-----Original Message-----
From: Simon Horman [mailto:horms@verge.net.au]
Sent: 28 August 2008 12:25
To: Antonio de la Fuente
Cc: perdition-users(a)vergenet.net
Subject: Re: [PERDITION-USERS] authentication failure using
username@domain
On Thu, Aug 28, 2008 at 10:48:45AM +0100, Antonio de la Fuente wrote:
Thank you for quick answers. I'll try to explain
myself better.
After the years and acquisitions, we have customers that have:
Antonio(a)bla.com => username after ldap search = antoniobla
Antonio(a)whatever.com => username after ldap search = antoniowhatever
We use perdition so customers can log in with email addresses, it asks
a
ldap server for the user name of that email address,
and perdition
takes
them to their mailboxes.
In our first set up with perdition-1.15-1 (production) works fine
(hits
the ldap server and gets back the username), but with
the new servers,
perdition-1.17-1, perdition asks the ldap server (i can see that in
the
ldap server), but it doesn't get the right answer.
They both share the
same query in perdition.conf (actually the same config file):
query_key &(popproxyuid=\\u)(popproxyip=\\I),mail=\\U,cn=\\u
I think here is the problem, so i am trying to dig on it. Any
suggestion
appreciated.
Hi,
I am wondering if this could be a bug in the LDAP code in perdition
1.17.
When you say that "it doesn't get the right answer", do you know what
answer it gets?
Hi Simon and thank you for your help,
I'll paste here the output logs from perdition and from the ldap server.
At the moment i am reading about ldap, my knowledge is very limited, so
i can test different queries with some sense.
LOGS
From perdition
Aug 28 12:23:25 lon-gs1p-pop perdition[21007]: Aug 28 12:23:25
perdition[21007]: Auth: 127.0.0.1->127.0.0.1
user="testinguser(a)mistral.co.uk" server="127.0.0.1"
port="1110"
status="failed: Re-Authentication Failure"
Aug 28 12:25:16 lon-gs1p-pop perdition[21007]: Aug 28 12:25:16
perdition[21007]: Fatal Error reading authentication information from
client "127.0.0.1->127.0.0.1 ": Exiting child
From ldap server
>> slap_listener(ldap://*:389)
connection_get(13): got connid=0
connection_read(13): checking for input on id=0 ber_get_next
ber_get_next: tag 0x30 len 12 contents:
ber_get_next
do_bind
ber_scanf fmt ({imt) ber:
ber_scanf fmt (m}) ber:
>> dnPrettyNormal: <>
<<<
dnPrettyNormal: <>, <>
do_bind: version=3 dn="" method=128
send_ldap_result: conn=0 op=0 p=3
send_ldap_response: msgid=1 tag=97 err=0
ber_flush: 14 bytes to sd 13
do_bind: v3 anonymous bind
connection_get(13): got connid=0
connection_read(13): checking for input on id=0 ber_get_next
ber_get_next: tag 0x30 len 220 contents:
ber_get_next
do_search
ber_scanf fmt ({miiiib) ber:
>> dnPrettyNormal:
<ou=shells,o=mistral,c=uk>
<<< dnPrettyNormal:
<ou=shells,o=mistral,c=uk>,
<ou=shells,o=mistral,c=uk> ber_scanf fmt ({mm}) ber:
ber_scanf fmt ({mm}) ber:
ber_scanf fmt ({M}}) ber:
==> limits_get: conn=0 op=1 dn="[anonymous]"
=> bdb_search
bdb_dn2entry("ou=shells,o=mistral,c=uk")
=> bdb_dn2id("ou=shells,o=mistral,c=uk")
<= bdb_dn2id: got id=0x00000c88
entry_decode: "ou=shells,o=mistral,c=uk"
<= entry_decode(ou=shells,o=mistral,c=uk)
search_candidates: base="ou=shells,o=mistral,c=uk" (0x00000c88) scope=1
=> bdb_dn2idl("ou=shells,o=mistral,c=uk")
<= bdb_dn2idl: id=163 first=3209 last=241828 => bdb_equality_candidates
(objectClass) => key_read <= bdb_index_read: failed (-30990) <=
bdb_equality_candidates: id=0, first=0, last=0 =>
bdb_equality_candidates (objectClass) => key_read <= bdb_index_read 163
candidates <= bdb_equality_candidates: id=163, first=3209, last=241828
=> bdb_equality_candidates (uid) => key_read <= bdb_index_read: failed
(-30990) <= bdb_equality_candidates: id=0, first=0, last=0
bdb_search_candidates: id=0 first=3209 last=0
bdb_search: no candidates
send_ldap_result: conn=0 op=1 p=3
send_ldap_response: msgid=2 tag=101 err=0
ber_flush: 14 bytes to sd 13
This email has been scanned for all viruses by the MessageLabs SkyScan service.
Please consider the environment before printing this email.
The content of this email and any attachment is private and may be privileged. If you are
not the intended recipient, any use, disclosure, copying or forwarding of this email
and/or its attachments is unauthorised. If you have received this email in error please
notify the sender by email and delete this message and any attachments immediately.
Nothing in this email shall bind the Company or any of its subsidiaries or businesses in
any contract or obligation, unless we have specifically agreed to be bound.
KCOM Group PLC is a public limited company incorporated in England and Wales, company
number 02150618 and whose registered office is at 37 Carr Lane, Hull, HU1 3RE.
118288 - KCOM UK Directory Enquiries. Calls cost 49p connection + 14p per minute including
VAT from a KC or BT landline. Call charges from mobiles and other networks may vary. If
you are calling from a mobile you will now receive your requested number via text message.
You will not be charged for the text message.