[tpop3d-discuss] RE: LDAP Authentication
prune
prune at lecentre.net
Wed, 18 Sep 2002 09:23:16 +0200
--------------060303040605000809080209
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Hi,
I have not been working with tpop3d since last year, but as I can
remember, try something like :
auth-ldap-searchdn: dc=mye-znet.com,o=mye-znet
as the searchDN is the start of where you are looking for entries
auth-ldap-filter: is the attribut that is checked. if it matches with
the supplied login, the entry is considered good, so :
auth-ldap-filter: uid
finaly, the
auth-ldap-username and auth-ldap-password shoud reflect to the user used
to bind to the ldap server and do the search :
auth-ldap-username: cn=mailadmin, dc=mye-znet.com,o=mye-znet
auth-ldap-password: secret
of course, the mailadmin user must have search privileges on the DN.
Have a look at the tpop3d doc. As far as I remember it is well
maintained and fully understandable if you take some time to read it,
and read some ldap stuffs.
I'll try (will be hard) to re-install latester tpop3d and see how I can
provide more documentation and examples in the doc (ok chris ?)
I don't remeber but check the doc also about append-domain problems....
Finaly, you should really check openldap's logs (debug set to 256 is
good I think, and see what filter is used and which entry are returned.
also, which user is used for binding to the server, if it works or not.....
Cheers,
Prune
Thai Tran wrote:
>Hello everyone,
> Here is a copy of my tpop3d.conf:
>
>mailbox: maildir:/home/mailspool/$(domain)/$(user)/
>append-domain: yes
>auth-ldap-enable: yes
>auth-ldap-url: ldap://localhost
>auth-ldap-searchdn: o=mye-znet
>auth-ldap-password:
>auth-ldap-filter: <need help with this portion>
>auth-ldap-mailbox-attr: mailMessageStore
>auth-ldap-mail-user: nobody
>auth-ldap-mail-group: nobody
>
>If it is possible for me to change my auth-ldap-filter to make the query
>result in this way, I am sure that it would work:
> ldap://localhost/dc=$(domain),o=mye-znet??sub?uid=$(local_part)
>
>Does anyone have any ideas?
>
>Thanks ahead,
>Thai Tran
>
>
>
>>-----Original Message-----
>>From: tpop3d-discuss-admin@lists.beasts.org
>>[mailto:tpop3d-discuss-admin@lists.beasts.org]On Behalf Of prune
>>Sent: Tuesday, September 17, 2002 2:41 AM
>>To: t_tran99@yahoo.com
>>Cc: Dave Baker; tpop3d
>>Subject: Re: [tpop3d-discuss] RE: LDAP Authentication
>>
>>
>>Thai Tran wrote:
>>
>>
>>
>>>Dave,
>>> Sorry to bother you but I'm pretty knew at this and this
>>>
>>>
>>might seem like a
>>
>>
>>>stupid question, but how would I go about editing the filter to my
>>>specifications? I would like to log in with username@domain.com for
>>>example. The username portion is an attribute within the object which is
>>>'uid'. I'm quite new to all this and I've tried running through the
>>>auth_ldap.c and auth_ldap.h not knowing where to start. I would
>>>
>>>
>>understand
>>
>>
>>>how to use tpop3d more if the query was in a ldap URL format. I am
>>>currently using this schema for Exim already and I was hoping I
>>>
>>>
>>could keep
>>
>>
>>>it this simple.
>>>
>>>Here is a snip of one of my objects:
>>>
>>>dn: cn=t_tran99,dc=mye-znet.com,o=mye-znet
>>>objectClass: top
>>>objectClass: person
>>>objectClass: mailUser
>>>dc: mye=znet.com
>>>sn: Tran
>>>cn: Thai
>>>uid: t_tran99
>>>mailQuota: 5M
>>>userPassword:: e01ENX03NVVDQW9NZkRweE41ZDhKZXlwcVhBPT0=
>>>mailMessageStore: /home/mailspool/mye-znet.com/t_tran99/
>>>
>>>Thanks again,
>>>Thai Q. Tran
>>>Email t_tran99@yahoo.com
>>>
>>>
>>>
>>Hi,
>>
>>what you could try to do, is provide us wuth the openldap logs (check
>>syslog to find them out). As said dave, you are probably searching for
>>an attribute which does not exist in you schema.
>>Could you also send us the configuration file of tpop3d ???
>>
>>We'll then try to help you. I also suggest to have a look to
>>www.openldap.org, and learn some stuffs about ldap. It's very simple to
>>setup tpop3d with ldap, as long as you know how does Ldap work.
>>
>>Cheers,
>>
>>Prune
>>
>>
>
>
>_______________________________________________
>tpop3d-discuss mailing list
>tpop3d-discuss@lists.beasts.org
>http://lists.beasts.org/mailman/listinfo/tpop3d-discuss
>
>
--------------060303040605000809080209
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title></title>
</head>
<body>
Hi,<br>
<br>
I have not been working with tpop3d since last year, but as I can remember,
try something like : <br>
auth-ldap-searchdn: dc=mye-znet.com,o=mye-znet<br>
as the searchDN is the start of where you are looking for entries<br>
<br>
auth-ldap-filter: is the attribut that is checked. if it matches with the
supplied login, the entry is considered good, so :<br>
<br>
auth-ldap-filter: uid<br>
<br>
finaly, the <br>
auth-ldap-username and auth-ldap-password shoud reflect to the user used
to bind to the ldap server and do the search :<br>
<br>
auth-ldap-username: cn=mailadmin, dc=mye-znet.com,o=mye-znet<br>
auth-ldap-password: secret<br>
<br>
of course, the mailadmin user must have search privileges on the DN.<br>
<br>
Have a look at the tpop3d doc. As far as I remember it is well maintained
and fully understandable if you take some time to read it, and read some
ldap stuffs.<br>
I'll try (will be hard) to re-install latester tpop3d and see how I can provide
more documentation and examples in the doc (ok chris ?)<br>
<br>
I don't remeber but check the doc also about append-domain problems....<br>
<br>
Finaly, you should really check openldap's logs (debug set to 256 is good
I think, and see what filter is used and which entry are returned. also,
which user is used for binding to the server, if it works or not.....<br>
<br>
Cheers,<br>
<br>
Prune<br>
<br>
<pre wrap="">
</pre>
Thai Tran wrote:<br>
<blockquote type="cite"
cite="midIPELJBOKFFLIECKDHDBFOEFMCFAA.t_tran99@yahoo.com">
<pre wrap="">Hello everyone,
Here is a copy of my tpop3d.conf:
mailbox: maildir:/home/mailspool/$(domain)/$(user)/
append-domain: yes
auth-ldap-enable: yes
auth-ldap-url: ldap://localhost
auth-ldap-searchdn: o=mye-znet
auth-ldap-password:
auth-ldap-filter: <need help with this portion>
auth-ldap-mailbox-attr: mailMessageStore
auth-ldap-mail-user: nobody
auth-ldap-mail-group: nobody
If it is possible for me to change my auth-ldap-filter to make the query
result in this way, I am sure that it would work:
ldap://localhost/dc=$(domain),o=mye-znet??sub?uid=$(local_part)
Does anyone have any ideas?
Thanks ahead,
Thai Tran
</pre>
<blockquote type="cite">
<pre wrap="">-----Original Message-----
From: <a class="moz-txt-link-abbreviated" href="mailto:tpop3d-discuss-admin@lists.beasts.org">tpop3d-discuss-admin@lists.beasts.org</a>
[<a class="moz-txt-link-freetext" href="mailto:tpop3d-discuss-admin@lists.beasts.org">mailto:tpop3d-discuss-admin@lists.beasts.org</a>]On Behalf Of prune
Sent: Tuesday, September 17, 2002 2:41 AM
To: <a class="moz-txt-link-abbreviated" href="mailto:t_tran99@yahoo.com">t_tran99@yahoo.com</a>
Cc: Dave Baker; tpop3d
Subject: Re: [tpop3d-discuss] RE: LDAP Authentication
Thai Tran wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Dave,
Sorry to bother you but I'm pretty knew at this and this
</pre>
</blockquote>
<pre wrap="">might seem like a
</pre>
<blockquote type="cite">
<pre wrap="">stupid question, but how would I go about editing the filter to my
specifications? I would like to log in with <a class="moz-txt-link-abbreviated" href="mailto:username@domain.com">username@domain.com</a> for
example. The username portion is an attribute within the object which is
'uid'. I'm quite new to all this and I've tried running through the
auth_ldap.c and auth_ldap.h not knowing where to start. I would
</pre>
</blockquote>
<pre wrap="">understand
</pre>
<blockquote type="cite">
<pre wrap="">how to use tpop3d more if the query was in a ldap URL format. I am
currently using this schema for Exim already and I was hoping I
</pre>
</blockquote>
<pre wrap="">could keep
</pre>
<blockquote type="cite">
<pre wrap="">it this simple.
Here is a snip of one of my objects:
dn: cn=t_tran99,dc=mye-znet.com,o=mye-znet
objectClass: top
objectClass: person
objectClass: mailUser
dc: mye=znet.com
sn: Tran
cn: Thai
uid: t_tran99
mailQuota: 5M
userPassword:: e01ENX03NVVDQW9NZkRweE41ZDhKZXlwcVhBPT0=
mailMessageStore: /home/mailspool/mye-znet.com/t_tran99/
Thanks again,
Thai Q. Tran
Email <a class="moz-txt-link-abbreviated" href="mailto:t_tran99@yahoo.com">t_tran99@yahoo.com</a>
</pre>
</blockquote>
<pre wrap="">Hi,
what you could try to do, is provide us wuth the openldap logs (check
syslog to find them out). As said dave, you are probably searching for
an attribute which does not exist in you schema.
Could you also send us the configuration file of tpop3d ???
We'll then try to help you. I also suggest to have a look to
<a class="moz-txt-link-abbreviated" href="http://www.openldap.org">www.openldap.org</a>, and learn some stuffs about ldap. It's very simple to
setup tpop3d with ldap, as long as you know how does Ldap work.
Cheers,
Prune
</pre>
</blockquote>
<pre wrap=""><!---->
_______________________________________________
tpop3d-discuss mailing list
<a class="moz-txt-link-abbreviated" href="mailto:tpop3d-discuss@lists.beasts.org">tpop3d-discuss@lists.beasts.org</a>
<a class="moz-txt-link-freetext" href="http://lists.beasts.org/mailman/listinfo/tpop3d-discuss">http://lists.beasts.org/mailman/listinfo/tpop3d-discuss</a>
</pre>
</blockquote>
<br>
</body>
</html>
--------------060303040605000809080209--