Fix for sasl authentication when using ldap addressbooks
Richard Bos
ml at radoeka.nl
Tue Apr 20 20:15:13 CEST 2010
Hello Alex,
Op maandag 19 april 2010 23:51:45 schreef Alexander Gran:
> there is a litte bug (?) in kolab that breaks sasl (and therefore cyrus,
> postfix, ..?) when you have multiple entries with the same uid/mail adress.
> That happens, e.g. when a user has an address book under
> ou=addr,uid=alexg,basedn
> which is the case for me, as I migrate from an SuSE open exchange system.
> The issue is as follows
> The saslauthd asks the ldap daemon slapd for maximum of one entry, using
> this filter:
> ldap_filter: (&(|(mail=%u@%d)(mail=%u)(uid=%u@%d)(uid=%u))(!
> (kolabdeleteflag=*)))
> However this would return (in my case) 4 entires. Beeing asked for just
> one, slapd fails with something like
> conn=291 op=1 SEARCH RESULT tag=101 err=4 nentries=1 text= [1]
>
> I fixed that be setting
> ldap_filter: (&(|(mail=%u@%d)(mail=%u)(uid=%u@%d)(uid=%u))(!
> (kolabdeleteflag=*))(objectClass=posixAccount))
> If I'm right, posixAccounts can be uniquely identified by their uid/mail.
Can you please open an issue in kolab's issue tracker. If you do that, this
issue won't be forgotten, if you don't well I don't know what will happen.
The issue tracker is located at: https://issues.kolab.org/
The change seems to be, that you added
(objectClass=posixAccount) as an additional filter criteria is that correct?
Thanks for reporting the issue.
--
Richard
More information about the users
mailing list