autentificacion LDAP en Courier-IMAP
Hola lista,
He instalado Postfix + Courier-IMAP con OpenLDAP para hacer virtual mail
y autentificar a los usuarios. Resulta que Postfix funciona de
maravilla, recibe y envia correo de los usuarios locales (usuarios
reales del servidor, no virtuales), y recibe perfectamente el correo
dirigido a usuarios virtuales. Pero Courier-IMAP no acaba de funcionar
del todo, permite loguear, leer y enviar correo a los usuarios locales,
pero no permite loguear a los usuarios virtuales. En el syslog aparece
lo siguiente al intentar loguearme al IMAP:
Apr 28 11:53:49 sitscweb imapd-ssl: Connection, ip=[::ffff:192.168.1.5]
Apr 28 11:53:56 sitscweb slapd[190]: connection_get(9)
Apr 28 11:53:56 sitscweb slapd[368]: send_ldap_result: 0::
Apr 28 11:53:56 sitscweb slapd[190]: connection_get(9)
Apr 28 11:53:56 sitscweb slapd[364]: SRCH "o=TUX,dc=dominio,dc=es" 2 0
Apr 28 11:53:56 sitscweb slapd[364]: 0 0 0
Apr 28 11:53:56 sitscweb slapd[364]: filter: (mail=baro)
Apr 28 11:53:56 sitscweb slapd[364]: attrs:
Apr 28 11:53:56 sitscweb slapd[364]: homeDirectory
Apr 28 11:53:56 sitscweb slapd[364]: mailbox
Apr 28 11:53:56 sitscweb slapd[364]: cn
Apr 28 11:53:56 sitscweb slapd[364]: clearPassword
Apr 28 11:53:56 sitscweb slapd[364]: userPassword
Apr 28 11:53:56 sitscweb slapd[364]: mail
Apr 28 11:53:56 sitscweb slapd[364]:
Apr 28 11:54:01 sitscweb imapd-ssl: LOGIN FAILED,
ip=[::ffff:192.168.1.5]
Apr 28 11:54:12 sitscweb imapd-ssl: LOGOUT, ip=[::ffff:192.168.1.5]
Gracias
Quimi
P.D.:A continuacion estan los ficheros de configuracion de COURIER-IMAP:
AUTHDAEMONRC
##NAME: authmodulelist:0
#
# The authentication modules that are linked into authdaemond. The
# default list is installed. You may selectively disable modules simply
# by removing them from the following list. The available modules you
# can use are: authcustom authcram authuserdb authldap authmysql authpam
authmodulelist="authldap authpam"
##NAME: authmodulelistorig:1
#
# This setting is used by Courier's webadmin module, and should be left
# alone
authmodulelistorig="authcustom authcram authuserdb authldap authmysql
authpam"
##NAME: daemons:0
#
# The number of daemon processes that are started. authdaemon is
typically
# installed where authentication modules are relatively expensive: such
# as authldap, or authmysql, so it's better to have a number of them
running.
# PLEASE NOTE: Some platforms may experience a problem if there's more
than
# one daemon. Specifically, SystemV derived platforms that use TLI with
# socket emulation. I'm suspicious of TLI's ability to handle multiple
# processes accepting connections on the same filesystem domain socket.
#
# You may need to increase daemons if as your system load increases.
Symptoms
# include sporadic authentication failures. If you start getting
# authentication failures, increase daemons. However, the default of 5
# SHOULD be sufficient. Bumping up daemon count is only a short-term
# solution. The permanent solution is to add more resources: RAM,
faster
# disks, faster CPUs...
daemons=5
##NAME: version:0
#
# When you have multiple versions of authdaemond.* installed,
authdaemond
# just picks the first one it finds. Set "version" to override that.
# For example: version=authdaemond.plain
version=""
##NAME: authdaemonvar:0
#
# authdaemonvar is here, but is not used directly by authdaemond. It's
# used by various configuration and build scripts, so don't touch it!
authdaemonvar=/var/run/courier/authdaemon
AUTHLDAPRC
##NAME: LOCATION:0
#
# Location of your LDAP server:
LDAP_SERVER localhost
LDAP_PORT 389
##NAME: LDAP_BASEDN:0
#
# Look for authentication here:
LDAP_BASEDN o=TUX,dc=dominio,dc=es
##NAME: LDAP_TIMEOUT:0
#
# Timeout for LDAP search
LDAP_TIMEOUT 5
##NAME: LDAP_AUTHBIND:0
#
# Define this to have the ldap server authenticate passwords. If
LDAP_AUTHBIND
# the password is validated by rebinding with the supplied userid and
password.
# If rebind succeeds, this is considered to be an authenticated
request. This
# does not support CRAM-MD5 authentication, which requires userPassword.
#
# WARNING - as of the time this note is written, there are memory leaks
in
# OpenLDAP that affect this option, see ITS #1116 in openldap.org's bug
# tracker. Avoid using this option until these leaks are plugged.
#
LDAP_AUTHBIND 1
##NAME: LDAP_MAIL:0
#
# Here's the field on which we query
LDAP_MAIL mail
##NAME: LDAP_GLOB_IDS:0
#
# The following two variables can be used to set everybody's uid and
gid.
# This is convenient if your LDAP specifies a bunch of virtual mail
accounts
# The values can be usernames or userids:
#
LDAP_GLOB_UID vmail
LDAP_GLOB_GID vmail
##NAME: LDAP_HOMEDIR:0
#
# We will retrieve the following attributes
#
# The HOMEDIR attribute MUST exist, and we MUST be able to chdir to it
LDAP_HOMEDIR homeDirectory
##NAME: LDAP_MAILDIR:0
#
# The MAILDIR attribute is OPTIONAL, and specifies the location of the
# mail directory. If not specified, ./Maildir will be used
LDAP_MAILDIR mailbox
##NAME: LDAP_FULLNAME:0
#
# FULLNAME is optional, specifies the user's full name
LDAP_FULLNAME cn
##NAME: LDAP_PW:0
#
# CLEARPW is the clear text password. CRYPT is the crypted password.
# ONE OF THESE TWO ATTRIBUTES IS REQUIRED. If CLEARPW is provided, and
# libhmac.a is available, CRAM authentication will be possible!
#LDAP_CLEARPW clearPassword
LDAP_CRYPTPW userPassword
##NAME: LDAP_DEREF:0
#
# Determines how aliases are handled during a search. This option is
available
# only with OpenLDAP 2.0
#
# LDAP_DEREF can be one of the following values:
# never, searching, finding, always. If not specified, aliases are
# never dereferenced.
LDAP_DEREF never
##NAME: LDAP_TLS:0
#
# Set LDAP_TLS to 1 to enable LDAP over SSL/TLS. Experimental setting.
# Requires OpenLDAP 2.0
#
LDAP_TLS 0
Reply to: