I'm sorry to write on this mailing list but i don't have any response from cyrus-sasl mailing list.

I use cyrus-imapd-2.2.10, cyrus-sasl-2.1.20 and openldap-2.2.18.

I whish authenticate users with need of our ldap server.

For that, i followed instructions found on web sites using the saslauthd daemon which apparently works with the plain mechanism. Is good?

So, i read that saslauthd daemon shouldn't use the /etc/sasldb2 file. It's only when it's indicate in /etc/impad.conf this: sasl_pwcheck_method: auxprop
that the sasldb2 databse is used. Is good?

However, it try to write in /etc/sasldb2 (cf auth.log):

May 27 15:36:42 pc-systeme imaps[318]: transitioning user vrc4952a to
auxprop database
May 27 15:36:42 pc-systeme imaps[318]: SASL error opening password file.
Do you have write permissions?
May 27 15:36:42 pc-systeme imaps[318]: Could not open /etc/sasldb2 for
write: gdbm_errno=3
May 27 15:36:42 pc-systeme imaps[318]: setpass failed for vrc4952a:
generic failure
May 27 15:36:42 pc-systeme imaps[318]: SASL error opening password file.
Do you have write permissions?
May 27 15:36:42 pc-systeme imaps[318]: Could not open /etc/sasldb2 for
write: gdbm_errno=3
May 27 15:36:42 pc-systeme imaps[318]: Error putting OTP secret
May 27 15:36:42 pc-systeme imaps[318]: OTP: failed to set secret for
vrc4952a: generic failure (Permission denied)

For the tests, i voluntarily renamed /etc/sasldb2 to /etc/sasldb2.old to look what it happens.

I don't understand why it do that.

Another questions: What is the difference between ldap_auth_method: bind or custom in /etc/saslauthd.conf? and what does sasl_auto_transition in /etc/impad.conf mean?

Can somebody clear up me the ideas?

Here the differents configuration files of cyrus-imap and cyrus-sasl:

* /usr/lib/sasl2/Cyrus.conf
pwcheck_method: saslauthd
mech_list: plain

* /etc/saslauthd.conf
ldap_servers: ldaps://pc-systeme.cict.fr:636/
#ldap_auth_method: custom
ldap_auth_method: bind
ldap_bind_dn: uid=cyrus,ou=appli,dc=ups-tlse,dc=fr
ldap_password: xxxxx
ldap_search_base: dc=ups-tlse,dc=fr
#ldap_filter: cn=%u

* /etc/cyrus.conf
# standard standalone server implementation

 # do not delete this entry!
 recover       cmd="/usr/local/cyrus_imapd/cyrus/bin/ctl_cyrusdb -r"

 # this is only necessary if using idled for IMAP IDLE
 # idled       cmd="idled"

 # this is useful on backend nodes of a Murder cluster
 # it causes the backend to syncronize its mailbox list with
 # the mupdate master upon startup
 # mupdatepush cmd="/usr/local/cyrus_imapd/cyrus/bin/ctl_mboxlist -m"

 # this is recommended if using duplicate delivery suppression
 delprune cmd="/usr/local/cyrus_imapd/cyrus/bin/ctl_deliver -E 3"
 # this is recommended if caching TLS sessions
 tlsprune cmd="/usr/local/cyrus_imapd/cyrus/bin/tls_prune"

# UNIX sockets start with a slash and are put into /var/imap/socket
# you can use a maxchild=# to limit the maximum number of forks of a service
# you can use babysit=true and maxforkrate=# to keep tight tabs on the
# most services also accept -U (limit number of reuses) and -T (timeout)

 # add or remove based on preferences
 #imap         cmd="imapd" listen="imap" prefork=0
 imaplocal     cmd="imapd -C /etc/imapd-local.conf"
listen="" prefork=0
 imaps         cmd="imapd -s -U 30" listen=""
prefork=0 maxchild=100
#  pop3         cmd="pop3d" listen="pop3" prefork=0
#  pop3s                cmd="pop3d -s" listen="pop3s" prefork=0
 sieve         cmd="timsieved" listen="sieve" prefork=0

 # these are only necessary if receiving/exporting usenet via NNTP
 #  nntp               cmd="nntpd" listen="nntp" prefork=0
 #  nntps              cmd="nntpd -s" listen="nntps" prefork=0

 # at least one LMTP is required for delivery
 #  lmtp               cmd="lmtpd" listen="lmtp" prefork=0
 lmtpunix      cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0

 # this is only necessary if using notifications
  notify       cmd="notifyd" listen="/var/imap/socket/notify"
proto="udp" prefork=1

 # this is required
 checkpoint    cmd="/usr/local/cyrus_imapd/cyrus/bin/ctl_cyrusdb -c"

 # this is only necessary if using duplicate delivery suppression,
 # Sieve or NNTP
 # delprune    cmd="cyr_expire -E 3" at=0400
 delprune cmd="/usr/local/cyrus_imapd/cyrus/bin/ctl_deliver -E 3" at=0401

 # this is only necessary if caching TLS sessions
 tlsprune      cmd="/usr/local/cyrus_imapd/cyrus/bin/tls_prune" at=0401

 squatter cmd="/usr/local/cyrus_imapd/cyrus/bin/squatter -r user.%" at=0401

* /etc/imapd-local.conf
configdirectory: /var/imap
partition-default: /var/spool/imap
admins: cyrus
sievedir: /var/imap/sieve
sendmail: /usr/sbin/sendmail
hashimapspool: true
maxmessagesize: 5000000
#allowplaintext: 0
sasl_pwcheck_method: saslauthd
sasl_option: 1
sasl_mech_list: plain
sasl_auto_transition: 1
servername: pc-systeme.cict.fr
lmtp_downcase_rcpt: 1
mailnotifier: log

* /etc/imapd.conf
configdirectory: /var/imap
partition-default: /var/spool/imap
#admins: cyrus
sievedir: /var/imap/sieve
sendmail: /usr/sbin/sendmail
hashimapspool: true
maxmessagesize: 5000000
sasl_pwcheck_method: saslauthd
sasl_option: 1
sasl_mech_list: plain
sasl_auto_transition: 1
servername: pc-systeme.cict.fr
lmtp_downcase_rcpt: 1
mailnotifier: log
tls_ca_file: /usr/share/ssl/mon_AC/private/mon_AC.crt
tls_cert_file: /usr/share/ssl/mon_AC/certs/server_signed.pem
tls_key_file: /usr/share/ssl/mon_AC/private/server_tls.pem

