Bugzilla – Bug 158653
pine cannot authenticate to LDAP server with dn and password (fixed, working patch included)
Last modified: 2006-03-21 12:40:49 UTC
pine (of pine-4.64-5.1) can use an LDAP server anonymously but cannot authenticate by binding with an DN and a password. Luckily I found this post with a patch too: http://mailman1.u.washington.edu/pipermail/pine-info/2004-October/040796.html I've applied the patch referenced there to the pine-4.64-5.1 sources of bug #150076. Have built a RPM under SuSE 10.0 and it works for me! To use, first configure the LDAP server in Pine's Directory Config as usual. Then quit pine, edit ~/.pinerc and append /binddn=<DN>/bindpw=<password> to the LDAP line, e.g.: # LDAP servers for looking up addresses. ldap-servers=ldap.example "/base=ou=abook,dc=EXAMPLE/impl=1/rhs=1/ref=0/nosub=0/ldap_v3_ok=1/type=/srch=/time=/size=/cust=/nick=/matr=/catr=/satr=/gatr=" becomes: # LDAP servers for looking up addresses. ldap-servers=ldap.example "/base=ou=abook,dc=EXAMPLE/impl=1/rhs=1/ref=0/nosub=0/ldap_v3_ok=1/type=/srch=/time=/size=/cust=/nick=/matr=/catr=/satr=/gatr=/binddn=uid=someuser,dc=EXAMPLE/bindpw=very_secret" After starting pine again, it will authenticate successfully against the LDAP server (verified with OpenLDAP from the openldap2-2.2.27-6 RPM shipped with SuSE 10.0). Please note that your LDAP server password is stored in _cleartext_ in .pinerc, so I'd suggest that the file is protected by 0600 permissions. @Bernhard Kaindl: Could you include this patch too? Should make it into final 10.1 then.
Created attachment 73324 [details] LDAP simple authentication with binddn and bindpw for pine Created an attachment with the patch. To build, I simple put it into /usr/src/packages/SOURCES and changed pine.spec: --- pine.spec.orig 2006-03-16 16:26:44.000000000 +0100 +++ pine.spec 2006-03-16 15:42:12.000000000 +0100 @@ -55,6 +55,8 @@ Patch61: pine-missing-protos.patch Patch62: pine-few_arguments.patch Patch63: pine-use-rpm_opt_flags.patch +# own patches +Patch99: pine-ldap_auth.patch %description A text-based, but menu-driven and thus easy-to-use e-mail program. It @@ -141,6 +143,7 @@ %patch61 %patch62 %patch63 +%patch99 %build %ifarch ppc64 The built without problems: rpmbuild --clean -bb SPECS/pine.spec
Another note: Whenever the LDAP config (or the config at all? haven't checked this) in pine is changed, the binddn and bindpw settings will be removed and need to be added manually again afterwards. Obviously a configurable setting within pine would be desirable but this is beyond the scope of this patch. I still find this patch highly useful as LDAP configs rarely change.
No, only if the particular Directory Config entry is changed, binddn and bindpw have to be added again. No big deal, IMHO.
For the curious: I've setup an OpenLDAP server to share an addressbook with Pine, Thunderbird and Squirrelmail. Feel free to send me an email about OpenLDAP schemas, configuration or else (e.g. mail client ldap config) if you want to do the same.
Thanks, package with patch is submitted, can tell more on Monday. The changelog entry would be: * Fri Mar 17 2006 - bk@suse.de - allow connect to LDAP servers which need authentication (#158653) If you can make such OpenLDAP schemas, configuration (all what is needed) for an example configuration available to the public, it would be nice to have them attached to this bug. If you can do so, it would be great, otherwise by email is fine too. Thanks, Bernhard
Fix will be included in RC1 (or beta9, in case there is one). If the OpenLDAP schemas and configuration can be made public, I'd like to do it, maybe from http://www.suse.de/~bk/pine/FAQ.html, with proper attribution of course.
Thanks for including the fix. As my addressbook transition to LDAP is still "unstable", I don't have a complete howto yet. I will make it public once it works for me, of course. If I don't, please *DO* bug me to do so. I simply forgot then (unlikely, though). For now, some references: I'm using the Mozilla schema from http://wiki.mozilla.org/MailNews:LDAP_Address_Books#LDAP_Address_Book_Schema_-_Alpha_Version In pine, I currently (still experimenting what's best for me) using the following custom-search-filter: (|(mozillaNickname=%s*)(sn=%s*)(givenname=%s*)(cn=*%s*)(mail=*%s*)) Here, mozillaNickname is a (arbitrary) unique attribute. Oddly, sometimes an exact search for '%s' doesn't return anything (even with ldapsearch), so I use '%s*'. I've not tried Thunderbird much as Pine is my primary MUA so I don't know if Thunderbird can use nicknames quite as easily. My Squirrelmail-installation doesn't use LDAP at all yet. http://www.suse.de/~bk/pine/FAQ.html is probably a good place to put it as Google will find it there. May I reference that URL too when I'll post the howto to the pine mailing-list?
Thanks for the info! You may reference http://www.suse.de/~bk/pine/FAQ.html when you post the howto to the pine-info mailing list. If Eduardo Chappa is interested in having a description of LDAP with pine on is pine web site, his site may be even better, but it's not a concern whero have it finally when it works. It's also possible that someone reading the pine-info mailing list may by of some help with LDAP.
I've been unware of his page (http://www.math.washington.edu/~chappa/pine/). Anyways, I've notified him about the patch and this bugzilla entry.