:38 gm-ho-lin-06 dovecot: auth(default): ldap(0567@stores.game.co.uk,::ffff:10.0.70.193): ldap_search() failed: Operations error<BR>
Oct 22 09:50:38 gm-ho-lin-06 dovecot: auth(default): client out: FAIL 2 user=0207@stores.game.co.uk temp<BR>
Oct 22 09:50:38 gm-ho-lin-06 dovecot: auth(default): client out: FAIL 1 user=0567@stores.game.co.uk temp<BR>
Oct 22 09:50:38 gm-ho-lin-06 dovecot: auth(default): client in: AUTH 2 PLAIN service=POP3 lip=::ffff:10.1.101.10 rip=::ffff:10.0.70.193 resp=ADA1NjdAc3RvcmVzLmdhbWUuY28udWsANzY1MA==<BR>
Oct 22 09:50:38 gm-ho-lin-06 dovecot: auth(default): ldap(0567@stores.game.co.uk,::ffff:10.0.70.193): bind search: base=OU=Stores,OU=UK,DC=group,DC=game,DC=net filter=(&(objectClass=user)(mail=<A HREF="mailto:0567@stores.game.co.uk">0567@stores.game.co.uk</A>))<BR>
Oct 22 09:50:38 gm-ho-lin-06 dovecot: auth(default): ldap(0567@stores.game.co.uk,::ffff:10.0.70.193): ldap_search() failed: Operations error<BR>
Oct 22 09:50:40 gm-ho-lin-06 dovecot: auth(default): client out: FAIL 2 user=0567@stores.game.co.uk temp<BR>
<BR>
Regards,<BR>
Rob Coward<BR>
<BR>
On Tue, 2006-10-24 at 14:28 +0300, Timo Sirainen wrote:
<BLOCKQUOTE TYPE=CITE>
<PRE>
<FONT COLOR="#000000">On Mon, 2006-10-23 at 12:07 -0200, Matheus Antonio Oliveira wrote:</FONT>
<FONT COLOR="#000000">> People,</FONT>
<FONT COLOR="#000000">> </FONT>
<FONT COLOR="#000000">> I have a situation: when use a passwd LDAP module against "microsoft </FONT>
<FONT COLOR="#000000">> active directory" and one user send a blank password the authentication </FONT>
<FONT COLOR="#000000">> module returns: "ERR [IN-USE] Internal login failure. Refer to server </FONT>
<FONT COLOR="#000000">> log for more information."; after this the authentication module never </FONT>
<FONT COLOR="#000000">> authenticate again "ERR Temporary authentication failure."</FONT>
<FONT COLOR="#000000">..</FONT>
<FONT COLOR="#000000">> -ERR [IN-USE] Internal login failure. Refer to server log for more </FONT>
<FONT COLOR="#000000">> information.</FONT>
<FONT COLOR="#000000">Could you also show what error message it wrote to the log file?</FONT>
</PRE>
</BLOCKQUOTE>
<BR>
<P> </P>
<P>This e-mail and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are
addressed. If you have received this e-mail in error please notify
the system manager
at: <BR> <BR>
mailto:<A
href="mailto:postmaster@game.net">postmaster@game.net</A> <BR>
<BR>The recipient acknowledges that the transmissions made via the Internet can
be corrupted and therefore THE GAME GROUP PLC and any of its
subsidiaries do not give any warranty as to the quality or accuracy
of any information contained in the message or assume any liability
for it or for its transmission, reception or storage. </P>
<P>This footnote also confirms that this e-mail message has been swept by
anti-virus software for the presence of computer viruses. <BR> <BR><A
href="http://www.game.co.uk">http://www.game.co.uk</A><BR><A
href="http://www.gamegroup.plc.uk/"
target=_blank>http://www.gamegroup.plc.uk</A> </P>
</BODY>
</HTML>