From owner-freebsd-questions@FreeBSD.ORG Fri Aug 12 18:25:05 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5C437106564A for ; Fri, 12 Aug 2011 18:25:05 +0000 (UTC) (envelope-from jeff.t@mail.com) Received: from mailout-us.mail.com (mailout-us.mail.com [74.208.122.35]) by mx1.freebsd.org (Postfix) with SMTP id 13F348FC08 for ; Fri, 12 Aug 2011 18:25:04 +0000 (UTC) Received: (qmail invoked by alias); 12 Aug 2011 17:58:23 -0000 Received: from unknown (EHLO blazon-pc.runningwild.local) [78.84.107.172] by mail.gmx.com (mp-us011) with SMTP; 12 Aug 2011 13:58:23 -0400 X-Authenticated: #76218138 X-Provags-ID: V01U2FsdGVkX18DPgMo6i8DGm3Z2lFrvv5cTHsv6JJQNJayaJM+it /cJaJILY7V7CXr Message-ID: <4E4569E2.4060801@mail.com> Date: Fri, 12 Aug 2011 20:58:58 +0300 From: Jeff Tipton User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.9.2.18) Gecko/20110625 Thunderbird/3.1.11 MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <20110812103220.218770@gmx.com> In-Reply-To: <20110812103220.218770@gmx.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Y-GMX-Trusted: 0 Subject: Re: Zero results for Thunderbird addressbook client quering OpenLDAP server X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Aug 2011 18:25:05 -0000 On 08/12/11 13:32, Jeff Tipton wrote: > Hi, > > I installed an OpenLDAP server for an office LAN, and the first thing I wanted it do is a shared address book for e-mail clients. My OpenLDAP server responds ok on ldapsearch, it also can be browsed with phpldapadmin and jxplorer (from a LAN desktop) but I can't get anything from it with Thunderbird and Claws mail addressbooks. > > The server OS is 7.4-RELEASE, OpenLDAP is 2.4.26. > > To trace the problem, I stripped down all the configuration to a bare minimum, removed all ACLs, and opened the port 389 on the router, so that I can continue remotely (hope I won't need this hole for long). Here's my slapd.conf: > > modulepath /usr/local/libexec/openldap > moduleload back_bdb.la > moduleload back_hdb.la > include /usr/local/etc/openldap/schema/core.schema > include /usr/local/etc/openldap/schema/cosine.schema > include /usr/local/etc/openldap/schema/inetorgperson.schema > database hdb > suffix "dc=domainname,dc=tld" > rootdn "cn=Manager,dc=domainname,dc=tld" > directory /var/db/openldap-data > index objectClass,uid,uidNumber,gidNumber eq > index cn,mail,surname,givenname eq,subinitial > rootpw {SSHA}95A/ZTBigrkvH349C6pM6WtI1TMoZRDe > loglevel 256 > > The database structure: > > ldapsearch -W -H ldap://localhost/ -D cn=Manager,dc=domainname,dc=tld -b 'dc=domainname,dc=tld' '(objectclass=*)' > Enter LDAP Password: > # extended LDIF > # > # LDAPv3 > # base with scope subtree > # filter: (objectclass=*) > # requesting: ALL > # > > # domainname.tld > dn: dc=domainname,dc=tld > objectClass: dcObject > objectClass: organization > o: domainname.tld > dc: domainname > > # Manager, domainname.tld > dn: cn=Manager,dc=domainname,dc=tld > objectClass: organizationalRole > cn: Manager > > # TBabook, domainname.tld > dn: ou=TBabook,dc=domainname,dc=tld > objectClass: organizationalUnit > objectClass: top > ou: TBabook > > # John User, TBabook, domainname.tld > dn: cn=John User,ou=TBabook,dc=domainname,dc=tld > objectClass: inetOrgPerson > objectClass: top > objectClass: person > cn: John User > givenName: John > mail: john@domainname.tld > sn: User > > > # search result > search: 2 > result: 0 Success > > # numResponses: 5 > # numEntries: 4 > > Now, on thunderbird-3.1.11. FreeBSD 8.2 8.2-RELEASE (also tried from other OSes with Thunderbird 3 and Claws): > -made an account "john@domainname.tld" > -created a "New LDAP directory" with these settings: > Name: MyCompany Public > Hostname: mail.domainname.tld > Base DN: cn=TBabook,dc=domainname,dc=tld > Port number: 389 (that's open on the company's router, pointing to the OpenLDAP server, and I can make a remote ldapsearch successfully) > Bind DN: cn=Manager,dc=domainname,dc=tld > When, after these settings, I press "OK", nothing happens. When I go to the "Offline" tab and press "Download", Thunderbird prompts for a password. I fill in the Manager's (rootdn) password, check the "Remember" box, then "Ok", and Thunderbird responds with "Replication succeeded". But nothing appears in the addressbook. Meanwhile these rows were appended to the server's /var/log/debug.log: > > Aug 12 12:04:36 server slapd[54734]: conn=1018 fd=14 ACCEPT from IP=xx.xx.xx.xx:65161 (IP=0.0.0.0:389) > Aug 12 12:04:36 server slapd[54734]: conn=1018 op=0 BIND dn="cn=Manager,dc=domainname,dc=tld" method=128 > Aug 12 12:04:36 server slapd[54734]: conn=1018 op=0 BIND dn="cn=Manager,dc=domainname,dc=tld" mech=SIMPLE ssf=0 > Aug 12 12:04:36 server slapd[54734]: conn=1018 op=0 RESULT tag=97 err=0 text= > Aug 12 12:04:36 server slapd[54734]: conn=1018 op=1 SRCH base="ou=TBabook,dc=domainname,dc=tld" scope=2 deref=0 filter="(objectClass=*)" > Aug 12 12:04:36 server slapd[54734]: conn=1018 op=1 SEARCH RESULT tag=101 err=0 nentries=2 text= > Aug 12 12:04:38 server slapd[54734]: conn=1018 op=2 UNBIND > Aug 12 12:04:38 server slapd[54734]: conn=1018 fd=14 closed > > I also tried to add mozillaAbPersonAlpha.schema to my OpenLDAP and its objectClass to the "John User" but that didn't change anything. There's also a perhaps unrelated thing: the /usr/local/etc/rc.d/slapd script is only able to start openldap. In order to stop it, I have to kill it by PID. > > So, very simple situation, but I can't get it work. Anyone has ideas of how to find the cause? Thanks in advance. > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" I just analyzed my Thunderbird-OpenLDAP session with wireshark, and it shows an ideal conversation! Here's an outline: T bindRequest(1) "cn=Manager,dc=domainname,dc=tld" simple O bindResponse(1) success T searchRequest(2) "ou=TBabook,dc=domainname,dc=tld" wholeSubtree O searchResEntry(2) "ou=TBabook,dc=domainname,dc=tld" O searchResEntry(2) "cn=John User,ou=TBabook,dc=domainname,dc=tld" O searchResEntry(2) "cn=Jane User,ou=TBabook,dc=domainname,dc=tld" O searchResDone(2) success T unbindRequest(3) I also browsed the contents of responses deeper, and all the expected data is there. So my server works ok, it's Thunderbird that shows nothing it receives.