lmtp permision denied
Hi, I have installed debian gnu/linux sarge and postfix/cyrus mail server. When I trie to send an e-mail, I get the following error in the mail.log Feb 10 17:46:47 claimcenter postfix/lmtp[19109]: B6D0EDB: to=[EMAIL PROTECTED], relay=none, delay=0, status=deferred (connect to /var/lib/cyrus/socket/lmtp[/var/lib/cyrus/socket/lmtp]: Permission denied) Does anybody know how I can solve this problem? Thanks. R. Amer --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: ldap/cyrus server
On Tue, 10 Feb 2004 10:06:38 +0100, Lindner wrote: I recommend the kolab-server which was designed to replace Exchange. The project is still relatively young but it is free and I am satisfied with it. It's VERY easy to install /maintain and the KDE 3.2 comes with a prerelease of Kontact which is a nice Client-Software for that server. Give it a try. :-) Kolab looks promising. I tested it lately, but had to drop it again, for the time being: 1. It stores passwords in plain text. 2. I couldn't make it accept a set of relatively simple virtual host related requirements that I had. I think that at least the first item has already been covered in the developer-version of Kolab(?), so I'm eager to try the next release. -- Greetings from Troels Arvin, Copenhagen, Denmark --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: lmtp permision denied
Rafel Amer wrote: Hi, I have installed debian gnu/linux sarge and postfix/cyrus mail server. When I trie to send an e-mail, I get the following error in the mail.log Feb 10 17:46:47 claimcenter postfix/lmtp[19109]: B6D0EDB: to=[EMAIL PROTECTED], relay=none, delay=0, status=deferred (connect to /var/lib/cyrus/socket/lmtp[/var/lib/cyrus/socket/lmtp]: Permission denied) Does anybody know how I can solve this problem? What are your permissions on /var/lib/cyrus/socket/lmtp? What version of Cyrus? If it's Debian version 2.1.16-*, did you happen to read /usr/share/doc/cyrus21-doc/README.postfix.gz ? If you didn't, you might want to do so now, otherwise you'll probably miss other important things, besides: Quote from README.postfix.gz WARNING: Since Cyrus pre-auths anything coming through the Unix socket, anyone who can write to it will be able to inject email into Cyrus directly. Use dpkg-statoverride to make sure your configuration for the socket permissions will not be overwritten by the Cyrus packages. Do remember that Postfix usually runs the LMTP transport as user postfix (configurable in /etc/postfix/master.cf). Also, do not run the postfix lmtp transport chrooted if the socket is not inside the chroot. 1. Create a lmtp group: # addgroup lmtp 2. Put user postfix in that group: # adduser postfix lmtp 3. Fix the socket directory permissions: # dpkg-statoverride --force --update --add \ cyrus lmtp 750 /var/run/cyrus/socket 4. Restart Postfix and Cyrus IMAPd # /etc/init.d/postfix restart # /etc/init.d/cyrus21 restart /Quote from README.postfix.gz I highly recommend reading the documentation in /usr/share/doc/cyrus21-docs. I just installed Cyrus-Imapd with Postfix, Maia, Web-Cyradm, and Amavisd-New last week and I didn't have any problems after RTFM'ing. HTH Ed --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
wiki suggestion: integrated products bundling Cyrus IMAPd
Hi folks I thought it might be an idea to start a wiki page tracking products that ship an integrated Cyrus IMAPd. This would be useful in (a) saving people who don't want to roll their own a lot of frustration and (b) potentially saving the mailing list participants a lot of repeat questions and issues. I suggest an entry, possibly on the main wiki page, along the lines of Integrated products including Cyrus. A FAQ entry along the lines of this is too fiddly - isn't there an easier way to make this all just go? that refers to the aforementioned page might be a good idea, too. Sound sensible? Here's my suggested beginning for the product list: [Free] Simon's RPMs - not really integrated mail system, but make setup a bit easier [Commercial] SuSE OpenExchange http://www.suse.de/en/business/products/suse_business/openexchange/ Apple MacOS X Server http://www.apple.com/server/macosx/ --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
saslauthd and ldap and ??? pam
I am interested in knowing the difference and/or advantages of the ways one can use ldap authentication with sasl. One way is to use saslauthd -a ldap, which uses the auth_ldap module for saslauthd. Another way is to use saslauthd -a pam and then specify ldap as the auth mechanism in the various pam.d services such as smtp or imap. Shelley Waltz --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Sieve not working (Fedora / Cyrus (RPMS)
Hello, Been tinkering around with Cyrus now for 4 days, all the mail side of things seem to be ok, the major fly in the ointment (and in fact the reason I moved to cyrus) is that sieve doesn't want to seem to work at all... I've done a fair bit of googling and hunting around to try and work out the solution and before I loose the remaining shred of my sanity I thought it was time to cry for help. So I installed Cyrus using the RPMS from here http://www.invoca.ch/pub/packages/cyrus-imapd/ and things seemed to be going well, got everything working and i'm using fetchmail to collect my mail from various POP accounts and get it onto Cyrus... The problem is sieve, not matter what I've tried it's not working there are no directories in the sieve's dir for users I've created, .sieve files in the users home dir don't work and I seem to be going round in circles, I think the problem is to do with authentication with Sieve and doing # sivtest -u david -a david localhost gets me S : IMPLEMENTATION Cyrus timsieved v2.2.3-Invoca-RPM-2.2.3-4 S: SIEVE fileinto reject envelope vacation imapflags notify subaddress relational regex S: STARTTLS S: OK Authentication failed. generic failure Security strength factor: 0 C: LOGOUT so any thoughts / help much appreciated Regards Dave signature.asc Description: This is a digitally signed message part
Need help with cyrus.logwatch.tgz
Hi! networkers, I'm using imapd-cyrus 2.1.15-2 on RedHat 9 I did the following commands: # cd /tmp # wget http://acs-wiki.andrew.cmu.edu/twiki/pub/Cyrus/Logwatch/cyrus.logwatch.tgz # gunzip cyrus.logwatch.tgz # cd / # tar -xvf /tmp/cyrus.logwatch.tar # logwatch --service cyrus --range all --detail high --print butthe output is empty Did I missed something ? Thanks, Eddy -- [EMAIL PROTECTED]Telephone: 514-340-6073 Analyste - Applications ReseauHEC Montreal3000 Chemin de la Cote Sainte-CatherineMontreal (Quebec)Canada H3T 2A7 Any horizontal surface soon tends to be piled up
Re: upgrade from Cyrus 2.1.15 to cyrus 2.2.3 breaks LDAP auxprop authentication.
On Wed, 11 Feb 2004, Edward Rudd wrote: I'm using the ldapdb auxprop plugin that comes with OpenLDAP 2.1.22 with cyrus sasl 2.1.15, which works perfectly with the sasl2 sample server and client programs, postfix 1.1.12, postfix 2.0.16, and cyrus imapd 2.1.13 to cyrus imapd 2.1.15.. However when I upgraded to cyrus imapd 2.2.3 (all of these are using Simon Matter's wonderful RPMS), I always get user not found when trying to login as any user.. (fully qualified user like [EMAIL PROTECTED] or the cyrus admin user). We've seen some problems with how 2.2 initilizes SASL and working with the LDAPDB plugin. It is not an immediately trivial fix, but I've documented it as Bug 2366. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
SIEVE weirdness
A friend of mine has tried to get Cyrus 2.1.5 running on RHEL 3 and all works except sieve. Doing something like 'sieveshell -u cyrus -a cyrus' prompts for the password over and over. The error message I get is Feb 5 17:09:48 agentsmith timsieved[4172]: unable to open Berkeley db /etc/sasldb2: Invalid argument Feb 5 17:09:48 agentsmith timsieved[4172]: unable to open Berkeley db /etc/sasldb2: Invalid argument Feb 5 17:09:48 agentsmith timsieved[4172]: no secret in database Feb 5 17:09:48 agentsmith timsieved[4172]: badlogin: localhost.localdomain[127.0.0.1] DIGEST-MD5 authentication failure Seems like a problem with the auth method, but when I look in /etc/imapd.conf he's using saslauthd ... postmaster: postmaster configdirectory: /var/lib/imap/ partition-default: /var/spool/imap admins: cyrus allowanonymouslogin: no allowplaintext: yes sasl_mech_list: PLAIN DIGEST-MD5 shadow pwcheck servername: agentsmith.novussententia.com autocreatequota: 1 reject8bit: no quotawarn: 90 timeout: 30 poptimeout: 10 sasl_pwcheck_method: saslauthd sievedir: /usr/sieve sendmail: /usr/sbin/sendmail sieve_maxscriptsize: 32 sieveuserhomedir: no sieve_maxscripts: 5 tls_ca_file: /var/lib/imap/cacert.pem tls_cert_file: /var/lib/imap/server.crt tls_key_file: /var/lib/imap/server.key His cyrus.conf: START { # do not delete this entry! mboxlist cmd=ctl_cyrusdb -r deliver cmd=ctl_deliver -r recover cmd=ctl_cyrusdb -r # this is only necessary if using idled for IMAP IDLE # idledcmd=idled } # UNIX sockets start with a slash and are put into /var/lib/imap/sockets SERVICES { # add or remove based on preferences imap cmd=imapd listen=imap prefork=5 imaps cmd=imapd -s listen=imaps prefork=1 #pop3 cmd=pop3d listen=pop3 prefork=3 #pop3scmd=pop3d -s listen=pop3s prefork=1 sieve cmd=timsieved listen=localhost:sieve prefork=0 lmtpunix cmd=lmtpd listen=/var/lib/imap/socket/lmtp prefork=0 # this is only necessary if using notifications # notify cmd=notifyd listen=/var/lib/imap/socket/notify proto=udp prefork=1 } EVENTS { # this is required checkpointcmd=ctl_cyrusdb -c period=30 # this is only necessary if using duplicate delivery suppression delprune cmd=ctl_deliver -E 3 at=0400 # this is only necessary if caching TLS sessions tlsprune cmd=tls_prune at=0400 squatter cmd=squatter -r user period=1440 } He can login via IMAP just fine. I even see in the logs where it accepts the password as type 'plain'. Below is a strace where we try to authenticate via sieveshell. I see it trying to open /etc/shadow, but not sasldb [pid 4163] ... accept resumed {sa_family=AF_UNIX, [EMAIL PROTECTED], [2]) = 7 [pid 4163] fcntl64(6, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=1} unfinished ... [pid 4162] ... fcntl64 resumed ) = 0 [pid 4163] ... fcntl64 resumed ) = 0 [pid 4162] accept(5, unfinished ... [pid 4163] read(7, \0\6, 2) = 2 [pid 4163] read(7, csmith, 6)= 6 [pid 4163] read(7, \0\5, 2) = 2 [pid 4163] read(7, fr00t, 5) = 5 [pid 4163] read(7, \0\4, 2) = 2 [pid 4163] read(7, smtp, 4) = 4 [pid 4163] read(7, \0\0, 2) = 2 [pid 4163] socket(PF_UNIX, SOCK_STREAM, 0) = 8 [pid 4163] connect(8, {sa_family=AF_UNIX, path=/var/run/.nscd_socket}, 110) = -1 ENOENT (No such file or directory) [pid 4163] close(8)= 0 [pid 4163] open(/etc/nsswitch.conf, O_RDONLY) = 8 [pid 4163] fstat64(8, {st_mode=S_IFREG|0644, st_size=1686, ...}) = 0 [pid 4163] mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb75ea000 [pid 4163] read(8, #\n# /etc/nsswitch.conf\n#\n# An ex..., 4096) = 1686 [pid 4163] read(8, , 4096) = 0 [pid 4163] close(8)= 0 [pid 4163] munmap(0xb75ea000, 4096)= 0 [pid 4163] open(/etc/ld.so.cache, O_RDONLY) = 8 [pid 4163] fstat64(8, {st_mode=S_IFREG|0644, st_size=38297, ...}) = 0 [pid 4163] old_mmap(NULL, 38297, PROT_READ, MAP_PRIVATE, 8, 0) = 0xb75e1000 [pid 4163] close(8)= 0 [pid 4163] open(/lib/libnss_files.so.2, O_RDONLY) = 8 [pid 4163] read(8, \177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\\35\0..., 512) = 512 [pid 4163] fstat64(8, {st_mode=S_IFREG|0755, st_size=51924, ...}) = 0 [pid 4163] old_mmap(NULL, 46720, PROT_READ|PROT_EXEC, MAP_PRIVATE, 8, 0) = 0xb73ce000 [pid 4163] old_mmap(0xb73d9000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 8, 0xa000) = 0xb73d9000 [pid 4163] close(8)= 0 [pid 4163] munmap(0xb75e1000, 38297) = 0 [pid 4163] open(/etc/passwd, O_RDONLY) = 8 [pid 4163] fcntl64(8, F_GETFD) = 0 [pid 4163] fcntl64(8, F_SETFD, FD_CLOEXEC) = 0 [pid 4163] fstat64(8, {st_mode=S_IFREG|0644, st_size=2261, ...}) = 0 [pid 4163] mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb75ea000 [pid 4163] read(8,
Re: saslauthd and ldap and ??? pam
On Wed, 11 Feb 2004, Shelley Waltz wrote: I am interested in knowing the difference and/or advantages of the ways one can use ldap authentication with sasl. One way is to use saslauthd -a ldap, which uses the auth_ldap module for saslauthd. Another way is to use saslauthd -a pam and then specify ldap as the auth mechanism in the various pam.d services such as smtp or imap. saslauthd/ldap combination will give you better performance and in general it is more stable. Some pam implementations/modules leak memory. -- Igor --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: wiki suggestion: integrated products bundling Cyrus IMAPd
Craig Ringer wrote: Hi folks I thought it might be an idea to start a wiki page tracking products that ship an integrated Cyrus IMAPd. This would be useful in (a) saving people who don't want to roll their own a lot of frustration and (b) potentially saving the mailing list participants a lot of repeat questions and issues. I suggest an entry, possibly on the main wiki page, along the lines of Integrated products including Cyrus. A FAQ entry along the lines of this is too fiddly - isn't there an easier way to make this all just go? that refers to the aforementioned page might be a good idea, too. Sound sensible? Here's my suggested beginning for the product list: [Free] Simon's RPMs - not really integrated mail system, but make setup a bit easier [Commercial] SuSE OpenExchange http://www.suse.de/en/business/products/suse_business/openexchange/ Apple MacOS X Server http://www.apple.com/server/macosx/ Here are some more possible additions.. [Free] Cyrus 2.1 packages for Debian stable. Add the following lines to /etc/apt/sources.list .. deb http://people.debian.org/~hmh/woody/ hmh/cyrus/ deb http://people.debian.org/~hmh/woody/ hmh/misc/ [Commercial] Bynari Insight Server http://www.bynari.net/index.php?id=501 SUSE LINUX Standard Server 8 http://www.suse.com/us/business/products/server/standard/features.html --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: serious over quota problem
See: https://bugzilla.andrew.cmu.edu/show_bug.cgi?id=1212 Cyrus IMAP uses a 32bit int to store quota in bytes internally, this causes problems with large quotas. While the bug says 2GB, from what I saw in the code a while back it's an unsigned long which should max out at 4GB. Can one of the developers clarify 2/4GB as the maximum? -David --On Tuesday, February 10, 2004 4:36 PM -0800 Joao Pedras [EMAIL PROTECTED] wrote: Hello Ken, Ken Murchison wrote: Joao Pedras wrote: Hi all! I have this user's box which is NOT over quota but Cyrus insists on saying that it is to sendmail. Also I am not able to drag messages into it. I have ran 'reconstruct' on the the folder with '-r -f' and 'cyrquota -f' also. I have increased/decreased the quota... The problem does not go away. Could someone please provide some insight on this issue? How do you know for a fact that the user is not over quota? Well... the a 'du' on the filesystem shows the usage around 2Gb. The quota root was set to 5,000,000. Plus 'cyrquota' would report around 40% usage which agrees with the number I just gave you. Keep in mind that a quotaroot includes ALL submailboxes. And that is the reason why I check 'du' on filesystem folder. Are there \Deleted messages which have not been expunged? Not quite sure. Wouldn't these count? Is the MUA using a Trash folder? In the user's inbox? Yes, but that one is empty. Wouldn't that also add up to the quota root? Two additional details: 1) it's cyrus 2.0.17 2) I attempted to set the quota to 50,000,000 and the problem went away. With that quota value the usage is down to 4%. Thanks Ken!!! --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: saslauthd and ldap and ??? pam
On Wed, 11 Feb 2004, Igor Brezac wrote: On Wed, 11 Feb 2004, Shelley Waltz wrote: I am interested in knowing the difference and/or advantages of the ways one can use ldap authentication with sasl. One way is to use saslauthd -a ldap, which uses the auth_ldap module for saslauthd. Another way is to use saslauthd -a pam and then specify ldap as the auth mechanism in the various pam.d services such as smtp or imap. saslauthd/ldap combination will give you better performance and in general it is more stable. Some pam implementations/modules leak memory. And without PAM it's one less layer to debug. And you will be debugging. Cyrus IMAP and SASL are great, but they are not simple. As always, Occam's Razor is a handy tool. If you don't have a clear need for PAM integration with SASL, eliminate it. Good luck. -- Andrew --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
autentication problemq
Hi!... I cant autenticate to my imap... and found this mail... Meantime I found the source of the problem. Before I had started with src.rpm version I tried to install from sources. A residue of this attempt was lmtpd deamon still running. To make long story short; postfix used one socket, cyrus listening an other and all configuration files were pointing to new socket (of course). How to detect ? lsof -U|grep cyrus cyrus-master and lmtpd should point to the same location. Anyone can explain please??? If I use the command lsof... master1652root 71u unix 0xf793c080 1918 private/old-cyrus master1652root 74u unix 0xf7941080 1922 private/cyrus master2792 cyrus5u unix 0xc3ab7a80 16864 socket master2792 cyrus 22u unix 0xf3ebe080 16888 /var/imap/socket/lmtp it really necessary that third line and fourth point to same location? If answer is yes... how? Thanks in advance... Arturo -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] En nombre de Andrew J Caird Enviado el: MiƩrcoles, 11 de Febrero de 2004 13:41 Para: [EMAIL PROTECTED] CC: Shelley Waltz Asunto: Re: saslauthd and ldap and ??? pam On Wed, 11 Feb 2004, Igor Brezac wrote: On Wed, 11 Feb 2004, Shelley Waltz wrote: I am interested in knowing the difference and/or advantages of the ways one can use ldap authentication with sasl. One way is to use saslauthd -a ldap, which uses the auth_ldap module for saslauthd. Another way is to use saslauthd -a pam and then specify ldap as the auth mechanism in the various pam.d services such as smtp or imap. saslauthd/ldap combination will give you better performance and in general it is more stable. Some pam implementations/modules leak memory. And without PAM it's one less layer to debug. And you will be debugging. Cyrus IMAP and SASL are great, but they are not simple. As always, Occam's Razor is a handy tool. If you don't have a clear need for PAM integration with SASL, eliminate it. Good luck. -- Andrew --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: SIEVE weirdness
dear listeners, Am Mittwoch, 11. Februar 2004 15:34 schrieb Brian: Doing something like 'sieveshell -u cyrus -a cyrus' prompts for the password over and over. Is there a file /etc/sasldb2 ? If not create it with saslpasswd2 ... (see help) peace luck Stefan --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: login problem
Hi, When try connect me from MUA in messages log through this error: Feb 11 17:11:40 mymachine imap(pam_unix)[3395]: could not identify user (from getpwnam(user.domain.cl)) Exist any way that cyrus take users created in mysql and not mapped over linux users?? yes, there is a way (using pam): use the module pam_mysql (google knows where to find it ;-) set in /etc/imapd.conf: imapsasl_pwcheck_method: saslauthd start: saslauthd -a pam and configure pam_mysql the way you want to use it, eg in /etc/pam.d/imap #%PAM-1.0 auth sufficient pam_mysql.souser=username passwd=mysecret host=localhost db=mail table=accountuser usercolumn=username passwdcolumn=password crypt=1 logtable=log logmsgcolumn=msg logusercolumn=user loghostcolumn=host account required pam_mysql.souser=username passwd=mysecret host=localhost db=mail table=accountuser usercolumn=username passwdcolumn=password crypt=1 logtable=log logmsgcolumn=msg logusercolumn=user loghostcolumn=host I would recommend to read the Postfix-Cyrus-Web-cyradmin-Howto; i've taken my configuration from there (and im using SuSE8.2, so the paths are takem from there) greez Chris Thanks in advance. Arturo --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
rename problems with murder
I've pretty much got most of processes working, the problem that I am having is that when I try to move a mail box from one backend to another using rename. In cyradm the command that I used is rename user.dragon user.dragon 2 or rename user.dragon user.dragon mailbackend2.{mydomain}.com I get the error on the frontend: renamemailbox: Server(s) unavailable to complete operation this happens if I try to move the mailbox between backends or partitions on the same backend the log that I get from the backend is: Feb 11 16:53:53 mailbackend1 imap[15992]: login: mailfront1.bhfc.net [10.4.9.3] cyrus PLAIN+TLS User logged in Feb 11 16:53:53 mailbackend1 imap[15992]: getaddrinfo(2) failed: Name or service not known Feb 11 16:53:53 mailbackend1 imap[15992]: Could not move mailbox: user.dragon, Initial backend connect failed I can do cm, dm, lam, and sam on mailboxes just problems with rename here is the ver info from cyradm name : Cyrus IMAPD version: v2.2.3 2004/01/14 02:11:03 vendor : Project Cyrus support-url: http://asg.web.cmu.edu/cyrus os : Linux os-version : 2.6.3-rc2 environment: Built w/Cyrus SASL 2.1.15 Running w/Cyrus SASL 2.1.15 Built w/Sleepycat Software: Berkeley DB 4.1.25: (October 24, 2003) Running w/Sleepycat Software: Berkeley DB 4.1.25: (October 24, 2003) Built w/OpenSSL 0.9.7a Feb 19 2003 Running w/OpenSSL 0.9.7a Feb 19 2003 CMU Sieve 2.2 TCP Wrappers mmap = shared lock = fcntl nonblock = fcntl auth = unix idle = poll backend-url: any ideas? Thanks -- Mike Smith --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: upgrade from Cyrus 2.1.15 to cyrus 2.2.3 breaks LDAP auxprop authentication.
OK I patched my OpenLDAP and recompiled, installed restarted postfix, cyrus imapd, and started up ldap. And it still retuns user not found when I try to login to cyrus imap. But the auth.log now shows something different.. --- auth.log --- Feb 11 19:19:46 devel imtest: DIGEST-MD5 client step 2 Feb 11 19:19:53 devel imtest: DIGEST-MD5 client step 2 Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 server step 2 Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 client step 2 Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 client step 2 Feb 11 19:19:53 devel imap[2282]: bad userid authenticated Feb 11 19:19:53 devel imap[2282]: no secret in database And my ldap.log shows this (loglevel 255) --- ldap.log --- Feb 11 19:19:53 devel slapd[2053]: daemon: read activity on 12 Feb 11 19:19:53 devel slapd[2053]: connection_get(12) Feb 11 19:19:53 devel slapd[2053]: connection_get(12): got connid=5 Feb 11 19:19:53 devel slapd[2053]: connection_read(12): checking for input on id=5 Feb 11 19:19:53 devel slapd[2053]: ber_get_next on fd 12 failed errno=11 (Resource temporarily unavailable) Feb 11 19:19:53 devel slapd[2065]: connection_operation: error: SASL bind in progress (tag=66). Feb 11 19:19:53 devel slapd[2053]: daemon: select: listen=6 active_threads=1 tvp=NULL Feb 11 19:19:53 devel slapd[2065]: send_ldap_result: conn=5 op=1 p=3 Feb 11 19:19:53 devel slapd[2053]: daemon: activity on 1 descriptors Feb 11 19:19:53 devel slapd[2065]: send_ldap_result: err=1 matched= text=SASL bind in progress Feb 11 19:19:53 devel slapd[2053]: daemon: activity on: Feb 11 19:19:53 devel slapd[2065]: send_ldap_response: msgid=0 tag=48 err=1 Feb 11 19:19:53 devel slapd[2053]: 12r Feb 11 19:19:53 devel slapd[2065]: connection_closing: readying conn=5 sd=12 for close Feb 11 19:19:53 devel slapd[2053]: Feb 11 19:19:53 devel slapd[2065]: connection_resched: attempting closing conn=5 sd=12 Feb 11 19:19:53 devel slapd[2053]: daemon: read activity on 12 Feb 11 19:19:53 devel slapd[2065]: connection_close: conn=5 sd=12 Feb 11 19:19:53 devel slapd[2065]: daemon: removing 12 Feb 11 19:19:53 devel slapd[2053]: connection_get(12) Feb 11 19:19:53 devel slapd[2053]: connection_get(12): connection not used Feb 11 19:19:53 devel slapd[2053]: connection_read(12): no connection! Feb 11 19:19:53 devel slapd[2053]: daemon: removing 12 Feb 11 19:19:53 devel slapd[2053]: daemon: closing 12 On Wed, 2004-02-11 at 07:56, Igor Brezac wrote: Check http://www.openldap.org/its/index.cgi/Software%20Bugs?id=2926;selectid=2926 Cyrus-imap needs to be fixed, but it was easier to change openldap api. -Igor On Wed, 11 Feb 2004, Edward Rudd wrote: I'm using the ldapdb auxprop plugin that comes with OpenLDAP 2.1.22 with cyrus sasl 2.1.15, which works perfectly with the sasl2 sample server and client programs, postfix 1.1.12, postfix 2.0.16, and cyrus imapd 2.1.13 to cyrus imapd 2.1.15.. However when I upgraded to cyrus imapd 2.2.3 (all of these are using Simon Matter's wonderful RPMS), I always get user not found when trying to login as any user.. (fully qualified user like [EMAIL PROTECTED] or the cyrus admin user). And my ldap logs show nothing going on.. literally.. I see a connection coming in from sasl, and then disconnecting.. no other activity is logged. And I have the loglevel for openldap set to 255. My auth.log shows no worthy mechs found and nothing in my imapd.log What changed in relation to SASL configuration from Cyrus IMAPD 2.1.x to 2.2.x?? Here is my relavent imapd.conf sasl_pwcheck_method: auxprop sasl_auxprop_plugin: ldapdb sasl_mech_list: plain digest-md5 cram-md5 ntlm sasl_ldapdb_uri: ldap:/// sasl_ldapdb_id: auxprop_user sasl_ldapdb_pw: password_for_said_user sasl_ldapdb_mech: DIGEST-MD5 Which is the same configuration as sample.conf (for the sample server and client) and smtpd.conf (for postfix). Except those files don't have the sasl_ prefix to the configuration directives.. -- Edward Rudd [EMAIL PROTECTED] Website http://outoforder.cc/ --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
RE: upgrade from Cyrus 2.1.15 to cyrus 2.2.3 breaks LDAP auxpropauthentication.
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Edward Rudd OK I patched my OpenLDAP and recompiled, installed restarted postfix, cyrus imapd, and started up ldap. And it still retuns user not found when I try to login to cyrus imap. But the auth.log now shows something different.. --- auth.log --- Feb 11 19:19:46 devel imtest: DIGEST-MD5 client step 2 Feb 11 19:19:53 devel imtest: DIGEST-MD5 client step 2 Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 server step 2 Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 client step 2 Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 client step 2 Feb 11 19:19:53 devel imap[2282]: bad userid authenticated Feb 11 19:19:53 devel imap[2282]: no secret in database What happened to step 1? And my ldap.log shows this (loglevel 255) --- ldap.log --- Feb 11 19:19:53 devel slapd[2053]: daemon: read activity on 12 Feb 11 19:19:53 devel slapd[2053]: connection_get(12) Feb 11 19:19:53 devel slapd[2053]: connection_get(12): got connid=5 Feb 11 19:19:53 devel slapd[2053]: connection_read(12): checking for input on id=5 OpenLDAP's syslog output is not useful for debugging; it's mainly for reporting normal operational status. You need to run slapd in debug mode and save the output from stderr when you actually want to chase a bug. In this case, both your auth.log and your ldap.log indicate that a SASL Bind has been performed in an improper sequence (i.e., step 1 doesn't appear in the log, and it seems that some other request has been made before the SASL Bind properly completed.). To see exactly what happened, you'll need the debug trace from slapd. -- Howard Chu Chief Architect, Symas Corp. Director, Highland Sun http://www.symas.com http://highlandsun.com/hyc Symas: Premier OpenSource Development and Support --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: upgrade from Cyrus 2.1.15 to cyrus 2.2.3 breaks LDAP auxprop authentication.
Hmm... Can you email me your libraries/libldap/cyrus.c? What version of openldap do you use? I use the latest ldapdb auxprop and OPENLDAP_REL_ENG_2_1 (which is 2.1.26 + some patches) Does ldapdb auxprop work with sample(client|server)? -Igor On Wed, 11 Feb 2004, Edward Rudd wrote: OK I patched my OpenLDAP and recompiled, installed restarted postfix, cyrus imapd, and started up ldap. And it still retuns user not found when I try to login to cyrus imap. But the auth.log now shows something different.. --- auth.log --- Feb 11 19:19:46 devel imtest: DIGEST-MD5 client step 2 Feb 11 19:19:53 devel imtest: DIGEST-MD5 client step 2 Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 server step 2 Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 client step 2 Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 client step 2 Feb 11 19:19:53 devel imap[2282]: bad userid authenticated Feb 11 19:19:53 devel imap[2282]: no secret in database And my ldap.log shows this (loglevel 255) --- ldap.log --- Feb 11 19:19:53 devel slapd[2053]: daemon: read activity on 12 Feb 11 19:19:53 devel slapd[2053]: connection_get(12) Feb 11 19:19:53 devel slapd[2053]: connection_get(12): got connid=5 Feb 11 19:19:53 devel slapd[2053]: connection_read(12): checking for input on id=5 Feb 11 19:19:53 devel slapd[2053]: ber_get_next on fd 12 failed errno=11 (Resource temporarily unavailable) Feb 11 19:19:53 devel slapd[2065]: connection_operation: error: SASL bind in progress (tag=66). Feb 11 19:19:53 devel slapd[2053]: daemon: select: listen=6 active_threads=1 tvp=NULL Feb 11 19:19:53 devel slapd[2065]: send_ldap_result: conn=5 op=1 p=3 Feb 11 19:19:53 devel slapd[2053]: daemon: activity on 1 descriptors Feb 11 19:19:53 devel slapd[2065]: send_ldap_result: err=1 matched= text=SASL bind in progress Feb 11 19:19:53 devel slapd[2053]: daemon: activity on: Feb 11 19:19:53 devel slapd[2065]: send_ldap_response: msgid=0 tag=48 err=1 Feb 11 19:19:53 devel slapd[2053]: 12r Feb 11 19:19:53 devel slapd[2065]: connection_closing: readying conn=5 sd=12 for close Feb 11 19:19:53 devel slapd[2053]: Feb 11 19:19:53 devel slapd[2065]: connection_resched: attempting closing conn=5 sd=12 Feb 11 19:19:53 devel slapd[2053]: daemon: read activity on 12 Feb 11 19:19:53 devel slapd[2065]: connection_close: conn=5 sd=12 Feb 11 19:19:53 devel slapd[2065]: daemon: removing 12 Feb 11 19:19:53 devel slapd[2053]: connection_get(12) Feb 11 19:19:53 devel slapd[2053]: connection_get(12): connection not used Feb 11 19:19:53 devel slapd[2053]: connection_read(12): no connection! Feb 11 19:19:53 devel slapd[2053]: daemon: removing 12 Feb 11 19:19:53 devel slapd[2053]: daemon: closing 12 On Wed, 2004-02-11 at 07:56, Igor Brezac wrote: Check http://www.openldap.org/its/index.cgi/Software%20Bugs?id=2926;selectid=2926 Cyrus-imap needs to be fixed, but it was easier to change openldap api. -Igor On Wed, 11 Feb 2004, Edward Rudd wrote: I'm using the ldapdb auxprop plugin that comes with OpenLDAP 2.1.22 with cyrus sasl 2.1.15, which works perfectly with the sasl2 sample server and client programs, postfix 1.1.12, postfix 2.0.16, and cyrus imapd 2.1.13 to cyrus imapd 2.1.15.. However when I upgraded to cyrus imapd 2.2.3 (all of these are using Simon Matter's wonderful RPMS), I always get user not found when trying to login as any user.. (fully qualified user like [EMAIL PROTECTED] or the cyrus admin user). And my ldap logs show nothing going on.. literally.. I see a connection coming in from sasl, and then disconnecting.. no other activity is logged. And I have the loglevel for openldap set to 255. My auth.log shows no worthy mechs found and nothing in my imapd.log What changed in relation to SASL configuration from Cyrus IMAPD 2.1.x to 2.2.x?? Here is my relavent imapd.conf sasl_pwcheck_method: auxprop sasl_auxprop_plugin: ldapdb sasl_mech_list: plain digest-md5 cram-md5 ntlm sasl_ldapdb_uri: ldap:/// sasl_ldapdb_id: auxprop_user sasl_ldapdb_pw: password_for_said_user sasl_ldapdb_mech: DIGEST-MD5 Which is the same configuration as sample.conf (for the sample server and client) and smtpd.conf (for postfix). Except those files don't have the sasl_ prefix to the configuration directives.. -- Igor --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
RE: upgrade from Cyrus 2.1.15 to cyrus 2.2.3 breaks LDAP auxpropauthentication.
Step one is there just before the imtest: DIGEST-MD5 client step 2.. forgot to copy it in there.. On Wed, 2004-02-11 at 19:58, Howard Chu wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Edward Rudd OK I patched my OpenLDAP and recompiled, installed restarted postfix, cyrus imapd, and started up ldap. And it still retuns user not found when I try to login to cyrus imap. But the auth.log now shows something different.. --- auth.log --- Feb 11 19:19:46 devel imtest: DIGEST-MD5 client step 2 Feb 11 19:19:53 devel imtest: DIGEST-MD5 client step 2 Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 server step 2 Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 client step 2 Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 client step 2 Feb 11 19:19:53 devel imap[2282]: bad userid authenticated Feb 11 19:19:53 devel imap[2282]: no secret in database What happened to step 1? And my ldap.log shows this (loglevel 255) --- ldap.log --- Feb 11 19:19:53 devel slapd[2053]: daemon: read activity on 12 Feb 11 19:19:53 devel slapd[2053]: connection_get(12) Feb 11 19:19:53 devel slapd[2053]: connection_get(12): got connid=5 Feb 11 19:19:53 devel slapd[2053]: connection_read(12): checking for input on id=5 OpenLDAP's syslog output is not useful for debugging; it's mainly for reporting normal operational status. You need to run slapd in debug mode and save the output from stderr when you actually want to chase a bug. In this case, both your auth.log and your ldap.log indicate that a SASL Bind has been performed in an improper sequence (i.e., step 1 doesn't appear in the log, and it seems that some other request has been made before the SASL Bind properly completed.). To see exactly what happened, you'll need the debug trace from slapd. -- Howard Chu Chief Architect, Symas Corp. Director, Highland Sun http://www.symas.com http://highlandsun.com/hyc Symas: Premier OpenSource Development and Support -- Edward Rudd [EMAIL PROTECTED] Website http://outoforder.cc/ --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: upgrade from Cyrus 2.1.15 to cyrus 2.2.3 breaks LDAP auxprop authentication.
OpenLDAP 2.1.22, LDAP AuxProp CVS release 1.1.2.3, I had tried updating to a newer release but it broke things due to the handling of the LDAP v4 PROXY_AUTHZ control in openldap (you directed me to the bug report about it), Cyrus SASL 2.1.15 (2.1.17 causes SLAPD to crash completely). sample client and server work fine, as does postfix. It's just cyrus IMAPd 2.2.3. What did they change from 2.1.x to 2.2.x? Can I roll back those changes? On Wed, 2004-02-11 at 19:51, Igor Brezac wrote: Hmm... Can you email me your libraries/libldap/cyrus.c? What version of openldap do you use? I use the latest ldapdb auxprop and OPENLDAP_REL_ENG_2_1 (which is 2.1.26 + some patches) Does ldapdb auxprop work with sample(client|server)? -Igor On Wed, 11 Feb 2004, Edward Rudd wrote: OK I patched my OpenLDAP and recompiled, installed restarted postfix, cyrus imapd, and started up ldap. And it still retuns user not found when I try to login to cyrus imap. But the auth.log now shows something different.. --- auth.log --- Feb 11 19:19:46 devel imtest: DIGEST-MD5 client step 2 Feb 11 19:19:53 devel imtest: DIGEST-MD5 client step 2 Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 server step 2 Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 client step 2 Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 client step 2 Feb 11 19:19:53 devel imap[2282]: bad userid authenticated Feb 11 19:19:53 devel imap[2282]: no secret in database And my ldap.log shows this (loglevel 255) --- ldap.log --- Feb 11 19:19:53 devel slapd[2053]: daemon: read activity on 12 Feb 11 19:19:53 devel slapd[2053]: connection_get(12) Feb 11 19:19:53 devel slapd[2053]: connection_get(12): got connid=5 Feb 11 19:19:53 devel slapd[2053]: connection_read(12): checking for input on id=5 Feb 11 19:19:53 devel slapd[2053]: ber_get_next on fd 12 failed errno=11 (Resource temporarily unavailable) Feb 11 19:19:53 devel slapd[2065]: connection_operation: error: SASL bind in progress (tag=66). Feb 11 19:19:53 devel slapd[2053]: daemon: select: listen=6 active_threads=1 tvp=NULL Feb 11 19:19:53 devel slapd[2065]: send_ldap_result: conn=5 op=1 p=3 Feb 11 19:19:53 devel slapd[2053]: daemon: activity on 1 descriptors Feb 11 19:19:53 devel slapd[2065]: send_ldap_result: err=1 matched= text=SASL bind in progress Feb 11 19:19:53 devel slapd[2053]: daemon: activity on: Feb 11 19:19:53 devel slapd[2065]: send_ldap_response: msgid=0 tag=48 err=1 Feb 11 19:19:53 devel slapd[2053]: 12r Feb 11 19:19:53 devel slapd[2065]: connection_closing: readying conn=5 sd=12 for close Feb 11 19:19:53 devel slapd[2053]: Feb 11 19:19:53 devel slapd[2065]: connection_resched: attempting closing conn=5 sd=12 Feb 11 19:19:53 devel slapd[2053]: daemon: read activity on 12 Feb 11 19:19:53 devel slapd[2065]: connection_close: conn=5 sd=12 Feb 11 19:19:53 devel slapd[2065]: daemon: removing 12 Feb 11 19:19:53 devel slapd[2053]: connection_get(12) Feb 11 19:19:53 devel slapd[2053]: connection_get(12): connection not used Feb 11 19:19:53 devel slapd[2053]: connection_read(12): no connection! Feb 11 19:19:53 devel slapd[2053]: daemon: removing 12 Feb 11 19:19:53 devel slapd[2053]: daemon: closing 12 On Wed, 2004-02-11 at 07:56, Igor Brezac wrote: Check http://www.openldap.org/its/index.cgi/Software%20Bugs?id=2926;selectid=2926 Cyrus-imap needs to be fixed, but it was easier to change openldap api. -Igor On Wed, 11 Feb 2004, Edward Rudd wrote: I'm using the ldapdb auxprop plugin that comes with OpenLDAP 2.1.22 with cyrus sasl 2.1.15, which works perfectly with the sasl2 sample server and client programs, postfix 1.1.12, postfix 2.0.16, and cyrus imapd 2.1.13 to cyrus imapd 2.1.15.. However when I upgraded to cyrus imapd 2.2.3 (all of these are using Simon Matter's wonderful RPMS), I always get user not found when trying to login as any user.. (fully qualified user like [EMAIL PROTECTED] or the cyrus admin user). And my ldap logs show nothing going on.. literally.. I see a connection coming in from sasl, and then disconnecting.. no other activity is logged. And I have the loglevel for openldap set to 255. My auth.log shows no worthy mechs found and nothing in my imapd.log What changed in relation to SASL configuration from Cyrus IMAPD 2.1.x to 2.2.x?? Here is my relavent imapd.conf sasl_pwcheck_method: auxprop sasl_auxprop_plugin: ldapdb sasl_mech_list: plain digest-md5 cram-md5 ntlm sasl_ldapdb_uri: ldap:/// sasl_ldapdb_id: auxprop_user sasl_ldapdb_pw: password_for_said_user sasl_ldapdb_mech: DIGEST-MD5 Which is the same configuration as sample.conf (for the sample server and client) and smtpd.conf (for postfix). Except those files don't have the sasl_ prefix to the configuration directives.. -- Edward Rudd [EMAIL PROTECTED] Website
RE: upgrade from Cyrus 2.1.15 to cyrus 2.2.3 breaks LDAP auxpropauthentication.
Here is the nohup slapd -d 255 file. and the entries from auth.log when running imtest -a cyrus -u cyrus -m login devel Feb 11 20:48:13 devel slapd[2927]: auxpropfunc error -7 Feb 11 20:48:13 devel slapd[2927]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: ldapdb Feb 11 20:48:20 devel imap[2922]: DIGEST-MD5 client step 2 Feb 11 20:48:20 devel imap[2922]: DIGEST-MD5 client step 2 Feb 11 20:48:20 devel imap[2922]: bad userid authenticated There is no step 1 in there.. How odd.. On Wed, 2004-02-11 at 19:58, Howard Chu wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Edward Rudd OK I patched my OpenLDAP and recompiled, installed restarted postfix, cyrus imapd, and started up ldap. And it still retuns user not found when I try to login to cyrus imap. But the auth.log now shows something different.. --- auth.log --- Feb 11 19:19:46 devel imtest: DIGEST-MD5 client step 2 Feb 11 19:19:53 devel imtest: DIGEST-MD5 client step 2 Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 server step 2 Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 client step 2 Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 client step 2 Feb 11 19:19:53 devel imap[2282]: bad userid authenticated Feb 11 19:19:53 devel imap[2282]: no secret in database What happened to step 1? And my ldap.log shows this (loglevel 255) --- ldap.log --- Feb 11 19:19:53 devel slapd[2053]: daemon: read activity on 12 Feb 11 19:19:53 devel slapd[2053]: connection_get(12) Feb 11 19:19:53 devel slapd[2053]: connection_get(12): got connid=5 Feb 11 19:19:53 devel slapd[2053]: connection_read(12): checking for input on id=5 OpenLDAP's syslog output is not useful for debugging; it's mainly for reporting normal operational status. You need to run slapd in debug mode and save the output from stderr when you actually want to chase a bug. In this case, both your auth.log and your ldap.log indicate that a SASL Bind has been performed in an improper sequence (i.e., step 1 doesn't appear in the log, and it seems that some other request has been made before the SASL Bind properly completed.). To see exactly what happened, you'll need the debug trace from slapd. -- Howard Chu Chief Architect, Symas Corp. Director, Highland Sun http://www.symas.com http://highlandsun.com/hyc Symas: Premier OpenSource Development and Support -- Edward Rudd [EMAIL PROTECTED] Website http://outoforder.cc/ ldaplog.gz Description: GNU Zip compressed data
RE: upgrade from Cyrus 2.1.15 to cyrus 2.2.3 breaks LDAPauxpropauthentication.
It looks like the ldapdb plugin sent an Unbind immediately after sending the first SASL Bind request. It seems that the SASL client library didn't like the challenge it got from the slapd server. At this point it would have been helpful to enable LDAP debugging in the ldapdb plugin, but I never coded an option to do that. You could hardcode a call to ldap_set_option() to enable this yourself. You'll also need to add a call to extract the error message string so you can see whatever message the SASL library produced. Or you could file an enhancement request in the OpenLDAP ITS suggesting some that a debug option be added... At any rate, this is only going to tell you that something went wrong inside the SASL library, and whatever that problem is will still need to be fixed. -- Howard Chu Chief Architect, Symas Corp. Director, Highland Sun http://www.symas.com http://highlandsun.com/hyc Symas: Premier OpenSource Development and Support -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Edward Rudd Sent: Wednesday, February 11, 2004 6:54 PM To: Howard Chu Cc: 'Igor Brezac'; 'Cyrus-SASL'; 'Cyrus-IMAP' Subject: RE: upgrade from Cyrus 2.1.15 to cyrus 2.2.3 breaks LDAPauxpropauthentication. Here is the nohup slapd -d 255 file. and the entries from auth.log when running imtest -a cyrus -u cyrus -m login devel Feb 11 20:48:13 devel slapd[2927]: auxpropfunc error -7 Feb 11 20:48:13 devel slapd[2927]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: ldapdb Feb 11 20:48:20 devel imap[2922]: DIGEST-MD5 client step 2 Feb 11 20:48:20 devel imap[2922]: DIGEST-MD5 client step 2 Feb 11 20:48:20 devel imap[2922]: bad userid authenticated There is no step 1 in there.. How odd.. On Wed, 2004-02-11 at 19:58, Howard Chu wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Edward Rudd OK I patched my OpenLDAP and recompiled, installed restarted postfix, cyrus imapd, and started up ldap. And it still retuns user not found when I try to login to cyrus imap. But the auth.log now shows something different.. --- auth.log --- Feb 11 19:19:46 devel imtest: DIGEST-MD5 client step 2 Feb 11 19:19:53 devel imtest: DIGEST-MD5 client step 2 Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 server step 2 Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 client step 2 Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 client step 2 Feb 11 19:19:53 devel imap[2282]: bad userid authenticated Feb 11 19:19:53 devel imap[2282]: no secret in database What happened to step 1? And my ldap.log shows this (loglevel 255) --- ldap.log --- Feb 11 19:19:53 devel slapd[2053]: daemon: read activity on 12 Feb 11 19:19:53 devel slapd[2053]: connection_get(12) Feb 11 19:19:53 devel slapd[2053]: connection_get(12): got connid=5 Feb 11 19:19:53 devel slapd[2053]: connection_read(12): checking for input on id=5 OpenLDAP's syslog output is not useful for debugging; it's mainly for reporting normal operational status. You need to run slapd in debug mode and save the output from stderr when you actually want to chase a bug. In this case, both your auth.log and your ldap.log indicate that a SASL Bind has been performed in an improper sequence (i.e., step 1 doesn't appear in the log, and it seems that some other request has been made before the SASL Bind properly completed.). To see exactly what happened, you'll need the debug trace from slapd. -- Howard Chu Chief Architect, Symas Corp. Director, Highland Sun http://www.symas.com http://highlandsun.com/hyc Symas: Premier OpenSource Development and Support -- Edward Rudd [EMAIL PROTECTED] Website http://outoforder.cc/ --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
cyrus-imapd-2.2.x and web-cyradm+pam_mysql+saslauthd?
Does web-cyradm + mysql + pam_mysql + cyrus-imapd-2.2.3-4 combination work anymore, or should I change the authentication mechanism? Any help would be greatly appreciated. Thanks Khan __ Do you Yahoo!? Yahoo! Finance: Get your refund fast by filing online. http://taxes.yahoo.com/filing.html --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: SIEVE weirdness
A friend of mine has tried to get Cyrus 2.1.5 running on RHEL 3 and all works except sieve. Doing something like 'sieveshell -u cyrus -a cyrus' prompts for the password over and over. The error message I get is Feb 5 17:09:48 agentsmith timsieved[4172]: unable to open Berkeley db /etc/sasldb2: Invalid argument Feb 5 17:09:48 agentsmith timsieved[4172]: unable to open Berkeley db /etc/sasldb2: Invalid argument Feb 5 17:09:48 agentsmith timsieved[4172]: no secret in database Feb 5 17:09:48 agentsmith timsieved[4172]: badlogin: localhost.localdomain[127.0.0.1] DIGEST-MD5 authentication failure Seems like a problem with the auth method, but when I look in /etc/imapd.conf he's using saslauthd ... postmaster: postmaster configdirectory: /var/lib/imap/ partition-default: /var/spool/imap admins: cyrus allowanonymouslogin: no allowplaintext: yes sasl_mech_list: PLAIN DIGEST-MD5 shadow pwcheck ^^^ What exactly do you want here? Since you are using saslauthd as sasl_pwcheck_method, you very likely use PAM/shadow to authenticate. Then, just use 'sasl_mech_list: PLAIN'. IIRC sieveshell is different from the other cyrus tools when it comes to using different mechs. Of course you need /etc/pam.d/sieve with proper config. Simon servername: agentsmith.novussententia.com autocreatequota: 1 reject8bit: no quotawarn: 90 timeout: 30 poptimeout: 10 sasl_pwcheck_method: saslauthd sievedir: /usr/sieve sendmail: /usr/sbin/sendmail sieve_maxscriptsize: 32 sieveuserhomedir: no sieve_maxscripts: 5 tls_ca_file: /var/lib/imap/cacert.pem tls_cert_file: /var/lib/imap/server.crt tls_key_file: /var/lib/imap/server.key His cyrus.conf: START { # do not delete this entry! mboxlist cmd=ctl_cyrusdb -r deliver cmd=ctl_deliver -r recover cmd=ctl_cyrusdb -r # this is only necessary if using idled for IMAP IDLE # idledcmd=idled } # UNIX sockets start with a slash and are put into /var/lib/imap/sockets SERVICES { # add or remove based on preferences imap cmd=imapd listen=imap prefork=5 imaps cmd=imapd -s listen=imaps prefork=1 #pop3 cmd=pop3d listen=pop3 prefork=3 #pop3scmd=pop3d -s listen=pop3s prefork=1 sieve cmd=timsieved listen=localhost:sieve prefork=0 lmtpunix cmd=lmtpd listen=/var/lib/imap/socket/lmtp prefork=0 # this is only necessary if using notifications # notify cmd=notifyd listen=/var/lib/imap/socket/notify proto=udp prefork=1 } EVENTS { # this is required checkpointcmd=ctl_cyrusdb -c period=30 # this is only necessary if using duplicate delivery suppression delprune cmd=ctl_deliver -E 3 at=0400 # this is only necessary if caching TLS sessions tlsprune cmd=tls_prune at=0400 squatter cmd=squatter -r user period=1440 } He can login via IMAP just fine. I even see in the logs where it accepts the password as type 'plain'. Below is a strace where we try to authenticate via sieveshell. I see it trying to open /etc/shadow, but not sasldb [pid 4163] ... accept resumed {sa_family=AF_UNIX, [EMAIL PROTECTED], [2]) = 7 [pid 4163] fcntl64(6, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=1} unfinished ... [pid 4162] ... fcntl64 resumed ) = 0 [pid 4163] ... fcntl64 resumed ) = 0 [pid 4162] accept(5, unfinished ... [pid 4163] read(7, \0\6, 2) = 2 [pid 4163] read(7, csmith, 6)= 6 [pid 4163] read(7, \0\5, 2) = 2 [pid 4163] read(7, fr00t, 5) = 5 [pid 4163] read(7, \0\4, 2) = 2 [pid 4163] read(7, smtp, 4) = 4 [pid 4163] read(7, \0\0, 2) = 2 [pid 4163] socket(PF_UNIX, SOCK_STREAM, 0) = 8 [pid 4163] connect(8, {sa_family=AF_UNIX, path=/var/run/.nscd_socket}, 110) = -1 ENOENT (No such file or directory) [pid 4163] close(8)= 0 [pid 4163] open(/etc/nsswitch.conf, O_RDONLY) = 8 [pid 4163] fstat64(8, {st_mode=S_IFREG|0644, st_size=1686, ...}) = 0 [pid 4163] mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb75ea000 [pid 4163] read(8, #\n# /etc/nsswitch.conf\n#\n# An ex..., 4096) = 1686 [pid 4163] read(8, , 4096) = 0 [pid 4163] close(8)= 0 [pid 4163] munmap(0xb75ea000, 4096)= 0 [pid 4163] open(/etc/ld.so.cache, O_RDONLY) = 8 [pid 4163] fstat64(8, {st_mode=S_IFREG|0644, st_size=38297, ...}) = 0 [pid 4163] old_mmap(NULL, 38297, PROT_READ, MAP_PRIVATE, 8, 0) = 0xb75e1000 [pid 4163] close(8)= 0 [pid 4163] open(/lib/libnss_files.so.2, O_RDONLY) = 8 [pid 4163] read(8, \177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\\35\0..., 512) = 512 [pid 4163] fstat64(8, {st_mode=S_IFREG|0755, st_size=51924, ...}) = 0 [pid 4163] old_mmap(NULL, 46720, PROT_READ|PROT_EXEC, MAP_PRIVATE, 8, 0) = 0xb73ce000 [pid 4163] old_mmap(0xb73d9000, 4096,
[Fwd: Re: serious over quota problem]
The cc: didn't seem to work so here it goes. Original Message Subject: Re: serious over quota problem Date: Wed, 11 Feb 2004 11:19:57 -0800 From: Joao Pedras [EMAIL PROTECTED] To: David R Bosso [EMAIL PROTECTED] CC: [EMAIL PROTECTED] References: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] So one possible solution for the problem would be to create separate quotas for the sub-folders, instead of dealing with one massive quota root. Would this be correct? David R Bosso wrote: See: https://bugzilla.andrew.cmu.edu/show_bug.cgi?id=1212 Cyrus IMAP uses a 32bit int to store quota in bytes internally, this causes problems with large quotas. While the bug says 2GB, from what I saw in the code a while back it's an unsigned long which should max out at 4GB. Can one of the developers clarify 2/4GB as the maximum? -David --On Tuesday, February 10, 2004 4:36 PM -0800 Joao Pedras [EMAIL PROTECTED] wrote: Hello Ken, Ken Murchison wrote: Joao Pedras wrote: Hi all! I have this user's box which is NOT over quota but Cyrus insists on saying that it is to sendmail. Also I am not able to drag messages into it. I have ran 'reconstruct' on the the folder with '-r -f' and 'cyrquota -f' also. I have increased/decreased the quota... The problem does not go away. Could someone please provide some insight on this issue? How do you know for a fact that the user is not over quota? Well... the a 'du' on the filesystem shows the usage around 2Gb. The quota root was set to 5,000,000. Plus 'cyrquota' would report around 40% usage which agrees with the number I just gave you. Keep in mind that a quotaroot includes ALL submailboxes. And that is the reason why I check 'du' on filesystem folder. Are there \Deleted messages which have not been expunged? Not quite sure. Wouldn't these count? Is the MUA using a Trash folder? In the user's inbox? Yes, but that one is empty. Wouldn't that also add up to the quota root? Two additional details: 1) it's cyrus 2.0.17 2) I attempted to set the quota to 50,000,000 and the problem went away. With that quota value the usage is down to 4%. Thanks Ken!!! --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: upgrade from Cyrus 2.1.15 to cyrus 2.2.3 breaks LDAP auxprop authentication.
On Wed, 11 Feb 2004, Edward Rudd wrote: OpenLDAP 2.1.22, LDAP AuxProp CVS release 1.1.2.3, I had tried updating to a newer release but it broke things due to the handling of the LDAP v4 PROXY_AUTHZ control in openldap (you directed me to the bug report about it), Cyrus SASL 2.1.15 (2.1.17 causes SLAPD to crash completely). sample client and server work fine, as does postfix. It's just cyrus IMAPd 2.2.3. Your cyrus.c looks good. My guess is that if you debug ldapdb.c you'll find 'no worthy mechs' error which means that the ldapdb auxprop is not using your new libldap. What did they change from 2.1.x to 2.2.x? Can I roll back those changes? I have to look, but my guess is that too many changes took place. I can write a quick patch for this, but the libldap fix works just as well. On Wed, 2004-02-11 at 19:51, Igor Brezac wrote: Hmm... Can you email me your libraries/libldap/cyrus.c? What version of openldap do you use? I use the latest ldapdb auxprop and OPENLDAP_REL_ENG_2_1 (which is 2.1.26 + some patches) Does ldapdb auxprop work with sample(client|server)? -Igor On Wed, 11 Feb 2004, Edward Rudd wrote: OK I patched my OpenLDAP and recompiled, installed restarted postfix, cyrus imapd, and started up ldap. And it still retuns user not found when I try to login to cyrus imap. But the auth.log now shows something different.. --- auth.log --- Feb 11 19:19:46 devel imtest: DIGEST-MD5 client step 2 Feb 11 19:19:53 devel imtest: DIGEST-MD5 client step 2 Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 server step 2 Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 client step 2 Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 client step 2 Feb 11 19:19:53 devel imap[2282]: bad userid authenticated Feb 11 19:19:53 devel imap[2282]: no secret in database And my ldap.log shows this (loglevel 255) --- ldap.log --- Feb 11 19:19:53 devel slapd[2053]: daemon: read activity on 12 Feb 11 19:19:53 devel slapd[2053]: connection_get(12) Feb 11 19:19:53 devel slapd[2053]: connection_get(12): got connid=5 Feb 11 19:19:53 devel slapd[2053]: connection_read(12): checking for input on id=5 Feb 11 19:19:53 devel slapd[2053]: ber_get_next on fd 12 failed errno=11 (Resource temporarily unavailable) Feb 11 19:19:53 devel slapd[2065]: connection_operation: error: SASL bind in progress (tag=66). Feb 11 19:19:53 devel slapd[2053]: daemon: select: listen=6 active_threads=1 tvp=NULL Feb 11 19:19:53 devel slapd[2065]: send_ldap_result: conn=5 op=1 p=3 Feb 11 19:19:53 devel slapd[2053]: daemon: activity on 1 descriptors Feb 11 19:19:53 devel slapd[2065]: send_ldap_result: err=1 matched= text=SASL bind in progress Feb 11 19:19:53 devel slapd[2053]: daemon: activity on: Feb 11 19:19:53 devel slapd[2065]: send_ldap_response: msgid=0 tag=48 err=1 Feb 11 19:19:53 devel slapd[2053]: 12r Feb 11 19:19:53 devel slapd[2065]: connection_closing: readying conn=5 sd=12 for close Feb 11 19:19:53 devel slapd[2053]: Feb 11 19:19:53 devel slapd[2065]: connection_resched: attempting closing conn=5 sd=12 Feb 11 19:19:53 devel slapd[2053]: daemon: read activity on 12 Feb 11 19:19:53 devel slapd[2065]: connection_close: conn=5 sd=12 Feb 11 19:19:53 devel slapd[2065]: daemon: removing 12 Feb 11 19:19:53 devel slapd[2053]: connection_get(12) Feb 11 19:19:53 devel slapd[2053]: connection_get(12): connection not used Feb 11 19:19:53 devel slapd[2053]: connection_read(12): no connection! Feb 11 19:19:53 devel slapd[2053]: daemon: removing 12 Feb 11 19:19:53 devel slapd[2053]: daemon: closing 12 On Wed, 2004-02-11 at 07:56, Igor Brezac wrote: Check http://www.openldap.org/its/index.cgi/Software%20Bugs?id=2926;selectid=2926 Cyrus-imap needs to be fixed, but it was easier to change openldap api. -Igor On Wed, 11 Feb 2004, Edward Rudd wrote: I'm using the ldapdb auxprop plugin that comes with OpenLDAP 2.1.22 with cyrus sasl 2.1.15, which works perfectly with the sasl2 sample server and client programs, postfix 1.1.12, postfix 2.0.16, and cyrus imapd 2.1.13 to cyrus imapd 2.1.15.. However when I upgraded to cyrus imapd 2.2.3 (all of these are using Simon Matter's wonderful RPMS), I always get user not found when trying to login as any user.. (fully qualified user like [EMAIL PROTECTED] or the cyrus admin user). And my ldap logs show nothing going on.. literally.. I see a connection coming in from sasl, and then disconnecting.. no other activity is logged. And I have the loglevel for openldap set to 255. My auth.log shows no worthy mechs found and nothing in my imapd.log What changed in relation to SASL configuration from Cyrus IMAPD 2.1.x to 2.2.x?? Here is my relavent imapd.conf sasl_pwcheck_method: auxprop sasl_auxprop_plugin: ldapdb