Scalix Forums

I know the subject has been discussed and there's a nice HOW-TO file that should make things pretty straightforward, but for some reason, I can't get LDAP password authentication to work.

Server is SLES 9 and LDAP server is eDirectory on Netware 6.5. I have another PAM authenticating to the Novell server (for my Linux users) and it works fine.

Here's my config files

om_ldap.conf
----------------------
tls=off
host=westmount.gfaga.com
search=subtree
base=o=gfaga
filter=uid=%s

ual.remote
-----------------------------
# everything else is commented
auth sufficient om_ldap
auth sufficient om_auth
auth required pam_deny
account required om_auth
password required om_auth
session required om_auth

uid is my unique field

- I create a user through the admin interface and I can access it (with webmail)
- I add the value for uniqueness using
ommodu -o "Francois Villeneuve" -- auhid frankv
with ."Francois Villeneuve" being the user I created through admin and frankv being my uid in the Novell LDAP

When I try to access the account from Webmail, it tells me that the user or password is incorrect.

I obviously did something wrong since I get the following error message in the IMAP deamon log

ERROR IMAP Server Da(IMAP Server Pr) 04.18.06 16:50:26
[OM 29260] PAM unable to resolve symbol: pam_sm_chauthtok
User Name: Francois Villeneuve / linux, dyndns/CN=Francois Villeneuve

Thanks in advance!
-

Can you post the entire contents of ual.remote ? The error you are seeing is usally because the line is present.

Cheers

Dave

OK, I did what you said. No more message in the log, but I STILL couldn't log.

So I did a trace of the LDAP process on the Netware machine.

Each time I did an unsucessful attempt, it gave the following message.

Rejecting unencrypted bind on cleartext port in nds_back_bind, err = 13

So I uncheck the "Require TLS for Simple Binds with Password" in LDAP group in iManager, and it did the trick!

Hope it can help someone in the future.

Thanks!

Just a quick sidenote:

frankv wrote:Rejecting unencrypted bind on cleartext port in nds_back_bind, err = 13

So I uncheck the "Require TLS for Simple Binds with Password" in LDAP group in iManager, and it did the trick!

Your original post states

frankv wrote:om_ldap.conf
----------------------
tls=off
host=westmount.gfaga.com
search=subtree
base=o=gfaga
filter=uid=%s

I'll be willing to bet that if you change the "tls" setting to "required" or to "on" you can re-enable "Require TLS for Simple Binds with Password".

Hi valerion,

it does not mean anything, but congratulations to the 10.000th post ;-)

Cheers,

Sascha.

Valerion wrote:I'll be willing to bet that if you change the "tls" setting to "required" or to "on" you can re-enable "Require TLS for Simple Binds with Password".

That would seem logical, but I tried it without the TLS=off in om_ldpa.conf conf and "Require TLS for Simple Binds with Password" checked in Novell LDAP and it wouldn't work.

Why do you say it doesn't mean anything Sasha?