From: Birger Toedtmann (no email)
Date: Wed Apr 10 2002 - 02:13:56 EDT
OCNS Consulting schrieb am Tue, Apr 02, 2002 at 09:39:28AM -0500:
> I have Cyrus IMAP 2.1.3 + SASLV2 2.1.2 deployed and clients
> authenticate via "saslauthd" with auth mechanism "PAM" which in
> turn looks into "/etc/pam.d/imap" utilizing module "pam_ldap-140"
> to check an LDAP repository (OpenLDAP 2.0.23).
>
> The PAM module "pam_ldap" interrogates the LDAP schema via the "uid"
> attribute and if a matching "uid" is found passes the "userPassword"
> attribute value to PAM for password verification. To provide for lookup
> efficiency, I configured LDAP to ->
>
> "index uid eq"
>
> However, with indexing on attribute "uid" set, authentication fails. If
> LDAP attribute "uid" is not indexed, authentication is successful.
Check your directory server. Does it return anything useful to "ldapsearch"
when indexing is on? I had problems similar to this when something of these
facts were true:
* the index file was never built (use slapindex)
* the index file was built, but has wrong permissions (I built it with
slapindex but as root, the slapd runs as "ldap" and could not access
it)
* the index file is corrupt (delete and rebuild it)
Regards,
Birger
|
|
|