1

Topic: Horde passwd application integration with iRedMail-0.7.4

==== Provide required information to help troubleshoot and get quick answer ====
- iRedMail version:
- Linux/BSD distribution name and version:
- Any related log? Log is helpful for troubleshooting.
====
Centos-5.7 64 Bit OS, iRedMail-0.7.4 , iRedProLDAPadmin-1.6.3

Hi Zhang,

We have installed Horde webmail groupware edition 4.06 in iRedMail-0.7.4 .

We are trying to integrate passwd application of Horde with LDAP of iRedMail, we are getting error message as below in the log while trying to change the password of mail user using passwd application of Horde.

Bind failed: (53) Server is unwilling to perform [pid 10959 on line 92 of "/var/www/horde/turba/lib/Driver/Ldap.php


Thanks,
Regards,
Pinemail11

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Horde passwd application integration with iRedMail-0.7.4

Dear Pinemail11,

Please paste related config file. For example, LDAP config of Horde.

3

Re: Horde passwd application integration with iRedMail-0.7.4

Hi Zhang,

I have pasted below the configuration file (backends.php) of passwd application of Horde below for your reference.

// NOTE: to set the ldap userdn, see horde/config/hooks.php
$backends['ldap'] = array(
    'disabled' => false,
    'name' => 'LDAP Server',
    'preferred' => '',
    'policy' => array(
        'minLength' => 6,
        'minNumeric' => 1,
    ),
    'driver' => 'Ldap',
    'params' => array(
        'host' => 'localhost',
        'port' => 389,
       'basedn' => 'o=domains,dc=safe,dc=myhostname,dc=com',
       'admindn' => cn=vmailadmin,dc=safe,dc=myhostname,dc=com',
       'adminpw' => 'xxxxxxxxxxxxxxxxxxxxxxxxxxx',
        // LDAP object key attribute.
        'uid' => 'mail',
        // The attribute storing the password.
        'attribute' => 'userPassword',
        // These attributes will enable shadow password policies.
        // 'shadowlastchange' => 'shadowLastChange',
        // 'shadowmin' => 'shadowMin',
        // This will be appended to the username when looking for the userdn.
      //  'realm' => '',
        // Use this filter when searching for the user's DN.
        //'filter' => '(&(objectClass=*)(mail=*))',
          'filter' => '',
       // #'filter' => '(&(objectClass=shadowAccount)(mail=*))',
        // Hash method to use when storing the password
        'encryption' => 'ssha',
        // Whether to enable TLS for this LDAP connection
        // Note: make sure that the host matches cn in the server certificate.
        'tls' => false
    ),
);

// NOTE: to set the ldap userdn, see horde/config/hooks.php
$backends['ldapadmin'] = array(
    'disabled' => true,
    'name' => 'LDAP Server with Admin Bindings',
    'preferred' => '',
    'policy' => array(
        'minLength' => 6,
        'minNumeric' => 1,
    ),
    'driver' => 'Ldap',
    'params' => array(
        'host' => 'localhost',
        'port' => 389,
       'basedn' => o=domainAdmins,dc=safe2,dc=myhostname,dc=com',
       'admindn' => cn=vmailadmin,dc=safe,dc=myhostname,dc=com',
       'adminpw' => 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
        'uid' => 'mail',
        // The attribute storing the password.
        'attribute' => 'userPassword',
        // These attributes will enable shadow password policies.
        // 'shadowlastchange' => 'shadowLastChange',
        // 'shadowmin' => 'shadowMin',
        // This will be appended to the username when looking for the userdn.
        'realm' => '',
        // Use this filter when searching for the user's DN.

        'filter' => '',
        // Hash method to use when storing the password

        'encryption' => 'ssha',
        // If set, should be 0 or 1. See the LDAP documentation about the
        // corresponding parameter REFERRALS.
        // Windows 2003 Server require to set this parameter to 0
        // 'referrals' => 0,
        // Whether to enable TLS for this LDAP connection
        // Note: make sure that the host matches cn in the server certificate.
        'tls' => false
),
);


Thanks,
Regards,
Pinemail11

4

Re: Horde passwd application integration with iRedMail-0.7.4

'basedn' => o=domainAdmins,dc=safe2,dc=myhostname,dc=com',
       'admindn' => cn=vmailadmin,dc=safe,dc=myhostname,dc=com',

dc=safe2 or dc=safe? Why filter is empty?

I cannot find errors in your setting except above one. If it doesn't work, please ask in Horde mailing list instead. Sorry.

5

Re: Horde passwd application integration with iRedMail-0.7.4

Hi Zhang,

It was a typo mistake while posting in forum dc=safe2 in both places.
filter' => '(&(objectClass=*))', we tried with this option and empty we are getting same error message as Bind failed  invalid credentials.

Thanks,
Regards,
Pinemail11.

6

Re: Horde passwd application integration with iRedMail-0.7.4

PineMail11 wrote:

filter' => '(&(objectClass=*))', we tried with this option and empty we are getting same error message as Bind failed  invalid credentials.

It should be '(objectClass=*)', not '(&(objectclass=*))'.

Invalid credentials means incorrect bind dn and/or password.

7 (edited by PineMail11 2012-05-04 13:27:17)

Re: Horde passwd application integration with iRedMail-0.7.4

Hi Zhang,

We have given filter => '(objectClass=*)', and we have given the binddn and bind password of the vmailadmin credentials in the passwd application configuration backends.php file.

With the same binddn and bind passwd is used for creating users and domain in iRedMailProAdmin control panel. But while changing password for mail users using horde password application getting error message in logs as Bind failed Invalid credentials.

Thanks,
Regards,
Pinemail11

8

Re: Horde passwd application integration with iRedMail-0.7.4

Could you try to set 'loglevel 256' in /etc/openldap/slapd.conf, restart OpenLDAP service, monitor OpenLDAP log file (/var/log/openldap.log), then try to change password again? Paste related log here to help troubleshoot.

We need to verify the final LDAP filter it generated and check other logs.

9

Re: Horde passwd application integration with iRedMail-0.7.4

Hi Zhang,

I have set loglevel 256 in slapd.conf and tried to change password for test@mydomain.in, I have pasted the openldap.log for your reference below.


May  4 17:25:40 safe2 slapd[16844]: conn=1 op=7454 SRCH base="o=domains,dc=safe2,dc=myhostname,dc=com" scope=2 deref=0 filter="(&(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=imapsecured)(|(mail=test@mydomain.in)(&(enabledService=shadowaddress)(shadowAddress=test@mydomain.in))))"
May  4 17:25:40 safe2 slapd[16844]: conn=1 op=7454 SRCH attr=mail
May  4 17:25:40 safe2 slapd[16844]: conn=1 op=7454 SEARCH RESULT tag=101 err=0 nentries=1 text=
May  4 17:25:40 safe2 slapd[16844]: conn=1 op=7455 BIND anonymous mech=implicit ssf=0
May  4 17:25:40 safe2 slapd[16844]: conn=1 op=7455 BIND dn="mail=test@mydomain.in,ou=Users,domainName=mydomain.in,o=domains,dc=safe2,dc=myhostname,dc=com" method=128
May  4 17:25:40 safe2 slapd[16844]: conn=1 op=7455 BIND dn="mail=test@mydomain.in,ou=Users,domainName=mydomain.in,o=domains,dc=safe2,dc=myhostname,dc=com" mech=SIMPLE ssf=0
May  4 17:25:40 safe2 slapd[16844]: conn=1 op=7455 RESULT tag=97 err=0 text=
May  4 17:25:40 safe2 slapd[16844]: conn=1 op=7456 BIND anonymous mech=implicit ssf=0
May  4 17:25:40 safe2 slapd[16844]: conn=1 op=7456 BIND dn="cn=vmail,dc=safe2,dc=myhostname,dc=com" method=128
May  4 17:25:40 safe2 slapd[16844]: conn=1 op=7456 BIND dn="cn=vmail,dc=safe2,dc=myhostname,dc=com" mech=SIMPLE ssf=0
May  4 17:25:40 safe2 slapd[16844]: conn=1 op=7456 RESULT tag=97 err=0 text=
May  4 17:25:40 safe2 slapd[16844]: conn=1 op=7457 SRCH base="o=domains,dc=safe2,dc=myhostname,dc=com" scope=2 deref=0 filter="(&(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=imapsecured)(|(mail=test@mydomain.in)(&(enabledService=shadowaddress)(shadowAddress=test@mydomain.in))))"
May  4 17:25:40 safe2 slapd[16844]: conn=1 op=7457 SRCH attr=mail homeDirectory mailMessageStore mailQuota
May  4 17:25:40 safe2 slapd[16844]: conn=1 op=7457 SEARCH RESULT tag=101 err=0 nentries=1 text=
May  4 17:25:40 safe2 slapd[16844]: conn=3127 fd=21 ACCEPT from IP=127.0.0.1:35792 (IP=0.0.0.0:389)
May  4 17:25:40 safe2 slapd[16844]: conn=3127 op=0 BIND dn="cn=vmailadmin,dc=safe2,dc=myhostname,dc=com" method=128
May  4 17:25:40 safe2 slapd[16844]: conn=3127 op=0 BIND dn="cn=vmailadmin,dc=safe2,dc=myhostname,dc=com" mech=SIMPLE ssf=0
May  4 17:25:40 safe2 slapd[16844]: conn=3127 op=0 RESULT tag=97 err=0 text=
May  4 17:25:40 safe2 slapd[16844]: conn=3126 op=1 UNBIND
May  4 17:25:40 safe2 slapd[16844]: conn=3126 fd=12 closed
May  4 17:25:40 safe2 slapd[16844]: conn=3127 op=1 UNBIND
May  4 17:25:40 safe2 slapd[16844]: conn=3127 fd=21 closed

Thanks,
Regards,
Pinemail11

10

Re: Horde passwd application integration with iRedMail-0.7.4

- Seems no changing password related log.
- Bind as normal user, not cn=vmailadmin?
- No update/modify operation (MOD) in log?

11 (edited by PineMail11 2012-05-05 16:15:06)

Re: Horde passwd application integration with iRedMail-0.7.4

Hi Zhang,

We have tried with user vmail and vmail password to bind with LDAP. We are not able to bind with LDAP, how to bind as normal user kindly advice. I have pasted the openldap.log for your reference below.


May  5 08:46:32 safe2 slapd[16844]: conn=1 op=7643 SRCH base="o=domains,dc=safe2,dc=myhostname,dc=com" scope=2 deref=0 filter="(&(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=imapsecured)(|(mail=test@mydomain.in)(&(enabledService=shadowaddress)(shadowAddress=test@mydomain.in))))"
May  5 08:46:32 safe2 slapd[16844]: conn=1 op=7643 SRCH attr=mail
May  5 08:46:32 safe2 slapd[16844]: conn=1 op=7643 SEARCH RESULT tag=101 err=0 nentries=1 text=
May  5 08:46:32 safe2 slapd[16844]: conn=1 op=7644 BIND anonymous mech=implicit ssf=0
May  5 08:46:32 safe2 slapd[16844]: conn=1 op=7644 BIND dn="mail=test@mydomain.in,ou=Users,domainName=mydomain.in,o=domains,dc=safe2,dc=myhostname,dc=com" method=128
May  5 08:46:32 safe2 slapd[16844]: conn=1 op=7644 BIND dn="mail=test@mydomain.in,ou=Users,domainName=mydomain.in,o=domains,dc=safe2,dc=myhostname,dc=com" mech=SIMPLE ssf=0
May  5 08:46:32 safe2 slapd[16844]: conn=1 op=7644 RESULT tag=97 err=0 text=
May  5 08:46:32 safe2 slapd[16844]: conn=1 op=7645 BIND anonymous mech=implicit ssf=0
May  5 08:46:32 safe2 slapd[16844]: conn=1 op=7645 BIND dn="cn=vmail,dc=safe2,dc=myhostname,dc=com" method=128
May  5 08:46:32 safe2 slapd[16844]: conn=1 op=7645 BIND dn="cn=vmail,dc=safe2,dc=myhostname,dc=com" mech=SIMPLE ssf=0
May  5 08:46:32 safe2 slapd[16844]: conn=1 op=7645 RESULT tag=97 err=0 text=
May  5 08:46:32 safe2 slapd[16844]: conn=1 op=7646 SRCH base="o=domains,dc=safe2,dc=myhostname,dc=com" scope=2 deref=0 filter="(&(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=imapsecured)(|(mail=test@mydomain.in)(&(enabledService=shadowaddress)(shadowAddress=test@mydomain.in))))"
May  5 08:46:32 safe2 slapd[16844]: conn=1 op=7646 SRCH attr=mail homeDirectory mailMessageStore mailQuota
May  5 08:46:32 safe2 slapd[16844]: conn=1 op=7646 SEARCH RESULT tag=101 err=0 nentries=1 text=
May  5 08:46:33 safe2 slapd[16844]: conn=3332 op=1 UNBIND
May  5 08:46:33 safe2 slapd[16844]: conn=3332 fd=12 closed


Thanks,
Regards,
Pinemail11

12

Re: Horde passwd application integration with iRedMail-0.7.4

Dear Pinemail11,

I have no idea of how changing password works in Horde, i'm afraid you have to ask in Horde mailing list instead. Sorry.