Fix for sasl authentication when using ldap addressbooks
Alexander Gran
alexg at moduleworks.com
Mon Apr 19 23:51:45 CEST 2010
Hi,
there is a litte bug (?) in kolab that breaks sasl (and therefore cyrus,
postfix, ..?) when you have multiple entries with the same uid/mail adress.
That happens, e.g. when a user has an address book under
ou=addr,uid=alexg,basedn
which is the case for me, as I migrate from an SuSE open exchange system.
The issue is as follows
The saslauthd asks the ldap daemon slapd for maximum of one entry, using this
filter:
ldap_filter: (&(|(mail=%u@%d)(mail=%u)(uid=%u@%d)(uid=%u))(!
(kolabdeleteflag=*)))
However this would return (in my case) 4 entires. Beeing asked for just one,
slapd fails with something like
conn=291 op=1 SEARCH RESULT tag=101 err=4 nentries=1 text= [1]
I fixed that be setting
ldap_filter: (&(|(mail=%u@%d)(mail=%u)(uid=%u@%d)(uid=%u))(!
(kolabdeleteflag=*))(objectClass=posixAccount))
If I'm right, posixAccounts can be uniquely identified by their uid/mail.
To the gurus on the list:
Am I right?
To google and the rest of the world: I hope I reduced some of your pain
regards
Alex
[1]
Yes, it completely awkward to realize that
a.) This is an error message and
b.) That the reason is as described
Whoever created that log message should be hanged immediately
--
Dipl. Inform. Alexander Gran, MBA
alexg at moduleworks.com
http://www.moduleworks.com
SkypeID: mw_alexg
M: +49(0)163/5598933
ModuleWorks GmbH
Ritterstraße 12a
52072 Aachen
HRB 11871
Amtsgericht Aachen
Geschäftsführer Yavuz Murtezaoglu
This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise private information.
If you have received it in error, please notify the sender immediately
and delete the original.
Any other use of the email by you is prohibited.
More information about the users
mailing list