Re: Cyrus-Imap and auxprop ldap
On Thu, 6 May 2010 11:34:57 -0500, Dan White wrote: > On 06/05/10 11:28 -0500, Dan White wrote: >>ldapdb_uri: ldap://ldap.example.com >>ldapdb_id: root >>ldapdb_pw: secret >>ldapdb_mech: DIGEST-MD5 > > That should really be: > > sasl_ldapdb_uri: ldap://ldap.example.com > sasl_ldapdb_id: root > sasl_ldapdb_pw: secret > sasl_ldapdb_mech: DIGEST-MD5 Thanks for your reply. I changed my parameters to: - # grep -E "sasl|ldap" /etc/imapd.conf |grep -v "#" sasl_pwcheck_method: auxprop sasl_auxprop_plugin: ldapdb sasl_auto_transition: no sasl_ldapdb_uri: ldap://localhost sasl_ldapdb_id: cyrus sasl_ldapdb_pw: cyrusadmin sasl_ldapdb_mech: DIGEST-MD5 - But without luck so far. -- # nc localhost 143 * OK ses0gnoc Cyrus IMAP4 v2.2.13-Debian-2.2.13-19 server ready . login julien password . NO Login failed: authentication failure . logout * BYE LOGOUT received . OK Completed -- And I do not see any connection going to localhost:389 (sniffing with tcpdump on lo). - # tcpdump -s 16500 -X -Svni lo tcp and port 389 tcpdump: listening on lo, link-type EN10MB (Ethernet), capture size 16500 bytes - auth.log and slapd.log are not logging anything. mail.info logs the following: - # tail -n 3 /var/log/mail.info Mar 9 05:15:35 ses0gnoc cyrus/ctl_cyrusdb[4285]: checkpointing cyrus databases Mar 9 05:15:36 ses0gnoc cyrus/ctl_cyrusdb[4285]: done checkpointing cyrus databases Mar 9 05:17:30 ses0gnoc cyrus/imap[4298]: badlogin: localhost [127.0.0.1] plaintext julien SASL(-13): user not found: checkpass failed - Am I missing something ? Do I still need saslauthd to be running next to imapd ? Best, Julien Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus-Imap and auxprop ldap
Julien, Julien Vehent schrieb: > However, I can't make this work with imapd. I tried to reuse information > from the man page, but it brought me nowhere... > My imapd.conf contain the following (regarding sasl and ldap only): > > - > # grep -E "sasl|ldap" /etc/imapd.conf |grep -v "#" > sasl_pwcheck_method: auxprop > sasl_auxprop_plugin: ldapdb > sasl_auto_transition: no > ldap_uri: ldap://localhost > ldap_realm: example.net > ldap_id: cyrus > ldap_password: cyrusadmin > - I have it like this: sasl_log_level: 5 sasl_pwcheck_method: auxprop sasl_auxprop_plugin: ldapdb sasl_ldapdb_uri: ldap://server sasl_ldapdb_id: user sasl_ldapdb_pw: password sasl_ldapdb_mech: PLAIN DIGEST-MD5 CRAM-MD5 LOGIN allowplaintext: no sasl_minimum_layer: 0 sasl_ldapdb_starttls: try sasl_ldap_search_base: ou=foo sasl_ldap_search_filter: attribute=%U do you have ptloader configured and running? # ptloader ldap: ldap_id: user ldap_sasl: 1 ldap_password: password ldap_uri: ldap://server ldap_start_tls: 0 ldap_mech: PLAIN DIGEST-MD5 CRAM-MD5 LOGIN ldap_tls_cacert_file: file.pem ldap_tls_cert: file.pem ldap_tls_key: file.pem ldap_base: ou=foo ldap_group_base: ou=gruppen,ou=foo ldap_group_filter: ou=%U ldap_member_attribute: member ldap_group_scope: sub ldap_member_method: attribute cyrus.conf: SERVICES { ... ptloader cmd="ptloader" listen="/mail/imap/ptclient/ptsock" prefork=1 Marc Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus-Imap and auxprop ldap
On 07/05/10 11:21 +0200, Julien Vehent wrote: >- ># grep -E "sasl|ldap" /etc/imapd.conf |grep -v "#" >sasl_pwcheck_method: auxprop >sasl_auxprop_plugin: ldapdb >sasl_auto_transition: no >sasl_ldapdb_uri: ldap://localhost >sasl_ldapdb_id: cyrus >sasl_ldapdb_pw: cyrusadmin >sasl_ldapdb_mech: DIGEST-MD5 >- > > >But without luck so far. > >-- ># nc localhost 143 >* OK ses0gnoc Cyrus IMAP4 v2.2.13-Debian-2.2.13-19 server ready >. login julien password >. NO Login failed: authentication failure >. logout >* BYE LOGOUT received >. OK Completed >-- > >And I do not see any connection going to localhost:389 (sniffing with >tcpdump on lo). Verify that your ldapdb auxprop plugin can be initialized: echo "ldapdb_uri: ldap://localhost"; > /usr/lib/sasl2/pluginviewer.conf (the other parameters are not necessary) pluginviewer | grep ldapdb (saslpluginviewer on debian based systems) For further trouble shooting, temporarily increase your syslog auth facility to debug: auth.debug /var/log/auth.log and increase sasl library logging with: sasl_log_level: 7 in imapd.conf -- Dan White Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html