27 Aug
2008
27 Aug
'08
10:31 a.m.
Hello everybody,
after three days messing around with the set up, reading manuals,
looking for similar problems in the internet and trying possible
solutions, I come here, hopping that somebody has had the same problem
or can point me to the right direction. We have an email set up, that
uses perdition as the proxy server to our pop3 mailboxes hosted in a big
network drive. The authentication is trough ldap.
The production servers works ok. We have build few more servers cloning
the same configuration. The problem is that if we try to log with just
username, it works fine, but if we try to log as username(a)foo.bar we get
an authentication failure. The delimiter parameter is set up in
perdition.conf (as said is a clone configuration from production
server), /etc/authlib/authldaprc is the same in both set ups. We are
using same ldap server.
The perdition versions are different (1.15-1 production vs 1.17-1 new
servers) but haven't found anything relevant to this problem, reading
the docs.
perdition[17682]: Auth: 127.0.0.1->127.0.0.1 user="blablabla(a)bloblo.com"
server="127.0.0.1"
port="1110" status="failed: Re-Authentication Failure"
perdition[17762]: Fatal Error reading authentication information from
client
"127.0.0.1->127.0.0.1 ": Exiting child
Thank you in advance.
Antonio.
This email has been scanned for all viruses by the MessageLabs SkyScan service.
Please consider the environment before printing this email.
The content of this email and any attachment is private and may be privileged. If you are
not the intended recipient, any use, disclosure, copying or forwarding of this email
and/or its attachments is unauthorised. If you have received this email in error please
notify the sender by email and delete this message and any attachments immediately.
Nothing in this email shall bind the Company or any of its subsidiaries or businesses in
any contract or obligation, unless we have specifically agreed to be bound.
KCOM Group PLC is a public limited company incorporated in England and Wales, company
number 02150618 and whose registered office is at 37 Carr Lane, Hull, HU1 3RE.
118288 - KCOM UK Directory Enquiries. Calls cost 49p connection + 14p per minute including
VAT from a KC or BT landline. Call charges from mobiles and other networks may vary. If
you are calling from a mobile you will now receive your requested number via text message.
You will not be charged for the text message.
27 Aug
27 Aug
11:51 p.m.
Hi!
We use a mysql backend but had a similar issue and resolved it with this
bit of config foo ....
"m
mysqldbip:3306:perditionDb:perditionTbl:perditionUser:perditionPass:servername:concat(user,\'@\',domain):port"
The concat was the thing that did the magic for us .. plus fussing
around with the table data .... .
Jimmy
Antonio de la Fuente wrote:
Hello everybody,
after three days messing around with the set up, reading manuals,
looking for similar problems in the internet and trying possible
solutions, I come here, hopping that somebody has had the same problem
or can point me to the right direction. We have an email set up, that
uses perdition as the proxy server to our pop3 mailboxes hosted in a big
network drive. The authentication is trough ldap.
The production servers works ok. We have build few more servers cloning
the same configuration. The problem is that if we try to log with just
username, it works fine, but if we try to log as username(a)foo.bar we get
an authentication failure. The delimiter parameter is set up in
perdition.conf (as said is a clone configuration from production
server), /etc/authlib/authldaprc is the same in both set ups. We are
using same ldap server.
The perdition versions are different (1.15-1 production vs 1.17-1 new
servers) but haven't found anything relevant to this problem, reading
the docs.
perdition[17682]: Auth: 127.0.0.1->127.0.0.1 user="blablabla(a)bloblo.com"
server="127.0.0.1"
port="1110" status="failed: Re-Authentication Failure"
perdition[17762]: Fatal Error reading authentication information from
client
"127.0.0.1->127.0.0.1 ": Exiting child
Thank you in advance.
Antonio.
This email has been scanned for all viruses by the MessageLabs SkyScan service.
Please consider the environment before printing this email.
The content of this email and any attachment is private and may be privileged. If you are
not the intended recipient, any use, disclosure, copying or forwarding of this email
and/or its attachments is unauthorised. If you have received this email in error please
notify the sender by email and delete this message and any attachments immediately.
Nothing in this email shall bind the Company or any of its subsidiaries or businesses in
any contract or obligation, unless we have specifically agreed to be bound.
KCOM Group PLC is a public limited company incorporated in England and Wales, company
number 02150618 and whose registered office is at 37 Carr Lane, Hull, HU1 3RE.
118288 - KCOM UK Directory Enquiries. Calls cost 49p connection + 14p per minute
including VAT from a KC or BT landline. Call charges from mobiles and other networks may
vary. If you are calling from a mobile you will now receive your requested number via text
message. You will not be charged for the text message.
______________________________________________
Perdition-users mailing list
Perdition-users(a)vergenet.net
http://lists.vergenet.net/listinfo/perdition-users
11:58 p.m.
On Wed, Aug 27, 2008 at 11:31:35AM +0100, Antonio de la Fuente wrote:
Hello everybody,
after three days messing around with the set up, reading manuals,
looking for similar problems in the internet and trying possible
solutions, I come here, hopping that somebody has had the same problem
or can point me to the right direction. We have an email set up, that
uses perdition as the proxy server to our pop3 mailboxes hosted in a big
network drive. The authentication is trough ldap.
The production servers works ok. We have build few more servers cloning
the same configuration. The problem is that if we try to log with just
username, it works fine, but if we try to log as username(a)foo.bar we get
an authentication failure. The delimiter parameter is set up in
perdition.conf (as said is a clone configuration from production
server), /etc/authlib/authldaprc is the same in both set ups. We are
using same ldap server.
The perdition versions are different (1.15-1 production vs 1.17-1 new
servers) but haven't found anything relevant to this problem, reading
the docs.
perdition[17682]: Auth: 127.0.0.1->127.0.0.1 user="blablabla(a)bloblo.com"
server="127.0.0.1"
port="1110" status="failed: Re-Authentication Failure"
perdition[17762]: Fatal Error reading authentication information from
client
"127.0.0.1->127.0.0.1 ": Exiting child
Thank you in advance.
Hi,
I'm not sure that I understand what your desired setup is.
Do you want users to be able to log in as either username or username@blah?
If so, do the real-servers only recovnise users when they log in as
username but not username@blah?
end-user perdition real-server
-------> username@blah --------> username ----------|
or
-------> username --------> username ----------|
If so, have you tried setting strip_domain=remote_login or strip_domain=all
in conjunction with domain_delimiter=@ ?
28 Aug
28 Aug
9:48 a.m.
Thank you for quick answers. I'll try to explain myself better.
After the years and acquisitions, we have customers that have:
Antonio(a)bla.com => username after ldap search = antoniobla
Antonio(a)whatever.com => username after ldap search = antoniowhatever
We use perdition so customers can log in with email addresses, it asks a
ldap server for the user name of that email address, and perdition takes
them to their mailboxes.
In our first set up with perdition-1.15-1 (production) works fine (hits
the ldap server and gets back the username), but with the new servers,
perdition-1.17-1, perdition asks the ldap server (i can see that in the
ldap server), but it doesn't get the right answer. They both share the
same query in perdition.conf (actually the same config file):
query_key &(popproxyuid=\\u)(popproxyip=\\I),mail=\\U,cn=\\u
I think here is the problem, so i am trying to dig on it. Any suggestion
appreciated.
Saludos,
Antonio.
-----Original Message-----
From: perdition-users-bounces(a)vergenet.net
[mailto:perdition-users-bounces@vergenet.net] On Behalf Of Antonio de la
Fuente
Sent: 27 August 2008 11:32
To: perdition-users(a)vergenet.net
Subject: [PERDITION-USERS] authentication failure using username@domain
Hello everybody,
after three days messing around with the set up, reading manuals,
looking for similar problems in the internet and trying possible
solutions, I come here, hopping that somebody has had the same problem
or can point me to the right direction. We have an email set up, that
uses perdition as the proxy server to our pop3 mailboxes hosted in a big
network drive. The authentication is trough ldap.
The production servers works ok. We have build few more servers cloning
the same configuration. The problem is that if we try to log with just
username, it works fine, but if we try to log as username(a)foo.bar we get
an authentication failure. The delimiter parameter is set up in
perdition.conf (as said is a clone configuration from production
server), /etc/authlib/authldaprc is the same in both set ups. We are
using same ldap server.
The perdition versions are different (1.15-1 production vs 1.17-1 new
servers) but haven't found anything relevant to this problem, reading
the docs.
perdition[17682]: Auth: 127.0.0.1->127.0.0.1 user="blablabla(a)bloblo.com"
server="127.0.0.1"
port="1110" status="failed: Re-Authentication Failure"
perdition[17762]: Fatal Error reading authentication information from
client
"127.0.0.1->127.0.0.1 ": Exiting child
Thank you in advance.
Antonio.
This email has been scanned for all viruses by the MessageLabs SkyScan
service.
Please consider the environment before printing this email.
The content of this email and any attachment is private and may be
privileged. If you are not the intended recipient, any use, disclosure,
copying or forwarding of this email and/or its attachments is
unauthorised. If you have received this email in error please notify the
sender by email and delete this message and any attachments immediately.
Nothing in this email shall bind the Company or any of its subsidiaries
or businesses in any contract or obligation, unless we have specifically
agreed to be bound.
KCOM Group PLC is a public limited company incorporated in England and
Wales, company number 02150618 and whose registered office is at 37 Carr
Lane, Hull, HU1 3RE.
118288 - KCOM UK Directory Enquiries. Calls cost 49p connection + 14p
per minute including VAT from a KC or BT landline. Call charges from
mobiles and other networks may vary. If you are calling from a mobile
you will now receive your requested number via text message. You will
not be charged for the text message.
______________________________________________
Perdition-users mailing list
Perdition-users(a)vergenet.net
http://lists.vergenet.net/listinfo/perdition-users
This email has been scanned for all viruses by the MessageLabs SkyScan
service.
Please consider the environment before printing this email.
The content of this email and any attachment is private and may be
privileged. If you are not the intended recipient, any use, disclosure,
copying or forwarding of this email and/or its attachments is
unauthorised. If you have received this email in error please notify the
sender by email and delete this message and any attachments immediately.
Nothing in this email shall bind the Company or any of its subsidiaries
or businesses in any contract or obligation, unless we have specifically
agreed to be bound.
KCOM Group PLC is a public limited company incorporated in England and
Wales, company number 02150618 and whose registered office is at 37 Carr
Lane, Hull, HU1 3RE.
118288 - KCOM UK Directory Enquiries. Calls cost 49p connection + 14p
per minute including VAT from a KC or BT landline. Call charges from
mobiles and other networks may vary. If you are calling from a mobile
you will now receive your requested number via text message. You will
not be charged for the text message.
This email has been scanned for all viruses by the MessageLabs SkyScan service.
Please consider the environment before printing this email.
The content of this email and any attachment is private and may be privileged. If you are
not the intended recipient, any use, disclosure, copying or forwarding of this email
and/or its attachments is unauthorised. If you have received this email in error please
notify the sender by email and delete this message and any attachments immediately.
Nothing in this email shall bind the Company or any of its subsidiaries or businesses in
any contract or obligation, unless we have specifically agreed to be bound.
KCOM Group PLC is a public limited company incorporated in England and Wales, company
number 02150618 and whose registered office is at 37 Carr Lane, Hull, HU1 3RE.
118288 - KCOM UK Directory Enquiries. Calls cost 49p connection + 14p per minute including
VAT from a KC or BT landline. Call charges from mobiles and other networks may vary. If
you are calling from a mobile you will now receive your requested number via text message.
You will not be charged for the text message.
11:24 a.m.
On Thu, Aug 28, 2008 at 10:48:45AM +0100, Antonio de la Fuente wrote:
Thank you for quick answers. I'll try to explain
myself better.
After the years and acquisitions, we have customers that have:
Antonio(a)bla.com => username after ldap search = antoniobla
Antonio(a)whatever.com => username after ldap search = antoniowhatever
We use perdition so customers can log in with email addresses, it asks a
ldap server for the user name of that email address, and perdition takes
them to their mailboxes.
In our first set up with perdition-1.15-1 (production) works fine (hits
the ldap server and gets back the username), but with the new servers,
perdition-1.17-1, perdition asks the ldap server (i can see that in the
ldap server), but it doesn't get the right answer. They both share the
same query in perdition.conf (actually the same config file):
query_key &(popproxyuid=\\u)(popproxyip=\\I),mail=\\U,cn=\\u
I think here is the problem, so i am trying to dig on it. Any suggestion
appreciated.
Hi,
I am wondering if this could be a bug in the LDAP code in perdition 1.17.
When you say that "it doesn't get the right answer", do you know what
answer it gets?
12:09 p.m.
-----Original Message-----
From: Simon Horman [mailto:horms@verge.net.au]
Sent: 28 August 2008 12:25
To: Antonio de la Fuente
Cc: perdition-users(a)vergenet.net
Subject: Re: [PERDITION-USERS] authentication failure using
username@domain
On Thu, Aug 28, 2008 at 10:48:45AM +0100, Antonio de la Fuente wrote:
Thank you for quick answers. I'll try to explain
myself better.
After the years and acquisitions, we have customers that have:
Antonio(a)bla.com => username after ldap search = antoniobla
Antonio(a)whatever.com => username after ldap search = antoniowhatever
We use perdition so customers can log in with email addresses, it asks
a
ldap server for the user name of that email address,
and perdition
takes
them to their mailboxes.
In our first set up with perdition-1.15-1 (production) works fine
(hits
the ldap server and gets back the username), but with
the new servers,
perdition-1.17-1, perdition asks the ldap server (i can see that in
the
ldap server), but it doesn't get the right answer.
They both share the
same query in perdition.conf (actually the same config file):
query_key &(popproxyuid=\\u)(popproxyip=\\I),mail=\\U,cn=\\u
I think here is the problem, so i am trying to dig on it. Any
suggestion
appreciated.
Hi,
I am wondering if this could be a bug in the LDAP code in perdition
1.17.
When you say that "it doesn't get the right answer", do you know what
answer it gets?
Hi Simon and thank you for your help,
I'll paste here the output logs from perdition and from the ldap server.
At the moment i am reading about ldap, my knowledge is very limited, so
i can test different queries with some sense.
LOGS
From perdition
Aug 28 12:23:25 lon-gs1p-pop perdition[21007]: Aug 28 12:23:25
perdition[21007]: Auth: 127.0.0.1->127.0.0.1
user="testinguser(a)mistral.co.uk" server="127.0.0.1"
port="1110"
status="failed: Re-Authentication Failure"
Aug 28 12:25:16 lon-gs1p-pop perdition[21007]: Aug 28 12:25:16
perdition[21007]: Fatal Error reading authentication information from
client "127.0.0.1->127.0.0.1 ": Exiting child
From ldap server
>> slap_listener(ldap://*:389)
connection_get(13): got connid=0
connection_read(13): checking for input on id=0 ber_get_next
ber_get_next: tag 0x30 len 12 contents:
ber_get_next
do_bind
ber_scanf fmt ({imt) ber:
ber_scanf fmt (m}) ber:
>> dnPrettyNormal: <>
<<<
dnPrettyNormal: <>, <>
do_bind: version=3 dn="" method=128
send_ldap_result: conn=0 op=0 p=3
send_ldap_response: msgid=1 tag=97 err=0
ber_flush: 14 bytes to sd 13
do_bind: v3 anonymous bind
connection_get(13): got connid=0
connection_read(13): checking for input on id=0 ber_get_next
ber_get_next: tag 0x30 len 220 contents:
ber_get_next
do_search
ber_scanf fmt ({miiiib) ber:
>> dnPrettyNormal:
<ou=shells,o=mistral,c=uk>
<<< dnPrettyNormal:
<ou=shells,o=mistral,c=uk>,
<ou=shells,o=mistral,c=uk> ber_scanf fmt ({mm}) ber:
ber_scanf fmt ({mm}) ber:
ber_scanf fmt ({M}}) ber:
==> limits_get: conn=0 op=1 dn="[anonymous]"
=> bdb_search
bdb_dn2entry("ou=shells,o=mistral,c=uk")
=> bdb_dn2id("ou=shells,o=mistral,c=uk")
<= bdb_dn2id: got id=0x00000c88
entry_decode: "ou=shells,o=mistral,c=uk"
<= entry_decode(ou=shells,o=mistral,c=uk)
search_candidates: base="ou=shells,o=mistral,c=uk" (0x00000c88) scope=1
=> bdb_dn2idl("ou=shells,o=mistral,c=uk")
<= bdb_dn2idl: id=163 first=3209 last=241828 => bdb_equality_candidates
(objectClass) => key_read <= bdb_index_read: failed (-30990) <=
bdb_equality_candidates: id=0, first=0, last=0 =>
bdb_equality_candidates (objectClass) => key_read <= bdb_index_read 163
candidates <= bdb_equality_candidates: id=163, first=3209, last=241828
=> bdb_equality_candidates (uid) => key_read <= bdb_index_read: failed
(-30990) <= bdb_equality_candidates: id=0, first=0, last=0
bdb_search_candidates: id=0 first=3209 last=0
bdb_search: no candidates
send_ldap_result: conn=0 op=1 p=3
send_ldap_response: msgid=2 tag=101 err=0
ber_flush: 14 bytes to sd 13
This email has been scanned for all viruses by the MessageLabs SkyScan service.
Please consider the environment before printing this email.
The content of this email and any attachment is private and may be privileged. If you are
not the intended recipient, any use, disclosure, copying or forwarding of this email
and/or its attachments is unauthorised. If you have received this email in error please
notify the sender by email and delete this message and any attachments immediately.
Nothing in this email shall bind the Company or any of its subsidiaries or businesses in
any contract or obligation, unless we have specifically agreed to be bound.
KCOM Group PLC is a public limited company incorporated in England and Wales, company
number 02150618 and whose registered office is at 37 Carr Lane, Hull, HU1 3RE.
118288 - KCOM UK Directory Enquiries. Calls cost 49p connection + 14p per minute including
VAT from a KC or BT landline. Call charges from mobiles and other networks may vary. If
you are calling from a mobile you will now receive your requested number via text message.
You will not be charged for the text message.
5729
days inactive
5730
days old
5 comments
3 participants
participants (3)
-
Antonio de la Fuente -
Jimmy Brake -
Simon Horman