1 (edited by NarinNil 2010-08-02 16:57:18)

Topic: How to set LDAP addressbook with out authenticaion (anonymous)

from this topic

http://www.iredmail.org/forum/topic862- … tlook.html

my system are ubuntu 9.10 and iredmail 0.6.0
i remove below line in sldap.conf and restart ldap server

disallow    bind_anon

but still can't access ldap with out authenticaion (anonymous)
how to ? please explain me step by step and sorry for my poor english

http://upic.me/i/p2/ilogo.jpg

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: How to set LDAP addressbook with out authenticaion (anonymous)

you can enable ldap log and check why.

3 (edited by NarinNil 2010-08-03 11:36:33)

Re: How to set LDAP addressbook with out authenticaion (anonymous)

i edit loglevel in slapd.conf from 0 to -1, 128, 256 and restart openldap and try again
but in /var/log/openldap.log = 0 byte and not have any tihng in this log file

can you help me? thank smile

4

Re: How to set LDAP addressbook with out authenticaion (anonymous)

edit /etc/ldap/slapd.conf

loglevel    256 # <-- change form 0 to 256 

and restart  the ldap service .

5

Re: How to set LDAP addressbook with out authenticaion (anonymous)

Try adding below line after "#disallow bind_anon":

allow bind_anon_cred

And, OpenLDAP admin guide is good reference:
http://www.openldap.org/doc/admin23/
http://www.openldap.org/doc/admin24/

6 (edited by NarinNil 2010-08-03 11:45:44)

Re: How to set LDAP addressbook with out authenticaion (anonymous)

shake <--- i edited and restarted ldap server but not work for me openldap.log still 0 byte
ZhangHuangbin <-- thank for your answer but still not working sad

both <--- just see below my edited slapd.conf

...
#
# Disallow bind as anonymous.
#
#disallow    bind_anon
allow bind_anon_cred

#
# Specify LDAP protocol version.
#require     LDAPv3
allow       bind_v2

# Log level.
#   -1:     enable all debugging
#    0:     no debugging
#   128:    access control list processing
#   256:    stats log connections/operations/results
loglevel    256
...

i'm open port 389 (ldap) In addition what port i would open in iptables or not?

7

Re: How to set LDAP addressbook with out authenticaion (anonymous)

OK i try to install fresh iredmail again (snapshot with vmware helped me)
now openldap.log working i will try again for anonymous access

thank for all guy smile

8 (edited by NarinNil 2010-08-03 16:13:06)

Re: How to set LDAP addressbook with out authenticaion (anonymous)

OK i done it big_smile i edited slapd.conf as below just see !!

...
#
# Disallow bind as anonymous.
#
#disallow    bind_anon
allow bind_anon_cred

#
# Specify LDAP protocol version.
#require     LDAPv3
allow       bind_v2

# Log level.
#   -1:     enable all debugging
#    0:     no debugging
#   128:    access control list processing
#   256:    stats log connections/operations/results
loglevel    256
...
access to attrs="employeeNumber,homeDirectory,mailMessageStore,mail,accountStatus,userSenderBccAddress,userRecipientBccAddress,mailForwardingAddress,mailQuota,backupMailAddress,shadowAddress"
    by anonymous    read
    by self         read
    by dn.exact="cn=vmail,dc=company,dc=com"   read
    by dn.exact="cn=vmailadmin,dc=company,dc=com"  write
    by users        read
...
access to dn.regex="domainName=([^,]+),o=domains,dc=company,dc=com$"
    by anonymous                    read
    by self                         write
    by dn.exact="cn=vmail,dc=company,dc=com"   read
    by dn.exact="cn=vmailadmin,dc=company,dc=com"  write
    by dn.regex="mail=[^,]+@$1,o=domainAdmins,dc=company,dc=com$" write
    by dn.regex="mail=[^,]+@$1,ou=Users,domainName=$1,o=domains,dc=company,dc=com$" read
    by users                        none
...

thank for all

9

Re: How to set LDAP addressbook with out authenticaion (anonymous)

Good Information, Thanks Zhang