Scalix 11 and Openldap 2.3.35, SWA/IMAP fails
Posted: Thu Apr 19, 2007 3:46 pm
Scalix 11.0.3 on RHEL 4.4
OpenLDAP 2.3.35 on RHEL 4.4
Ok, so the following works fine:
[root@scalix-11-dev ~]# sxpampasswd -vvv rkirkley-sx
pam_start_om("pamcheck", "rkirkley-sx")
pam_chauthtok()
AUTHTOK not set
OLDAUTHTOK not set
New password:
AUTHTOK not set
OLDAUTHTOK not set
Re-enter new password:
AUTHTOK not set
OLDAUTHTOK not set
LDAP password information changed for rkirkley-sx
Password changed
[root@scalix-11-dev ~]# sxpamauth -vvv rkirkley-sx
pam_start_om("pamcheck", "rkirkley-sx")
pam_authenticate()
Password:
pam_acct_mgmt()
Authenticated
BUT, logging in thru IMAP or SWA fails. This is what I see in slapd.log on openldap server:
conn=12 fd=13 ACCEPT from IP=X.X.X.X:36673 (IP=0.0.0.0:389)
conn=12 op=0 BIND dn="cn=Manager,dc=cisco,dc=com" method=128
conn=12 op=0 BIND dn="cn=Manager,dc=cisco,dc=com" mech=SIMPLE ssf=0
conn=12 op=0 RESULT tag=97 err=0 text=
conn=12 op=1 SRCH base="dc=cisco,dc=com" scope=2 deref=0 filter="(uid=rkirkley-sx\1D\1D\1D\1Dscalix-11-dev\1D\1D\1D\1D\1D\1D\1D\1D\1D\1D\1D\1D\1D\1D\1D\1D\1D\1D\1D\17rkirkley sx)"
conn=12 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
conn=12 op=2 UNBIND
conn=12 fd=13 closed
Here are the config files on the Scalix box:
[root@scalix-11-dev ~]# cat /var/opt/scalix/sv/s/sys/pam.d/ual.remote
auth required om_debug
account required om_debug
session required om_debug
password required om_debug
auth required om_om2authid
auth required /lib/security/pam_ldap.so
account required /lib/security/pam_ldap.so
password required om_om2authid
password required /lib/security/pam_ldap.so
session required /lib/security/pam_ldap.so
[root@scalix-11-dev ~]# cat /var/opt/scalix/sv/s/sys/pam.d/pamcheck
auth required om_debug
account required om_debug
session required om_debug
password required om_debug
auth required om_om2authid
auth required /lib/security/pam_ldap.so
account required /lib/security/pam_ldap.so
password required om_om2authid
password required /lib/security/pam_ldap.so
session required /lib/security/pam_ldap.so
Oh, and POP3 works fine. I saw someone with a similar error on the forum, but their solution (install openldap tools or something) would not apply since I already have them.
Any ideas?
OpenLDAP 2.3.35 on RHEL 4.4
Ok, so the following works fine:
[root@scalix-11-dev ~]# sxpampasswd -vvv rkirkley-sx
pam_start_om("pamcheck", "rkirkley-sx")
pam_chauthtok()
AUTHTOK not set
OLDAUTHTOK not set
New password:
AUTHTOK not set
OLDAUTHTOK not set
Re-enter new password:
AUTHTOK not set
OLDAUTHTOK not set
LDAP password information changed for rkirkley-sx
Password changed
[root@scalix-11-dev ~]# sxpamauth -vvv rkirkley-sx
pam_start_om("pamcheck", "rkirkley-sx")
pam_authenticate()
Password:
pam_acct_mgmt()
Authenticated
BUT, logging in thru IMAP or SWA fails. This is what I see in slapd.log on openldap server:
conn=12 fd=13 ACCEPT from IP=X.X.X.X:36673 (IP=0.0.0.0:389)
conn=12 op=0 BIND dn="cn=Manager,dc=cisco,dc=com" method=128
conn=12 op=0 BIND dn="cn=Manager,dc=cisco,dc=com" mech=SIMPLE ssf=0
conn=12 op=0 RESULT tag=97 err=0 text=
conn=12 op=1 SRCH base="dc=cisco,dc=com" scope=2 deref=0 filter="(uid=rkirkley-sx\1D\1D\1D\1Dscalix-11-dev\1D\1D\1D\1D\1D\1D\1D\1D\1D\1D\1D\1D\1D\1D\1D\1D\1D\1D\1D\17rkirkley sx)"
conn=12 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
conn=12 op=2 UNBIND
conn=12 fd=13 closed
Here are the config files on the Scalix box:
[root@scalix-11-dev ~]# cat /var/opt/scalix/sv/s/sys/pam.d/ual.remote
auth required om_debug
account required om_debug
session required om_debug
password required om_debug
auth required om_om2authid
auth required /lib/security/pam_ldap.so
account required /lib/security/pam_ldap.so
password required om_om2authid
password required /lib/security/pam_ldap.so
session required /lib/security/pam_ldap.so
[root@scalix-11-dev ~]# cat /var/opt/scalix/sv/s/sys/pam.d/pamcheck
auth required om_debug
account required om_debug
session required om_debug
password required om_debug
auth required om_om2authid
auth required /lib/security/pam_ldap.so
account required /lib/security/pam_ldap.so
password required om_om2authid
password required /lib/security/pam_ldap.so
session required /lib/security/pam_ldap.so
Oh, and POP3 works fine. I saw someone with a similar error on the forum, but their solution (install openldap tools or something) would not apply since I already have them.
Any ideas?