Hi There,

Thanks for your prompt reply - we've already tried this with Thunderbird (using the mail user's own username/password/dn to bind) , but I don't think the user has read rights to the directory. Although the users are authenticated (I think), nothing appears in the addressbook list for them. Here is what we are using:

This works:

Hostname:  intra.abc-ltd.co.uk
ou=Users,domainName=intra.abc-ltd.co.uk,o=domains,dc=intra,dc=abc,dc=co.uk
Port Number: 636
Bind DN: cn=Manager,dc=intra,dc=abc-ltd,dc=co.uk
Secure = yes

This does not work:

Hostname:  intra.abc-ltd.co.uk
ou=Users,domainName=intra.abc-ltd.co.uk,o=domains,dc=intra,dc=abc,dc=co.uk
Port Number: 636
Bind DN: mail=user.name@intra.abc-ltd.co.uk,ou=Users,domainName=intra.abc-ltd.co.uk,o=domains,dc=intra,dc=abc-ltd,dc=co.uk
Secure = yes

Is this a problem of regular users not having rights to read other users details/DN entries (slapd.conf) ?

We didn't install RC2 since it was suggested on your site to not use it in production system. Is it safe to use? We have already installed stable version along with some customisations (mainly around send/receive restrictions to convert the mail server into an intranet only server with rights to send/receive mail from company domain only) - how troublesome/easy would it be to upgrade to RC2 (and beyond) ?

Thanks

HI - just tried this with both user.name and Manager - debug results are below - can't see any failures for user.name authentication:

Jul  7 01:31:29 intra slapd[4093]: slapd starting
Jul  7 01:32:07 intra slapd[4093]: conn=0 fd=14 ACCEPT from IP=119.xxx.83.156:50542 (IP=0.0.0.0:636)
Jul  7 01:32:08 intra slapd[4093]: conn=0 fd=14 TLS established tls_ssf=256 ssf=256
Jul  7 01:32:08 intra slapd[4093]: conn=0 op=0 BIND dn="mail=user.name@intra.abc-ltd.co.uk,ou=Users,domainName=intra.abc-ltd.co.uk,o=domains,dc=intra,dc=abc-ltd,dc=co.uk" method=128
Jul  7 01:32:08 intra slapd[4093]: conn=0 op=0 BIND dn="mail=user.name@intra.abc-ltd.co.uk,ou=Users,domainName=intra.abc-ltd.co.uk,o=domains,dc=intra,dc=abc-ltd,dc=co.uk" mech=SIMPLE ssf=0
Jul  7 01:32:08 intra slapd[4093]: conn=0 op=0 RESULT tag=97 err=0 text=
Jul  7 01:32:08 intra slapd[4093]: conn=0 op=1 SRCH base="ou=Users,domainName=intra.abc-ltd.co.uk,o=domains,dc=intra,dc=abc-ltd,dc=co.uk" scope=2 deref=0 filter="(&(&(objectClass=mailUser)(accountStatus=active))(|(mail=*zia*)(cn=*zia*)(givenName=*zia*)(sn=*zia*)))"
Jul  7 01:32:08 intra slapd[4093]: conn=0 op=1 SRCH attr=cn commonname o company title modifytimestamp mozillaCustom4 custom4 mozillaHomeUrl homeurl mozillaCustom2 custom2 mozillaHomeCountryName ou department departmentnumber orgunit mobile cellphone carphone mozillaHomeState mozillaCustom1 custom1 mozillaNickname xmozillanickname mozillaWorkUrl workurl fax facsimiletelephonenumber st region telephoneNumber mozillaHomeStreet mozillaSecondEmail xmozillasecondemail nsAIMid nscpaimscreenname street streetaddress postOfficeBox l locality homePhone description notes givenName mozillaHomePostalCode mozillaHomeLocalityName mozillaCustom3 custom3 mozillaWorkStreet2 mozillaUseHtmlMail xmozillausehtmlmail mozillaHomeStreet2 postalCode zip c countryname pager pagerphone mail sn surname birthyear
Jul  7 01:32:08 intra slapd[4093]: conn=0 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jul  7 01:33:51 intra slapd[4093]: conn=0 op=2 UNBIND
Jul  7 01:33:51 intra slapd[4093]: conn=0 fd=14 closed
Jul  7 01:34:29 intra slapd[4093]: conn=1 fd=14 ACCEPT from IP=119.xxx.83.156:50543 (IP=0.0.0.0:636)
Jul  7 01:34:29 intra slapd[4093]: conn=1 fd=14 TLS established tls_ssf=256 ssf=256
Jul  7 01:34:29 intra slapd[4093]: conn=1 op=0 BIND dn="cn=Manager,dc=intra,dc=abc-ltd,dc=co.uk" method=128
Jul  7 01:34:29 intra slapd[4093]: conn=1 op=0 BIND dn="cn=Manager,dc=intra,dc=abc-ltd,dc=co.uk" mech=SIMPLE ssf=0
Jul  7 01:34:29 intra slapd[4093]: conn=1 op=0 RESULT tag=97 err=0 text=
Jul  7 01:34:30 intra slapd[4093]: conn=1 op=1 SRCH base="ou=Users,domainName=intra.abc-ltd.co.uk,o=domains,dc=intra,dc=abc-ltd,dc=co.uk" scope=2 deref=0 filter="(&(&(objectClass=mailUser)(accountStatus=active))(|(mail=*zia*)(cn=*zia*)(givenName=*zia*)(sn=*zia*)))"
Jul  7 01:34:30 intra slapd[4093]: conn=1 op=1 SRCH attr=cn commonname o company title modifytimestamp mozillaCustom4 custom4 mozillaHomeUrl homeurl mozillaCustom2 custom2 mozillaHomeCountryName ou department departmentnumber orgunit mobile cellphone carphone mozillaHomeState mozillaCustom1 custom1 mozillaNickname xmozillanickname mozillaWorkUrl workurl fax facsimiletelephonenumber st region telephoneNumber mozillaHomeStreet mozillaSecondEmail xmozillasecondemail nsAIMid nscpaimscreenname street streetaddress postOfficeBox l locality homePhone description notes givenName mozillaHomePostalCode mozillaHomeLocalityName mozillaCustom3 custom3 mozillaWorkStreet2 mozillaUseHtmlMail xmozillausehtmlmail mozillaHomeStreet2 postalCode zip c countryname pager pagerphone mail sn surname birthyear
Jul  7 01:34:30 intra slapd[4093]: conn=1 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Jul  7 01:35:46 intra slapd[4093]: conn=1 op=2 UNBIND
Jul  7 01:35:46 intra slapd[4093]: conn=1 fd=14 closed

Any thoughts ?

Here you go:

#
# Access Control List. Used for LDAP bind.
#
# NOTE: Every domain have a administrator. e.g.
#   Domain Name: 'intra.abc-ltd.co.uk'
#   Admin Name: mail=postmaster@intra.abc-ltd.co.uk, domainName=intra.abc-ltd.co.uk, o=domains,dc=intra,dc=abc-ltd,dc=co.uk
#

#
# Set permission for LDAP attrs.
#
access to attrs="userPassword,mailForwardingAddress"
    by anonymous    auth
    by self         write
    by dn.exact="cn=vmail,dc=intra,dc=abc-ltd,dc=co.uk"   read
    by dn.exact="cn=vmailadmin,dc=intra,dc=abc-ltd,dc=co.uk"  write
    by dn.regex="mail=postmaster@([^,]+),domainName=$1,o=domains,dc=intra,dc=abc-ltd,dc=co.uk"   write
    by users        none

access to attrs="cn,sn,telephoneNumber"
    by anonymous    auth
    by self         write
    by dn.exact="cn=vmail,dc=intra,dc=abc-ltd,dc=co.uk"   read
    by dn.exact="cn=vmailadmin,dc=intra,dc=abc-ltd,dc=co.uk"  write
    by dn.regex="mail=postmaster@([^,]+),domainName=$1,o=domains,dc=intra,dc=abc-ltd,dc=co.uk"   write
    by users        read

# Domain attrs.
access to attrs="objectclass,domainName,mtaTransport,domainStatus,enabledService,domainSenderBccAddress,domainRecipientBccAddress"
    by anonymous    auth
    by self         read
    by dn.exact="cn=vmail,dc=intra,dc=abc-ltd,dc=co.uk"   read
    by dn.exact="cn=vmailadmin,dc=intra,dc=abc-ltd,dc=co.uk"  write
    by dn.regex="mail=postmaster@([^,]+),domainName=$1,o=domains,dc=intra,dc=abc-ltd,dc=co.uk"    write
    by users        read

# User attrs.
access to attrs="mail,accountStatus,userSenderBccAddress,userRecipientBccAddress,mailForwardingAddress,mailQuota,homeDirectory,mailMessageStore"
    by anonymous    auth
    by self         read
    by dn.exact="cn=vmail,dc=intra,dc=abc-ltd,dc=co.uk"   read
    by dn.exact="cn=vmailadmin,dc=intra,dc=abc-ltd,dc=co.uk"  write
    by dn.regex="mail=postmaster@([^,]+),domainName=$1,o=domains,dc=intra,dc=abc-ltd,dc=co.uk"    write
    by users        read

#
# Set ACL for vmail/vmailadmin.
#
access to dn="cn=vmail,dc=intra,dc=abc-ltd,dc=co.uk"
    by anonymous                    auth
    by self                         write
    by dn.exact="cn=vmailadmin,dc=intra,dc=abc-ltd,dc=co.uk"  write
    by users                        none
access to dn="cn=vmailadmin,dc=intra,dc=abc-ltd,dc=co.uk"
    by anonymous                    auth
    by self                         write
    by users                        none

#
# Allow users to access their own domain subtree.
#
access to dn.regex="domainName=([^,]+),o=domains,dc=intra,dc=abc-ltd,dc=co.uk$"
    by anonymous                    auth
    by self                         write
    by dn.exact="cn=vmail,dc=intra,dc=abc-ltd,dc=co.uk"   read
    by dn.exact="cn=vmailadmin,dc=intra,dc=abc-ltd,dc=co.uk"  write
    by dn.regex="mail=postmaster@$1,domainName=$1,o=domains,dc=intra,dc=abc-ltd,dc=co.uk$" write
    by dn.regex="mail=[^,]+,domainName=$1,o=domains,dc=intra,dc=abc-ltd,dc=co.uk$" read
    by users                        none
#
# Enable vmail/vmailadmin.
#
access to dn.subtree="o=domains,dc=intra,dc=abc-ltd,dc=co.uk"
    by anonymous                    auth
    by self                         write
    by dn.exact="cn=vmail,dc=intra,dc=abc-ltd,dc=co.uk"   read
    by dn.exact="cn=vmailadmin,dc=intra,dc=abc-ltd,dc=co.uk"  write
    by dn.regex="mail=[^,]+,domainName=$1,o=domains,dc=intra,dc=abc-ltd,dc=co.uk$" read
    by users                        read

#
# Set permission for "cn=*,dc=intra,dc=abc-ltd,dc=co.uk".
#
access to dn.regex="cn=[^,]+,dc=intra,dc=abc-ltd,dc=co.uk"
    by anonymous                    auth
    by self                         write
    by users                        none
#
# Set default permission.
#
access to *
    by anonymous                    auth
    by self                         write
    by users                        read

Hi,

I am using the Tools -> AddressBook   option to create and search through the address book. Nothing is changed except the Manager CN. No results are returned as you can see in the ldap logs. There might be some misconfiguration elsewhere. Is there any other way we can troubleshoot this? What about creating a user in ldap (slapd.conf) just for accessing the addressbook just like vmail ?

Thanks