Hi Alex,
Are you using Solaris 9 native ldap? What configure options did you use when building dovecot? I'm using OpenLDAP, but I think it's a pam rather than ldap problem. Dovecot check for the existance of a user alright, but fails when checking the password.
My build script is enclosed.
Cheers
Benjamin
Buildscript----------------------------------------------------- #!/bin/bash
## Defaults CC="gcc" CXX="g++" LDPATH="/usr/local/lib:/usr/sfw/lib:/usr/local/lib/gcc-lib/sparc-sun-solaris2.9/3.3" CPPFLAGS="-I/usr/local/include -I/usr/sfw/include" LDFLAGS="-L/usr/local/lib -L/usr/sfw/lib" CFLAGS=
#SSL LDPATH="$LDPATH:/usr/local/ssl/lib" CPPFLAGS="$CPPFLAGS -I/usr/local/ssl/include" LDFLAGS="$LDFLAGS -L/usr/local/ssl/lib -lssl -lcrypto"
#BerkeleyDB LDPATH="$LDPATH:/usr/local/BerkeleyDB/lib" CPPFLAGS="$CPPFLAGS -I/usr/local/BerkeleyDB/include" LDFLAGS="$LDFLAGS -L/usr/local/BerkeleyDB/lib -ldb" CFLAGS="$CFLAGS -ldb" AUTH_CFLAGS="-I/usr/local/BerkeleyDB/include -L/usr/local/BerkeleyDB/lib -ldb" AUTH_LIBS="-ldb"
#GDBM LDPATH="$LDPATH:/usr/local/gdbm/lib" CPPFLAGS="$CPPFLAGS -I/usr/local/gdbm/include" LDFLAGS="$LDFLAGS -L/usr/local/gdbm/lib -lgdbm"
#LDAP LDPATH="$LDPATH:/opt/OpenLDAP/lib" CPPFLAGS="$CPPFLAGS -I/opt/OpenLDAP/include" LDFLAGS="$LDFLAGS -L/opt/OpenLDAP/lib -lldap -llber -lresolv"
#Finishing LDFLAGS="-R$LDPATH $LDFLAGS"
export LDFLAGS CPPFLAGS CFLAGS
echo -e "\nLDFLAGS=$LDFLAGS" echo -e "\nCPPFLAGS=$CPPFLAGS" echo -e "\nCFLAGS=$CFLAGS"
cd dovecot-0.99.10.4 echo -e "\nPress RETURN to configure or CTRL+C to cancel." read ./configure --prefix=/usr/local/dovecot --with-ldap=/opt/OpenLDAP --with-ssl=openssl --with-storages=maildir echo -e "\nPress RETURN to make or CTRL+C to cancel." read make
-- Benjamin Dabelow benja.dabelow@gmx.net Staufenbergstr. 88 benja-dabelow.gmxhome.de/start.html 74081 Heilbronn Germany
On Wed, 25 Feb 2004 14:09:58 +0100 Benjamin Dabelow benja.dabelow@gmx.net wrote:
Hi Alex,
I'm using OpenLDAP, but I think it's a pam rather than ldap problem. Dovecot check for the existance of a user alright, but fails when checking the password.
Sorry, I know nothing of Solaris nss_ldap library integration with OpenLDAP. Here is a sample of my pam.conf, if that helps, but it is setup for Solaris 9 native ldap.
My dovecot server is slightly different. It is Solaris 8 hitting a Solaris 9 native ldap server with TLS.
# login service (explicit because of pam_dial_auth) # login auth requisite pam_authtok_get.so.1 login auth required pam_dhkeys.so.1 login auth required pam_dial_auth.so.1 login auth binding pam_unix_auth.so.1 server_policy login auth required pam_ldap.so.1
Do you have another non-Sun application working with your authentication setup?
Is the pldd output on a pop3-login process similar to the following? This is on Solaris 8, so on Solaris 9 you can replace sldaputil.so.5 and libsldap.so.1 with sldaputil.so.1 and libldap.so.5 and nss_ldap.so.1 may not be in the list.
[root@mcsun3 /tmp]# pldd 13257 13257: pop3-login /opt/csw/lib/libssl.so.0.9.7 /opt/csw/lib/libcrypto.so.0.9.7 /usr/lib/libdl.so.1 /usr/lib/libsocket.so.1 /usr/lib/libnsl.so.1 /usr/lib/librt.so.1 /usr/lib/libsendfile.so.1 /usr/lib/libc.so.1 /usr/lib/libmp.so.2 /usr/lib/libaio.so.1 /usr/lib/nss_files.so.1 /usr/lib/nss_ldap.so.1 /usr/lib/sldaputil.so.5 /usr/lib/libsldap.so.1 /usr/lib/libmd5.so.1 /usr/lib/libdoor.so.1 [root@mcsun3 /tmp]#
Sorry, I have not spent any time on OpenLDAP.
Alex
Sorry, I know nothing of Solaris nss_ldap library integration with OpenLDAP. Here is a sample of my pam.conf, if that helps, but it is setup for Solaris 9 native ldap. Pam for login is working flawlessly.
Do you have another non-Sun application working with your authentication setup? Exim (MTA) is working with pam and ldap like a charm.
Is the pldd output on a pop3-login process similar to the following? This is on Solaris 8, so on Solaris 9 you can replace sldaputil.so.5 and libsldap.so.1 with sldaputil.so.1 and libldap.so.5 and nss_ldap.so.1 may not be in the list. Seems like slaputil.so is missing:
16792: pop3-login /usr/local/BerkeleyDB.4.0/lib/libdb-4.0.so /usr/local/gdbm/lib/libgdbm.so.3.0.0 /opt/OpenLDAP-2.1.25/lib/libldap.so.2.0.124 /opt/OpenLDAP-2.1.25/lib/liblber.so.2.0.124 /usr/lib/libresolv.so.2 /usr/local/ssl/lib/libssl.so.0.9.7 /usr/local/ssl/lib/libcrypto.so.0.9.7 /usr/lib/libsocket.so.1 /usr/lib/libnsl.so.1 /usr/lib/librt.so.1 /usr/lib/libsendfile.so.1 /usr/lib/libc.so.1 /usr/lib/libgen.so.1 /usr/lib/libdl.so.1 /usr/lib/libpthread.so.1 /usr/local/BerkeleyDB.4.1/lib/libdb-4.1.so /usr/local/lib/libsasl2.so.2.0.17 /usr/local/lib/libgcc_s.so.1 /usr/lib/libmp.so.2 /usr/lib/libaio.so.1 /usr/lib/libmd5.so.1 /usr/platform/sun4u-us3/lib/libc_psr.so.1 /usr/lib/libthread.so.1 /usr/lib/nss_files.so.1 /usr/lib/nss_ldap.so.1
Thanks for your help
Benjamin
-- Benjamin Dabelow benja.dabelow@gmx.net Staufenbergstr. 88 benja-dabelow.gmxhome.de/start.html 74081 Heilbronn Germany
On Wed, 25 Feb 2004 14:54:17 +0100 Benjamin Dabelow benja.dabelow@gmx.net wrote:
Seems like slaputil.so is missing:
That may be a Solaris native ldap client library. What you have looks reasonable. Maybe Timo can review the trace output and see what is happening.
Alex
participants (2)
-
Alex S Moore
-
Benjamin Dabelow