[Dovecot] test67 ldap_connection

Thomas Hummel hummel at pasteur.fr
Tue Apr 12 19:25:46 EEST 2005 

Hello,

I've been trying to figure out what's wrong with authentication
against an ldap pass/user db with test67 as test62 was working fine.


[ The problem is the same as previously described in this list :

- FreeBSD-5.3
- dovecot-1.0-test67
- openldap-2.1.27

--> "ldap(dovetest,127.0.0.1): No password in reply"
--> "NO Temporary authentication failure."

or

--
dovecot: Apr 12 18:22:41 Info: auth(default): client in: AUTH   1       PLAIN  service=IMAP     lip=157.99.64.42        rip=157.99.64.42
dovecot: Apr 12 18:22:41 Info: auth(default): client out: CONT  1
dovecot: Apr 12 18:22:41 Info: auth(default): client in: CONT   1       AGRvdmV0ZXN0AGZvbw==
dovecot: Apr 12 18:22:41 Info: auth(default): ldap(dovetest,157.99.64.42): base=ou=personnes, dc=pasteur, dc=fr scope=subtree filter=(&(objectClass=posixAccount)(uid=dovetest)) fields=uid,homeDirectory,,,uidNumber,gidNumber
dovecot: Apr 12 18:22:42 Info: auth(default): client in: AUTH   2       PLAIN  service=IMAP     lip=157.99.64.42        rip=157.99.64.42        resp=AGRvdmV0ZXN0AGZvbw==
dovecot: Apr 12 18:22:42 Info: auth(default): ldap(dovetest,157.99.64.42): base=ou=personnes, dc=pasteur, dc=fr scope=subtree filter=(&(objectClass=posixAccount)(uid=dovetest)) fields=uid,homeDirectory,,,uidNumber,gidNumber

dovecot: Apr 12 18:22:42 Error: auth(default): ldap(dovetest,157.99.64.42): No password in reply
dovecot: Apr 12 18:22:42 Error: auth(default): file passdb-ldap.c: line 122 (handle_request): assertion failed: (scheme != NULL)
dovecot: Apr 12 18:22:42 Error: child 43147 (auth) killed with signal 6
--

]

I've noticed the following changes in the source code, and my
understanding (which may be wrong) of my problem goes as follows :

- In test62, the 'attr_names' attribute array was defined outside the
  'ldap_connection' struct, thus allowing 'passdb_ldap_conn' and
  'userdb_ldap_conn' structs to have different array of such type.

- At the opposite, in test67, the 'attr_names' array is inside the
  'ldap_connection'. As 'passdb_ldap_conn' and 'userdb_ldap_conn' are of
  the 'ldap_connection' type and since the 'db_ldap_init' function
  returns the existing ldap connection if it exists, the
  'passdb_ldap_preinit' and 'usedb_ldap_preinit' will call the
  'db_ldap_set_attrs' function on _the same_ 'ldap_connection' object.

- So when the 'db_ldap_search' function is called from the
  'passdb-ldap.c:ldap_lookup_pass function, the 5th argument
  (passdb_ldap_conn->attr_names) will point to the 'user_attrs'
  instead of the 'pass_attrs', since userdb_preinit will have already
  been called.

- I've also noticed the use of the 'attr_map' hash to store the
  attribute/value pairs, but since it doesn't seems to be used when
  calling 'ldap_lookup_pass', I guess the problem is somewhere else.

Can someone give me a clue ? Has someone successfully set up
dovecot-1.0-test67 on a similar configuration ?

thanks



-- 
Thomas Hummel 	    | Institut Pasteur
<hummel at pasteur.fr> | Pôle informatique - systèmes et réseau

More information about the dovecot mailing list