Topic: Configuring LDAP Clients to Authenticate
==== Provide required information ====
- iRedMail version and backend (LDAP/MySQL/PGSQL):
- Linux/BSD distribution name and version:
- Any related log? Log is helpful for troubleshooting.
====
iRedMail-0.7.0
OpenLDAP: slapd 2.4.23 (Jun 15 2011 13:31:57)
mysql Ver 14.14 Distrib 5.1.63, for debian-linux-gnu (x86_64) using readline 6.1
Linux mail 2.6.32-5-amd64 #1 SMP Sun May 6 04:00:17 UTC 2012 x86_64 GNU/Linux
---I have been trying to authenticate the vmail users in several client applications. These clients cannot find the users and/or passwords.
---webmin ldap client running on a different machine I get
Finding LDAP base for users ..
.. found base o=domains,dc=dejure,dc=us.
Connecting to LDAP server ..
.. connected to mail.dejure.us
Searching for users ..
.. no users found under base o=domains,dc=dejure,dc=us.
-------------------------------------------------------------------
Log for the above
Jul 1 15:46:05 mail slapd[2763]: slap_listener_activate(8):
Jul 1 15:46:05 mail slapd[2763]: >>> slap_listener(ldap:///)
Jul 1 15:46:05 mail slapd[2763]: connection_get(21): got connid=1007
Jul 1 15:46:05 mail slapd[2763]: connection_read(21): checking for input on id=1007
Jul 1 15:46:05 mail slapd[2763]: op tag 0x60, time 1341171965
Jul 1 15:46:05 mail slapd[2763]: conn=1007 op=0 do_bind
Jul 1 15:46:05 mail slapd[2763]: >>> dnPrettyNormal: <cn=Manager,dc=dejure,dc=us>
Jul 1 15:46:05 mail slapd[2763]: <<< dnPrettyNormal: <cn=Manager,dc=dejure,dc=us>, <cn=manager,dc=dejure,dc=us>
Jul 1 15:46:05 mail slapd[2763]: do_bind: version=3 dn="cn=Manager,dc=dejure,dc=us" method=128
Jul 1 15:46:05 mail slapd[2763]: do_bind: v3 bind: "cn=Manager,dc=dejure,dc=us" to "cn=Manager,dc=dejure,dc=us"
Jul 1 15:46:05 mail slapd[2763]: send_ldap_result: conn=1007 op=0 p=3
Jul 1 15:46:05 mail slapd[2763]: send_ldap_response: msgid=1 tag=97 err=0
Jul 1 15:46:05 mail slapd[2763]: connection_get(21): got connid=1007
Jul 1 15:46:05 mail slapd[2763]: connection_read(21): checking for input on id=1007
Jul 1 15:46:05 mail slapd[2763]: op tag 0x63, time 1341171965
Jul 1 15:46:05 mail slapd[2763]: conn=1007 op=1 do_search
Jul 1 15:46:05 mail slapd[2763]: >>> dnPrettyNormal: <o=domains,dc=dejure,dc=us>
Jul 1 15:46:05 mail slapd[2763]: <<< dnPrettyNormal: <o=domains,dc=dejure,dc=us>, <o=domains,dc=dejure,dc=us>
Jul 1 15:46:05 mail slapd[2763]: => bdb_search
Jul 1 15:46:05 mail slapd[2763]: bdb_dn2entry("o=domains,dc=dejure,dc=us")
Jul 1 15:46:05 mail slapd[2763]: search_candidates: base="o=domains,dc=dejure,dc=us" (0x00000004) scope=2
Jul 1 15:46:05 mail slapd[2763]: => bdb_dn2idl("o=domains,dc=dejure,dc=us")
Jul 1 15:46:05 mail slapd[2763]: <= bdb_dn2idl: id=19 first=4 last=24
Jul 1 15:46:05 mail slapd[2763]: => bdb_equality_candidates (objectClass)
Jul 1 15:46:05 mail slapd[2763]: => key_read
Jul 1 15:46:05 mail slapd[2763]: <= bdb_index_read: failed (-30988)
Jul 1 15:46:05 mail slapd[2763]: <= bdb_equality_candidates: id=0, first=0, last=0
Jul 1 15:46:05 mail slapd[2763]: => bdb_equality_candidates (objectClass)
Jul 1 15:46:05 mail slapd[2763]: => key_read
Jul 1 15:46:05 mail slapd[2763]: <= bdb_index_read: failed (-30988)
Jul 1 15:46:05 mail slapd[2763]: <= bdb_equality_candidates: id=0, first=0, last=0
Jul 1 15:46:05 mail slapd[2763]: bdb_search_candidates: id=0 first=4 last=0
Jul 1 15:46:05 mail slapd[2763]: bdb_search: no candidates
Jul 1 15:46:05 mail slapd[2763]: send_ldap_result: conn=1007 op=1 p=3
Jul 1 15:46:05 mail slapd[2763]: send_ldap_response: msgid=2 tag=101 err=0
Jul 1 15:46:05 mail slapd[2763]: connection_get(21): got connid=1007
Jul 1 15:46:05 mail slapd[2763]: connection_read(21): checking for input on id=1007
Jul 1 15:46:05 mail slapd[2763]: ber_get_next on fd 21 failed errno=0 (Success)
Jul 1 15:46:05 mail slapd[2763]: connection_close: conn=1007 sd=21
---------------------
However I can browse and see the user from this client and can see the employeeNumber and password
mail=robert@dejure.us,ou=Users,domainName=dejure.us,o=domains,dc=dejure,dc=us
Object attributes
accountStatus : active
employeeNumber : r.warren
userPassword : {SSHA}kew3dKfskA9qjbp6P38DudDZP193rM+Xg0RHeA==
--- Configuring Tiki-Wiki client to authenticate
LDAP Bind Type OpenLDAP: cn=username,Base DN
Base DN ou=domains,dc=dejure,dc=us
User DN ou=users
User attribute employeeNumbe
User OC inetOrgPerson
Realname attribute displayName
E-Mail attribute mail
______________________________________________________________-
log of an attempted login
Jul 1 16:00:59 mail slapd[2763]: slap_listener_activate(8):
Jul 1 16:00:59 mail slapd[2763]: >>> slap_listener(ldap:///)
Jul 1 16:00:59 mail slapd[2763]: connection_get(21): got connid=1008
Jul 1 16:00:59 mail slapd[2763]: connection_read(21): checking for input on id=1008
Jul 1 16:00:59 mail slapd[2763]: op tag 0x60, time 1341172859
Jul 1 16:00:59 mail slapd[2763]: conn=1008 op=0 do_bind
Jul 1 16:00:59 mail slapd[2763]: >>> dnPrettyNormal: <cn=r.warren,o=domains,dc=dejure,dc=us>
Jul 1 16:00:59 mail slapd[2763]: <<< dnPrettyNormal: <cn=r.warren,o=domains,dc=dejure,dc=us>, <cn=r.warren,o=domains,dc=dejure,dc=us>
Jul 1 16:00:59 mail slapd[2763]: do_bind: version=3 dn="cn=r.warren,o=domains,dc=dejure,dc=us" method=128
Jul 1 16:00:59 mail slapd[2763]: bdb_dn2entry("cn=r.warren,o=domains,dc=dejure,dc=us")
Jul 1 16:00:59 mail slapd[2763]: => bdb_dn2id("cn=r.warren,o=domains,dc=dejure,dc=us")
Jul 1 16:00:59 mail slapd[2763]: <= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30988)
Jul 1 16:00:59 mail slapd[2763]: send_ldap_result: conn=1008 op=0 p=3
Jul 1 16:00:59 mail slapd[2763]: send_ldap_response: msgid=1 tag=97 err=49
Jul 1 16:00:59 mail slapd[2763]: connection_get(21): got connid=1008
Jul 1 16:00:59 mail slapd[2763]: connection_read(21): checking for input on id=1008
Jul 1 16:00:59 mail slapd[2763]: op tag 0x42, time 1341172859
Jul 1 16:00:59 mail slapd[2763]: ber_get_next on fd 21 failed errno=0 (Success)
Jul 1 16:00:59 mail slapd[2763]: conn=1008 op=1 do_unbind
Jul 1 16:00:59 mail slapd[2763]: connection_close: conn=1008 sd=21
Jul 1 16:00:59 mail slapd[2763]: slap_listener_activate(8):
Jul 1 16:00:59 mail slapd[2763]: >>> slap_listener(ldap:///)
Jul 1 16:00:59 mail slapd[2763]: connection_get(21): got connid=1009
Jul 1 16:00:59 mail slapd[2763]: connection_read(21): checking for input on id=1009
Jul 1 16:00:59 mail slapd[2763]: op tag 0x60, time 1341172859
Jul 1 16:00:59 mail slapd[2763]: conn=1009 op=0 do_bind
Jul 1 16:00:59 mail slapd[2763]: >>> dnPrettyNormal: <employeeNumber=r.warren,ou=Users,o=domains,dc=dejure,dc=us>
Jul 1 16:00:59 mail slapd[2763]: <<< dnPrettyNormal: <employeeNumber=r.warren,ou=Users,o=domains,dc=dejure,dc=us>, <employeeNumber=r.warren,ou=users,o=domains,dc=dejure,dc=us>
Jul 1 16:00:59 mail slapd[2763]: do_bind: version=3 dn="employeeNumber=r.warren,ou=Users,o=domains,dc=dejure,dc=us" method=128
Jul 1 16:00:59 mail slapd[2763]: bdb_dn2entry("employeeNumber=r.warren,ou=users,o=domains,dc=dejure,dc=us")
Jul 1 16:00:59 mail slapd[2763]: => bdb_dn2id("ou=users,o=domains,dc=dejure,dc=us")
Jul 1 16:00:59 mail slapd[2763]: <= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30988)
Jul 1 16:00:59 mail slapd[2763]: send_ldap_result: conn=1009 op=0 p=3
Jul 1 16:00:59 mail slapd[2763]: send_ldap_response: msgid=1 tag=97 err=49
Jul 1 16:00:59 mail slapd[2763]: connection_get(21): got connid=1009
Jul 1 16:00:59 mail slapd[2763]: connection_read(21): checking for input on id=1009
Jul 1 16:00:59 mail slapd[2763]: op tag 0x42, time 1341172859
Jul 1 16:00:59 mail slapd[2763]: ber_get_next on fd 21 failed errno=0 (Success)
Jul 1 16:00:59 mail slapd[2763]: conn=1009 op=1 do_unbind
Jul 1 16:00:59 mail slapd[2763]: connection_close: conn=1009 sd=21
Jul 1 16:00:59 mail slapd[2763]: slap_listener_activate(8):
Jul 1 16:00:59 mail slapd[2763]: >>> slap_listener(ldap:///)
Jul 1 16:00:59 mail slapd[2763]: connection_get(21): got connid=1010
Jul 1 16:00:59 mail slapd[2763]: connection_read(21): checking for input on id=1010
Jul 1 16:00:59 mail slapd[2763]: op tag 0x60, time 1341172859
Jul 1 16:00:59 mail slapd[2763]: conn=1010 op=0 do_bind
Jul 1 16:00:59 mail slapd[2763]: >>> dnPrettyNormal: <employeeNumber=r.warren,ou=Users,o=domains,dc=dejure,dc=us>
Jul 1 16:00:59 mail slapd[2763]: <<< dnPrettyNormal: <employeeNumber=r.warren,ou=Users,o=domains,dc=dejure,dc=us>, <employeeNumber=r.warren,ou=users,o=domains,dc=dejure,dc=us>
Jul 1 16:00:59 mail slapd[2763]: do_bind: version=3 dn="employeeNumber=r.warren,ou=Users,o=domains,dc=dejure,dc=us" method=128
Jul 1 16:00:59 mail slapd[2763]: bdb_dn2entry("employeeNumber=r.warren,ou=users,o=domains,dc=dejure,dc=us")
Jul 1 16:00:59 mail slapd[2763]: => bdb_dn2id("ou=users,o=domains,dc=dejure,dc=us")
Jul 1 16:00:59 mail slapd[2763]: <= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30988)
Jul 1 16:00:59 mail slapd[2763]: send_ldap_result: conn=1010 op=0 p=3
Jul 1 16:00:59 mail slapd[2763]: send_ldap_response: msgid=1 tag=97 err=49
Jul 1 16:00:59 mail slapd[2763]: connection_get(21): got connid=1010
Jul 1 16:00:59 mail slapd[2763]: connection_read(21): checking for input on id=1010
Jul 1 16:00:59 mail slapd[2763]: op tag 0x42, time 1341172859
Jul 1 16:00:59 mail slapd[2763]: ber_get_next on fd 21 failed errno=0 (Success)
Jul 1 16:00:59 mail slapd[2763]: conn=1010 op=1 do_unbind
Jul 1 16:00:59 mail slapd[2763]: connection_close: conn=1010 sd=21
The login fails because (from the log above):
Jul 1 16:00:59 mail slapd[2763]: <= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30988)
--------------------------
I am posting this here as I believe that it is my misunderstanding of the iRedMail schema that won't allow me to find users and password.
Thanks
----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.