Hello,
I've been trying to figure out what's wrong with authentication against an ldap pass/user db with test67 as test62 was working fine.
[ The problem is the same as previously described in this list :
- FreeBSD-5.3
- dovecot-1.0-test67
- openldap-2.1.27
--> "ldap(dovetest,127.0.0.1): No password in reply" --> "NO Temporary authentication failure."
or
-- dovecot: Apr 12 18:22:41 Info: auth(default): client in: AUTH 1 PLAIN service=IMAP lip=157.99.64.42 rip=157.99.64.42 dovecot: Apr 12 18:22:41 Info: auth(default): client out: CONT 1 dovecot: Apr 12 18:22:41 Info: auth(default): client in: CONT 1 AGRvdmV0ZXN0AGZvbw== dovecot: Apr 12 18:22:41 Info: auth(default): ldap(dovetest,157.99.64.42): base=ou=personnes, dc=pasteur, dc=fr scope=subtree filter=(&(objectClass=posixAccount)(uid=dovetest)) fields=uid,homeDirectory,,,uidNumber,gidNumber dovecot: Apr 12 18:22:42 Info: auth(default): client in: AUTH 2 PLAIN service=IMAP lip=157.99.64.42 rip=157.99.64.42 resp=AGRvdmV0ZXN0AGZvbw== dovecot: Apr 12 18:22:42 Info: auth(default): ldap(dovetest,157.99.64.42): base=ou=personnes, dc=pasteur, dc=fr scope=subtree filter=(&(objectClass=posixAccount)(uid=dovetest)) fields=uid,homeDirectory,,,uidNumber,gidNumber
dovecot: Apr 12 18:22:42 Error: auth(default): ldap(dovetest,157.99.64.42): No password in reply dovecot: Apr 12 18:22:42 Error: auth(default): file passdb-ldap.c: line 122 (handle_request): assertion failed: (scheme != NULL) dovecot: Apr 12 18:22:42 Error: child 43147 (auth) killed with signal 6
]
I've noticed the following changes in the source code, and my understanding (which may be wrong) of my problem goes as follows :
In test62, the 'attr_names' attribute array was defined outside the 'ldap_connection' struct, thus allowing 'passdb_ldap_conn' and 'userdb_ldap_conn' structs to have different array of such type.
At the opposite, in test67, the 'attr_names' array is inside the 'ldap_connection'. As 'passdb_ldap_conn' and 'userdb_ldap_conn' are of the 'ldap_connection' type and since the 'db_ldap_init' function returns the existing ldap connection if it exists, the 'passdb_ldap_preinit' and 'usedb_ldap_preinit' will call the 'db_ldap_set_attrs' function on _the same_ 'ldap_connection' object.
So when the 'db_ldap_search' function is called from the 'passdb-ldap.c:ldap_lookup_pass function, the 5th argument (passdb_ldap_conn->attr_names) will point to the 'user_attrs' instead of the 'pass_attrs', since userdb_preinit will have already been called.
I've also noticed the use of the 'attr_map' hash to store the attribute/value pairs, but since it doesn't seems to be used when calling 'ldap_lookup_pass', I guess the problem is somewhere else.
Can someone give me a clue ? Has someone successfully set up dovecot-1.0-test67 on a similar configuration ?
thanks
-- Thomas Hummel | Institut Pasteur hummel@pasteur.fr | Pôle informatique - systèmes et réseau