[Dovecot] test67 ldap_connection
Hello,
I've been trying to figure out what's wrong with authentication against an ldap pass/user db with test67 as test62 was working fine.
[ The problem is the same as previously described in this list :
- FreeBSD-5.3
- dovecot-1.0-test67
- openldap-2.1.27
--> "ldap(dovetest,127.0.0.1): No password in reply" --> "NO Temporary authentication failure."
or
-- dovecot: Apr 12 18:22:41 Info: auth(default): client in: AUTH 1 PLAIN service=IMAP lip=157.99.64.42 rip=157.99.64.42 dovecot: Apr 12 18:22:41 Info: auth(default): client out: CONT 1 dovecot: Apr 12 18:22:41 Info: auth(default): client in: CONT 1 AGRvdmV0ZXN0AGZvbw== dovecot: Apr 12 18:22:41 Info: auth(default): ldap(dovetest,157.99.64.42): base=ou=personnes, dc=pasteur, dc=fr scope=subtree filter=(&(objectClass=posixAccount)(uid=dovetest)) fields=uid,homeDirectory,,,uidNumber,gidNumber dovecot: Apr 12 18:22:42 Info: auth(default): client in: AUTH 2 PLAIN service=IMAP lip=157.99.64.42 rip=157.99.64.42 resp=AGRvdmV0ZXN0AGZvbw== dovecot: Apr 12 18:22:42 Info: auth(default): ldap(dovetest,157.99.64.42): base=ou=personnes, dc=pasteur, dc=fr scope=subtree filter=(&(objectClass=posixAccount)(uid=dovetest)) fields=uid,homeDirectory,,,uidNumber,gidNumber
dovecot: Apr 12 18:22:42 Error: auth(default): ldap(dovetest,157.99.64.42): No password in reply dovecot: Apr 12 18:22:42 Error: auth(default): file passdb-ldap.c: line 122 (handle_request): assertion failed: (scheme != NULL) dovecot: Apr 12 18:22:42 Error: child 43147 (auth) killed with signal 6
]
I've noticed the following changes in the source code, and my understanding (which may be wrong) of my problem goes as follows :
In test62, the 'attr_names' attribute array was defined outside the 'ldap_connection' struct, thus allowing 'passdb_ldap_conn' and 'userdb_ldap_conn' structs to have different array of such type.
At the opposite, in test67, the 'attr_names' array is inside the 'ldap_connection'. As 'passdb_ldap_conn' and 'userdb_ldap_conn' are of the 'ldap_connection' type and since the 'db_ldap_init' function returns the existing ldap connection if it exists, the 'passdb_ldap_preinit' and 'usedb_ldap_preinit' will call the 'db_ldap_set_attrs' function on _the same_ 'ldap_connection' object.
So when the 'db_ldap_search' function is called from the 'passdb-ldap.c:ldap_lookup_pass function, the 5th argument (passdb_ldap_conn->attr_names) will point to the 'user_attrs' instead of the 'pass_attrs', since userdb_preinit will have already been called.
I've also noticed the use of the 'attr_map' hash to store the attribute/value pairs, but since it doesn't seems to be used when calling 'ldap_lookup_pass', I guess the problem is somewhere else.
Can someone give me a clue ? Has someone successfully set up dovecot-1.0-test67 on a similar configuration ?
thanks
-- Thomas Hummel | Institut Pasteur <hummel@pasteur.fr> | Pôle informatique - systèmes et réseau
You might want to look back at my posts on the recent SQL auth problems, sound very similar.
Regards Andrew
On Tue, 2005-04-12 at 18:25 +0200, Thomas Hummel wrote:
Hello,
I've been trying to figure out what's wrong with authentication against an ldap pass/user db with test67 as test62 was working fine.
[ The problem is the same as previously described in this list :
- FreeBSD-5.3
- dovecot-1.0-test67
- openldap-2.1.27
--> "ldap(dovetest,127.0.0.1): No password in reply" --> "NO Temporary authentication failure."
or
-- dovecot: Apr 12 18:22:41 Info: auth(default): client in: AUTH 1 PLAIN service=IMAP lip=157.99.64.42 rip=157.99.64.42 dovecot: Apr 12 18:22:41 Info: auth(default): client out: CONT 1 dovecot: Apr 12 18:22:41 Info: auth(default): client in: CONT 1 AGRvdmV0ZXN0AGZvbw== dovecot: Apr 12 18:22:41 Info: auth(default): ldap(dovetest,157.99.64.42): base=ou=personnes, dc=pasteur, dc=fr scope=subtree filter=(&(objectClass=posixAccount)(uid=dovetest)) fields=uid,homeDirectory,,,uidNumber,gidNumber dovecot: Apr 12 18:22:42 Info: auth(default): client in: AUTH 2 PLAIN service=IMAP lip=157.99.64.42 rip=157.99.64.42 resp=AGRvdmV0ZXN0AGZvbw== dovecot: Apr 12 18:22:42 Info: auth(default): ldap(dovetest,157.99.64.42): base=ou=personnes, dc=pasteur, dc=fr scope=subtree filter=(&(objectClass=posixAccount)(uid=dovetest)) fields=uid,homeDirectory,,,uidNumber,gidNumber
dovecot: Apr 12 18:22:42 Error: auth(default): ldap(dovetest,157.99.64.42): No password in reply dovecot: Apr 12 18:22:42 Error: auth(default): file passdb-ldap.c: line 122 (handle_request): assertion failed: (scheme != NULL) dovecot: Apr 12 18:22:42 Error: child 43147 (auth) killed with signal 6
]
I've noticed the following changes in the source code, and my understanding (which may be wrong) of my problem goes as follows :
In test62, the 'attr_names' attribute array was defined outside the 'ldap_connection' struct, thus allowing 'passdb_ldap_conn' and 'userdb_ldap_conn' structs to have different array of such type.
At the opposite, in test67, the 'attr_names' array is inside the 'ldap_connection'. As 'passdb_ldap_conn' and 'userdb_ldap_conn' are of the 'ldap_connection' type and since the 'db_ldap_init' function returns the existing ldap connection if it exists, the 'passdb_ldap_preinit' and 'usedb_ldap_preinit' will call the 'db_ldap_set_attrs' function on _the same_ 'ldap_connection' object.
So when the 'db_ldap_search' function is called from the 'passdb-ldap.c:ldap_lookup_pass function, the 5th argument (passdb_ldap_conn->attr_names) will point to the 'user_attrs' instead of the 'pass_attrs', since userdb_preinit will have already been called.
I've also noticed the use of the 'attr_map' hash to store the attribute/value pairs, but since it doesn't seems to be used when calling 'ldap_lookup_pass', I guess the problem is somewhere else.
Can someone give me a clue ? Has someone successfully set up dovecot-1.0-test67 on a similar configuration ?
thanks
-- Andrew Hutchings (A-Wing) Linux Guru - Netserve Consultants Ltd. - www.domaincity.co.uk Random BOFH excuse: T-1's congested due to porn traffic to the news server.
On Tue, Apr 12, 2005 at 07:36:08PM +0100, Andrew Hutchings wrote:
You might want to look back at my posts on the recent SQL auth problems, sound very similar.
Well, thank you Andrew. Your patch actually fixed the assertion failed problem, but I still think my problem is larger than this, since I still get :
-- dovecot: Apr 13 11:10:11 Error: auth(default): ldap(dovetest,157.99.64.42): No password in reply
and I still don't get how the passdb lookup can succeed without the right attr_names (that is pass_attrs).
-- Thomas Hummel | Institut Pasteur <hummel@pasteur.fr> | Pôle informatique - systèmes et réseau
participants (2)
-
Andrew Hutchings
-
Thomas Hummel