Re: ldapdb auxprop configuration

Lars Hanke Fri, 02 Jan 2009 13:40:55 -0800

Thanks Dan,

 > To make sure that the ldapdb plugin is installed correctly:
 > # cat > /usr/lib/sasl2/pluginview.conf
 > # pluginviewer | grep ldapdb
hermod:/# grep sasl /etc/imapd.conf | grep -v '^#' | grep -v '^\s*$' | 
sed 's/^sasl_//' > /usr/lib/sasl2/pluginviewer.conf
hermod:/# saslpluginviewer -a
Installed auxprop mechanisms are:
ldapdb sasldb
List of auxprop plugins follows
Plugin "ldapdb" ,       API version: 4
        supports store: yes


Plugin "sasldb" ,       API version: 4
        supports store: yes

Didn't know this tool so far. Should it say something different?

 > Does your /var/log/auth.log or /var/log/syslog give you anything useful?
At least it's not too useful to me ... (after setting sasl_log_level: 7)

/var/log/auth.log:
Jan  2 22:31:15 hermod cyrus/imap[3432]: DIGEST-MD5 server step 1
Jan  2 22:31:15 hermod imtest: DIGEST-MD5 client step 2
Jan  2 22:31:17 hermod imtest: DIGEST-MD5 client step 2
Jan  2 22:31:17 hermod cyrus/imap[3432]: DIGEST-MD5 server step 2

/var/log/syslog:
Jan  2 22:31:15 hermod cyrus/master[3432]: about to exec 
/usr/lib/cyrus/bin/imapd
Jan  2 22:31:15 hermod cyrus/imap[3432]: executed
Jan  2 22:31:15 hermod cyrus/imap[3432]: accepted connection
Jan  2 22:31:17 hermod cyrus/master[3425]: process 3432 exited, signaled 
to death by 11
Jan  2 22:31:17 hermod cyrus/master[3425]: service imap pid 3432 in BUSY 
state: terminated abnormally

 > You may want to experiment with the ldapdb_starttls and ldapdb_rc 
options (see sasl's options.html doc).  See 'man ldap.conf' for options 
that you can place in ldaprc. If you do choose to use starttls, you'll 
need to replace ldaps://hel.mgr with ldap://hel.mgr.

I tried
sasl_ldapdb_uri: ldap://hel.mgr
sasl_ldapdb_starttls: try

and it comes out the same; slapd logs a successful STARTTLS.

I tried:
sasl_ldapdb_rc: /etc/ldap/ldap.conf

which yields sending short packages in both cases. This slapd debug 
output is from a STARTTLS variant:
TLS: can't accept: A TLS packet with unexpected length was received..
connection_read(16): TLS accept failure error=-1 id=8, closing
connection_closing: readying conn=8 sd=16 for close
connection_close: conn=8 sd=16
conn=8 fd=16 closed (TLS negotiation failure)

But still imtest fails with "failure: prot layer failure". There is no 
activity in slapd before the password is entered in imtest.

----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: ldapdb auxprop configuration

Reply via email to