Trouble with External LDAP auth

Discuss installation of Scalix software

Moderators: ScalixSupport, admin

Ajael

Trouble with External LDAP auth

Postby Ajael » Thu Mar 09, 2006 4:16 pm

I have installed Scalix 10 on a new FC4 box. Everything seems to be working just fine through the intial tests so I decided to procede with the configuration for authorizing users against an external OpenLDAP directory. I store my posix and samba user info in the directory and it is working great for that purpose. I used the Forums and KB to gather the necessary configurations for external authorization. Here are the two files of interest.

Code: Select all

---- ual.remote start ----
auth sufficient om_ldap use_first_pass
#auth sufficient om_auth
auth required pam_deny
account required om_auth
password optional om_ldap
password required om_auth
password required om_sasl
session reqiured om_auth
---- ual.remote stop ----


Code: Select all

---- om_ldap.conf start ----
host=chimera.hq.hiles.ca
search=subtree
base=dc=hq,dc=hiles,dc=ca
filter=uid=%s
---- om_ldap.conf stop ----


After stopping and starting the Scalix services, I attempt to log into SWA. After a short wait a dialog pops up that says "There was a problem connecting to the mail server. Please try agian later."

On checking the /var/opt/scalix/logs/fatal file I find ....

Code: Select all

==== fatal log start  ====

ERROR                   IMAP Server Da(IMAP Server Pr) Thu Mar  9 15:05:09 2006
[OM 29260] PAM unable to resolve symbol: pam_sm_chauthtok
Pid of logging process: 12739


ERROR                   IMAP Server Da(IMAP Server Pr) Thu Mar  9 15:05:09 2006
[OM 29260] PAM unable to dlopen(/opt/scalix/lib/security/om_sasl.so)
Pid of logging process: 12739


ERROR                   IMAP Server Da(IMAP Server Pr) Thu Mar  9 15:05:09 2006
[OM 29260] PAM [dlerror: /opt/scalix/lib/security/om_sasl.so: cannot open shared object file: No such file or directory]
Pid of logging process: 12739


ERROR                   IMAP Server Da(IMAP Server Pr) Thu Mar  9 15:05:09 2006
[OM 29260] PAM unable to open static handler /opt/scalix/lib/security/om_sasl.so
Pid of logging process: 12739


ERROR                   IMAP Server Da(IMAP Server Pr) Thu Mar  9 15:05:09 2006
[OM 29260] PAM adding faulty module: /opt/scalix/lib/security/om_sasl.so
Pid of logging process: 12739


SERIOUS ERROR           IMAP Server Da(IMAP Server Pr) Thu Mar  9 15:05:09 2006
[OM 10270] Process about to terminate due to error.
Signal (Segmentation Violation) trapped by process 12739
Procedure trace follows:
  <- nm_PutFieldMem
  -> nm_PutFieldMem
  -> nm_AppendFieldMem
  -> nm_AddSeparators
  <- nm_AddSeparators
  -> nm_ParseORN
  <- nm_ParseORN
  <- nm_AppendFieldMem
  <- nm_PutFieldMem
  -> nm_PutFieldMem
  -> nm_AppendFieldMem
  <- nm_AppendFieldMem
  <- nm_PutFieldMem
  -> nm_ParseORN
  <- nm_ParseORN
  <- ul_utUnpackUserEnt
Pid of logging process: 12739


SERIOUS ERROR           IMAP Server Da(IMAP Server Pr) Thu Mar  9 15:05:09 2006
[OM 10272] BACKTRACE:
/opt/scalix/lib/libom_er.so(er_add_backtrace+0xb6)[0x8dfe76]
/opt/scalix/lib/libom_er.so[0x8e0162]
/opt/scalix/lib/libom_er.so(er_DumpProcAndExit+0x1f)[0x8e031f]
[0x7c4420]
/opt/scalix/lib/libom_pam.so[0x53c888]
/opt/scalix/lib/libom_pam.so(_pam_init_handlers+0x220)[0x53cc14]
/opt/scalix/lib/libom_pam.so(pam_start+0x3cb)[0x53f2d3]
/opt/scalix/lib/libom_pam.so(pam_start_om+0xae)[0x53a02e]
in.imap41d[0x8069b9d]
/usr/lib/libsasl2.so.2[0x6f8ff7d]
/opt/scalix/lib/security/liblogin.so[0x66340f]
/usr/lib/libsasl2.so.2(sasl_server_step+0xc7)[0x6f8f83b]
in.imap41d[0x806b59b]
in.imap41d[0x8064939]
in.imap41d[0x805fd8c]
in.imap41d[0x80608a0]
in.imap41d[0x806117c]
/lib/libc.so.6(__libc_start_main+0xdf)[0x1f5d5f]
in.imap41d[0x804d9d1]
 
ÎtèÁX
Pid of logging process: 12739
 ==== fatal log end  ====


This entry is repeated 10 times with only the PID changing (incrementing by one). I have not been able to come up with any possible fixes. Help would be appreciated.

Thanks
Paul

ScalixSupport
Scalix
Scalix
Posts: 5503
Joined: Thu Mar 25, 2004 8:15 pm

Postby ScalixSupport » Thu Mar 09, 2006 6:58 pm

There is an error in the technote. The om_sasl line is no longer required in the file.

You look to have mis-spelled required in the session line.

I would also advise that you add

Code: Select all

tls=off
in the om_ldap.conf file.

Cheers

Dave

Ajael

Postby Ajael » Thu Mar 09, 2006 8:56 pm

Yep -- that did it.

Thanks
Paul

jch
Scalix
Scalix
Posts: 202
Joined: Thu Mar 25, 2004 10:25 am

Postby jch » Thu Mar 16, 2006 7:07 am

You should also remove the lines

Code: Select all

password required om_sasl

and

Code: Select all

password required om_ldap

because the former doesn't exist any more and the latter doesn't do password changing. If you want password changing then you can configure pam_ldap to do the password changing. (Licensing restrictions made it difficult for me to put password changing code in om_ldap.)

jch


Return to “Installation”



Who is online

Users browsing this forum: No registered users and 3 guests