Re: Cyrus-Imap and auxprop ldap
On Thu, 6 May 2010 11:34:57 -0500, Dan White wrote: > On 06/05/10 11:28 -0500, Dan White wrote: >>ldapdb_uri: ldap://ldap.example.com >>ldapdb_id: root >>ldapdb_pw: secret >>ldapdb_mech: DIGEST-MD5 > > That should really be: > > sasl_ldapdb_uri: ldap://ldap.example.com > sasl_ldapdb_id: root > sasl_ldapdb_pw: secret > sasl_ldapdb_mech: DIGEST-MD5 Thanks for your reply. I changed my parameters to: - # grep -E "sasl|ldap" /etc/imapd.conf |grep -v "#" sasl_pwcheck_method: auxprop sasl_auxprop_plugin: ldapdb sasl_auto_transition: no sasl_ldapdb_uri: ldap://localhost sasl_ldapdb_id: cyrus sasl_ldapdb_pw: cyrusadmin sasl_ldapdb_mech: DIGEST-MD5 - But without luck so far. -- # nc localhost 143 * OK ses0gnoc Cyrus IMAP4 v2.2.13-Debian-2.2.13-19 server ready . login julien password . NO Login failed: authentication failure . logout * BYE LOGOUT received . OK Completed -- And I do not see any connection going to localhost:389 (sniffing with tcpdump on lo). - # tcpdump -s 16500 -X -Svni lo tcp and port 389 tcpdump: listening on lo, link-type EN10MB (Ethernet), capture size 16500 bytes - auth.log and slapd.log are not logging anything. mail.info logs the following: - # tail -n 3 /var/log/mail.info Mar 9 05:15:35 ses0gnoc cyrus/ctl_cyrusdb[4285]: checkpointing cyrus databases Mar 9 05:15:36 ses0gnoc cyrus/ctl_cyrusdb[4285]: done checkpointing cyrus databases Mar 9 05:17:30 ses0gnoc cyrus/imap[4298]: badlogin: localhost [127.0.0.1] plaintext julien SASL(-13): user not found: checkpass failed - Am I missing something ? Do I still need saslauthd to be running next to imapd ? Best, Julien Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus-Imap and auxprop ldap
Julien,
Julien Vehent schrieb:
> However, I can't make this work with imapd. I tried to reuse information
> from the man page, but it brought me nowhere...
> My imapd.conf contain the following (regarding sasl and ldap only):
>
> -
> # grep -E "sasl|ldap" /etc/imapd.conf |grep -v "#"
> sasl_pwcheck_method: auxprop
> sasl_auxprop_plugin: ldapdb
> sasl_auto_transition: no
> ldap_uri: ldap://localhost
> ldap_realm: example.net
> ldap_id: cyrus
> ldap_password: cyrusadmin
> -
I have it like this:
sasl_log_level: 5
sasl_pwcheck_method: auxprop
sasl_auxprop_plugin: ldapdb
sasl_ldapdb_uri: ldap://server
sasl_ldapdb_id: user
sasl_ldapdb_pw: password
sasl_ldapdb_mech: PLAIN DIGEST-MD5 CRAM-MD5 LOGIN
allowplaintext: no
sasl_minimum_layer: 0
sasl_ldapdb_starttls: try
sasl_ldap_search_base: ou=foo
sasl_ldap_search_filter: attribute=%U
do you have ptloader configured and running?
# ptloader ldap:
ldap_id: user
ldap_sasl: 1
ldap_password: password
ldap_uri: ldap://server
ldap_start_tls: 0
ldap_mech: PLAIN DIGEST-MD5 CRAM-MD5 LOGIN
ldap_tls_cacert_file: file.pem
ldap_tls_cert: file.pem
ldap_tls_key: file.pem
ldap_base: ou=foo
ldap_group_base: ou=gruppen,ou=foo
ldap_group_filter: ou=%U
ldap_member_attribute: member
ldap_group_scope: sub
ldap_member_method: attribute
cyrus.conf:
SERVICES {
...
ptloader cmd="ptloader" listen="/mail/imap/ptclient/ptsock" prefork=1
Marc
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus-Imap and auxprop ldap
On 07/05/10 11:21 +0200, Julien Vehent wrote: >- ># grep -E "sasl|ldap" /etc/imapd.conf |grep -v "#" >sasl_pwcheck_method: auxprop >sasl_auxprop_plugin: ldapdb >sasl_auto_transition: no >sasl_ldapdb_uri: ldap://localhost >sasl_ldapdb_id: cyrus >sasl_ldapdb_pw: cyrusadmin >sasl_ldapdb_mech: DIGEST-MD5 >- > > >But without luck so far. > >-- ># nc localhost 143 >* OK ses0gnoc Cyrus IMAP4 v2.2.13-Debian-2.2.13-19 server ready >. login julien password >. NO Login failed: authentication failure >. logout >* BYE LOGOUT received >. OK Completed >-- > >And I do not see any connection going to localhost:389 (sniffing with >tcpdump on lo). Verify that your ldapdb auxprop plugin can be initialized: echo "ldapdb_uri: ldap://localhost"; > /usr/lib/sasl2/pluginviewer.conf (the other parameters are not necessary) pluginviewer | grep ldapdb (saslpluginviewer on debian based systems) For further trouble shooting, temporarily increase your syslog auth facility to debug: auth.debug /var/log/auth.log and increase sasl library logging with: sasl_log_level: 7 in imapd.conf -- Dan White Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
