[prev in list] [next in list] [prev in thread] [next in thread] 

List:       pamldap
Subject:    [pamldap] IMAP tries simple bind
From:       Andrew Afliatunov <andy () taom ! ru>
Date:       2004-12-24 7:48:00
Message-ID: 41CBC9B0.6080508 () taom ! ru
[Download RAW message or body]

Hi!
I want to make pam-ldap authentication for imap users on Linux Slackware 
9.1 server.
So I have installed and configured openssl-0.9.7e, openldap-2.1.21, 
pam_ldap-176, nss-ldap-227.
Whith this soft and this file /etc/pam.d/ftp:
--
#%PAM-1.0
auth       required     /lib/security/pam_listfile.so item=user 
sense=deny file=/etc/ftpusers onerr=succeed
auth       required     /lib/security/pam_shells.so
auth       sufficient   /lib/security/pam_ldap.so
account    sufficient   /lib/security/pam_ldap.so
session    sufficient   /lib/security/pam_ldap.so
--
our ftp users succesfully connect to the server, authenticating in ldap 
(Windows AD).

Now I make imap-2004a with pam support:
 > make lnp SSLTYPE=none
Make file /etc/pam.d/imap:
--
#%PAM-1.0
auth       sufficient   /lib/security/pam_ldap.so
auth       required     /lib/security/pam_unix_auth.so try_first_pass
account    sufficient   /lib/security/pam_ldap.so
account    required     /lib/security/pam_unix_acct.so
--
and then try to connect to made imapd and authenticate in AD:
 > telnet localhost 143.
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4REV1 LITERAL+ SASL-IR LOGIN-REFERRALS AUTH=LOGIN] 
localhost IMAP4rev1 2004.352 at Fri, 24 Dec 2004 11:10:12 +0400 (SAMT)
c: login <windows_user> <windows_password>
c: NO LOGIN failed

Authentication fails, and in mail.log I see:
--
Dec 24 11:24:15 web imapd[3408]: pam_ldap: ldap_simple_bind Can't 
contact LDAP server
--
I wonder, why IMAP tries simple bind, if  I have 'port 636'  and 'ssl 
on' in ldap.conf, and when connecting by FTP authentication works?

--
Andrew

[prev in list] [next in list] [prev in thread] [next in thread]