Re: imapd + sasl + ldapdb problems

[Peter Erickson]

I got it working so thanks for clarifying the setup for the ldapdb  
auxprop module. I needed to add an additional authz-regexp option to  
the openldap config to map an email address to its proper ldap entry.  
Once that was added, everything started working. Thanks again for the  
help.

On Wed Feb  5 12:07:58 2014, Dan White  wrote:
> On 02/05/14 11:15 -0600, Peter Erickson wrote:
>>>> virtdomains: userid
>>>> defaultdomain: example.com
>>>
>>> Other than that, your config looks reasonable. Include an 'ldapdb_mech'
>>> option to reduce confusion. sasl_ldapdb_canon_attr may need to be 'uid'
>>> instead, since example.com is the default domain. This command should
>>> succeed, and return the DN of the test user if your config is good:
>>
>> Just to make sure that I'm understanding the options right, is there a
>> good explanation for what sasl_ldapdb_canon_attr does? I'm not quite
>> sure that I understand its purpose.
>
> sasl_ldapdb_canon_attr will be the resolved identity that sasl hands back
> to cyrus. The identity will be used to find the user's INBOX. Having a
> default domain complicates things a bit (and you may have to experiment. I
> don't define a default domain). Basically, the sasl_ldapdb_canon_attr
> should equal the user portion of their INBOX name. It's handy in scenarios
> where the authentication identity differs from the mailbox name (name
> change, for instance).
>
>> Based on the following, its possible that my problem isn't with cyrus
>> imapd/sasl, but a misunderstanding of the ldap proxy authorization
>> process and I need to recheck my ldap config. I'm more accustomed to
>> using ldap filters and a base instead of the proxy authorization.
>>
>> # ldapwhoami -Y digest-md5 -U imapd-user -w password -X u:tuser -Z
>> SASL/DIGEST-MD5 authentication started
>> SASL username: u:tuser
>> SASL SSF: 128
>> SASL data security layer installed.
>> dn:cn=test user,o=hosted_domain,ou=hosting,dc=example.com
>
> This looks good.
>
>> # ldapwhoami -Y digest-md5 -U imapd-user -w password -X   
>> u:tu...@example.com -Z
>> SASL/DIGEST-MD5 authentication started
>> ldap_sasl_interactive_bind_s: Insufficient access (50)
>>  additional info: SASL(-14): authorization failure: not authorized
>
> You may need a different or better authz-regexp rule here, or you may need
> to adjust your authzto/authzfrom rules. See:
>
> http://www.openldap.org/doc/admin24/sasl.html#SASL Proxy Authorization



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: imapd + sasl + ldapdb problems

[Peter Erickson]

Dan, thanks for the response.

On Wed, Feb 05, 2014 at 09:35:49AM -0600, Dan White wrote:
> On 02/04/14?20:15?-0600, Peter Erickson wrote:
> >In hopes of requiring users login using their email address I set
> >sasl_ldapdb_canon_attr, however that resulted in the following syslog
> >messages (These same messages occur if comment out the canonuser_attr
> >options in imapd.conf as well):
> >imtest: ldapdb_canonuser_plug_init() failed in
> >sasl_canonuser_add_plugin(): invalid parameter supplied
> >imap[16385]: SQL engine 'mysql' not supported
> >imap[16385]: auxpropfunc error no mechanism available
> >imap[16385]: unable to canonify user and get auxprops
> >imap[16385]: badlogin: localhost [127.0.0.1] DIGEST-MD5 [SASL(-1):
> >generic failure: unable to canonify user and get auxprops]
> 
> You'll need to have a Cyrus SASL version > 2.1.23 installed for the ldapdb
> canonuser functionality, or you'll need to patch your existing version.

I am currently working with Cyrus SASL 2.1.26 and Cyrus imap 2.4.17
installed on FreeBSD 9-STABLE.

> Check that you have a properly installed cyrus sasl with:
> 
> ~$ cat > /tmp/pluginviewer.conf << EOF
> > ldapdb_uri: ldapi:///
> > sql_select: select please_work from the_ether
> > EOF
> ~$ SASL_CONF_PATH=/tmp /usr/sbin/saslpluginviewer -a
> Installed and properly configured auxprop mechanisms are:
> ldapdb sql sasldb
> List of auxprop plugins follows
> Plugin "ldapdb" ,   API version: 8
>  supports store: yes
> 
> Plugin "sql" ,  API version: 8
>  supports store: yes
> 
> Plugin "sasldb" ,   API version: 8
>  supports store: yes

# pluginviewer -a
Installed and properly configured auxprop mechanisms are:
ldapdb sasldb
List of auxprop plugins follows
Plugin "ldapdb" ,   API version: 8
supports store: yes

Plugin "sasldb" ,   API version: 8
supports store: yes

> ~$ SASL_CONF_PATH=/tmp /usr/sbin/saslpluginviewer -s | grep -i 
> 'cram-md5\|digest-md5'
>GSSAPI DIGEST-MD5 EXTERNAL CRAM-MD5 NTLM PLAIN LOGIN ANONYMOUS
>GSSAPI DIGEST-MD5 CRAM-MD5 NTLM PLAIN LOGIN ANONYMOUS
>  SASL mechanism: DIGEST-MD5, best SSF: 128, supports setpass: no
>  SASL mechanism: CRAM-MD5, best SSF: 0, supports setpass: no

# pluginviewer -s | grep -i 'cram-md5\|digest-md5'
  SCRAM-SHA-1 DIGEST-MD5 EXTERNAL OTP CRAM-MD5 NTLM LOGIN PLAIN ANONYMOUS
  SCRAM-SHA-1 DIGEST-MD5 CRAM-MD5 NTLM LOGIN PLAIN ANONYMOUS
SASL mechanism: DIGEST-MD5, best SSF: 128, supports setpass: no
SASL mechanism: CRAM-MD5, best SSF: 0, supports setpass: no

> ~$ strings /usr/lib/x86_64-linux-gnu/sasl2/libldapdb.so.2 | grep canon
> ldapdb_canonuser_plug_init
> sasl_canonuser_init
> ldapdb_canon_attr

#  strings /usr/local/lib/sasl2/libldapdb.so.3 | grep canon
ldapdb_canonuser_plug_init
sasl_canonuser_init
ldapdb_canon_attr

> >imapd.conf:
> >configdirectory: /var/cyrus/config
> >partition-default: /var/cyrus/spool
> >admin: cyrusadmin
> >sasl_pwcheck_method: auxprop
> >sasl_auxprop_plugin: ldapdb
> >sasl_ldapdb_uri: ldaps://localhost
> >sasl_ldapdb_id: imapd-user
> >sasl_ldapdb_pw: password
> >sasl_canon_user_plugin: ldapdb
> >sasl_ldapdb_canon_attr: mail
> >sasl_mech_list: cram-md5 digest-md5
> >virtdomains: userid
> >defaultdomain: example.com
> 
> Consider that the certificate returned by ldaps://localhost may fail,
> unless the certificate used by localhost is named 'localhost', or is
> otherwise trusted. ldapi:/// may be a better option.

The ldap server is actually on a different system and works properly
with and without the SSL/TLS connection. I just replaced the actual
server with localhost to mask the real host.

> Other than that, your config looks reasonable. Include an 'ldapdb_mech'
> option to reduce confusion. sasl_ldapdb_canon_attr may need to be 'uid'
> instead, since example.com is the default domain. This command should
> succeed, and return the DN of the test user if your config is good:

Just to make sure that I'm understanding the options right, is there a
good explanation for what sasl_ldapdb_canon_attr does? I'm not quite
sure that I understand its purpose.

Based on the following, its possible that my problem isn't with cyrus
imapd/sasl, but a misunderstanding of the ldap proxy authorization
process and I need to recheck my ldap config. I'm more accustomed to
using ldap filters and a base instead of the proxy authorization.

# ldapwhoami -Y digest-md5 -U imapd-user -w password -X u:tuser -Z
SASL/DIGEST-MD5 authentication started
SASL username: u:tuser
SASL SSF: 128
SASL data securi

imapd + sasl + ldapdb problems

[Peter Erickson]

I'm trying to configure imapd to authenticate against an ldap  
directory using ldapdb and am running into problems. I provide hosting  
services (i.e. ftp, svn, mail, etc) for several people where user  
account information is stored in an openldap directory. In addition to  
having a username/password, each user also has a primary email account  
and a list of services that they are authorized to use. I've got  
authentication working using the a user's uid, but I need to change  
this so that users are only allowed access using their email address.  
I believe I need this to happen as well since I'm using the Cyrus'  
virtdomains option. Once that is done, I'll attempt to restrict access  
based on the existence of the proper "authorizedService" attribute.

In hopes of requiring users login using their email address I set  
sasl_ldapdb_canon_attr, however that resulted in the following syslog  
messages (These same messages occur if comment out the canonuser_attr  
options in imapd.conf as well):
imtest: ldapdb_canonuser_plug_init() failed in  
sasl_canonuser_add_plugin(): invalid parameter supplied
imap[16385]: SQL engine 'mysql' not supported
imap[16385]: auxpropfunc error no mechanism available
imap[16385]: unable to canonify user and get auxprops
imap[16385]: badlogin: localhost [127.0.0.1] DIGEST-MD5 [SASL(-1):  
generic failure: unable to canonify user and get auxprops]

I tracked down the ldapdb_canonuser_plug_init() error to  
ldapdb_config(). When the "ldapdb_uri" option is read, it apparently  
returns a null string reference which results in the SASL_BADPARAM  
being returned. Unfortunately, not fully understanding the SASL  
package, I'm not really sure where to go from here nor do I know if  
this will even solve my problem if it returns successfully.

Any help in configuring this would be greatly appreciated.


imapd.conf:
configdirectory: /var/cyrus/config
partition-default: /var/cyrus/spool
admin: cyrusadmin
sasl_pwcheck_method: auxprop
sasl_auxprop_plugin: ldapdb
sasl_ldapdb_uri: ldaps://localhost
sasl_ldapdb_id: imapd-user
sasl_ldapdb_pw: password
sasl_canon_user_plugin: ldapdb
sasl_ldapdb_canon_attr: mail
sasl_mech_list: cram-md5 digest-md5
virtdomains: userid
defaultdomain: example.com

example ldap entry:
dn: cn=test user,o=hosted_domain,ou=hosting,dc=example.com
objectclass: top
objectclass: inetOrgPerson
objectclass: authorizedServiceObject
cn: test user
sn: user
uid: tuser
mail: tu...@example.com
userPassword: password
authorizedService: mail
authorizedService: svn

-- 
Peter Erickson
redlam...@gmail.com

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Cyrus Imap 2.0.9 and Outlook Express 5.0

[Peter Erickson]

Okay, i have the visibility checked, but I have to click on the "Go
To" button in order to actually see it. Then after restarting OE, the
folder doens't show up anymore even though the visibility is still
checked. I have to go to the IMAP folders menu and click the "Go To"
button again. Is this a bug with 5.0 or is there an option that I must
have set inorder for it to do this? Thanks for all the help.

- Original Message -
From: "Michael Fair" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, January 24, 2001 11:37 PM
Subject: Re: Cyrus Imap 2.0.9 and Outlook Express 5.0


> Right mouse click on the IMAP server
> Hit reset folder list
> Right mouse click on the folder again
> hit IMAP folders
> Double click on the shared folder
> Hit OK
>
> OE makes a distinction between folders
> you have access to and visible folders.
>
> The IMAP folders list will show all the
> folders you have access to.  Double clicking
> on a folder will toggle its "visibility".
> I think of it in parallel to "subscribing"
> to that particular folder.
>
> Hope that helps.
> I'm running OE 5.5 so it might be a bit
> different on my end.
>
> -- Michael --
>
> - Original Message -
> From: "Peter Erickson" <[EMAIL PROTECTED]>
> To: "Scot W. Hetzel" <[EMAIL PROTECTED]>; " Cyrus - IMAP"
> <[EMAIL PROTECTED]>
> Sent: Wednesday, January 24, 2001 3:32 PM
> Subject: Re: Cyrus Imap 2.0.9 and Outlook Express 5.0
>
>
> > Thank you for your response. My main intention is that I am trying
to
> > access the shared folders with OE. When I run OE, I can click on
the
> > IMAP folders and then click on a shared folder then "go to" and
I'll
> > be able to see the contents of the folder. As soon as I exit the
> > program and restart, I have to do the same process as above to see
> > that folder again. Is there a way that OE will automatically load
all
> > of the shared folders that you have access to? My root folder is
blank
> > and I really don't have any intention on saving the sent mail and
> > drafts on the server. Thanks for your help.
> >
> >
> > - Original Message -
> > From: Scot W. Hetzel <[EMAIL PROTECTED]>
> > To: Peter Erickson <[EMAIL PROTECTED]>;
> > <[EMAIL PROTECTED]>
> > Sent: Wednesday, January 24, 2001 12:59 PM
> > Subject: Re: Cyrus Imap 2.0.9 and Outlook Express 5.0
> >
> >
> > > From: "Peter Erickson" <[EMAIL PROTECTED]>
> > > > I am running Cyrus Imap 2.0.9 and am trying to look at all the
> > > > mailboxes
> > > > that I have access to with outlook express but the only box
that I
> > see
> > > > is my
> > > > inbox, not any of the others that I have access to. Anyone
have
> > any
> > > > ideas??
> > > > If possible I would like to stay with OE because everyone in
the
> > > > company
> > > > knows it.
> > > >
> > > Do you have the "Root Folder Path" set in the account
properties?
> > >
> > > If you do then you will need to clear the "Root Folder Path" in
> > order to
> > > access the shared folders.
> > >
> > > Are you storing "Sent Items" and "Drafts" on the IMAP server?
> > >  (requires "Root Folder Path" to be set or a registry hack)
> > >
> > > see
> >
http://asg.web.cmu.edu/archive/message.php3?index=5091&array_index=2
> > for
> > > info on how to setup the "Sent Items" and "Drafts" folders.
> > >
> > > Scot
> > >
> > >
> >
>

Re: Cyrus Imap 2.0.9 and Outlook Express 5.0

[Peter Erickson]

Thank you for your response. My main intention is that I am trying to
access the shared folders with OE. When I run OE, I can click on the
IMAP folders and then click on a shared folder then "go to" and I'll
be able to see the contents of the folder. As soon as I exit the
program and restart, I have to do the same process as above to see
that folder again. Is there a way that OE will automatically load all
of the shared folders that you have access to? My root folder is blank
and I really don't have any intention on saving the sent mail and
drafts on the server. Thanks for your help.


- Original Message -
From: Scot W. Hetzel <[EMAIL PROTECTED]>
To: Peter Erickson <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Wednesday, January 24, 2001 12:59 PM
Subject: Re: Cyrus Imap 2.0.9 and Outlook Express 5.0


> From: "Peter Erickson" <[EMAIL PROTECTED]>
> > I am running Cyrus Imap 2.0.9 and am trying to look at all the
> > mailboxes
> > that I have access to with outlook express but the only box that I
see
> > is my
> > inbox, not any of the others that I have access to. Anyone have
any
> > ideas??
> > If possible I would like to stay with OE because everyone in the
> > company
> > knows it.
> >
> Do you have the "Root Folder Path" set in the account properties?
>
> If you do then you will need to clear the "Root Folder Path" in
order to
> access the shared folders.
>
> Are you storing "Sent Items" and "Drafts" on the IMAP server?
>  (requires "Root Folder Path" to be set or a registry hack)
>
> see
http://asg.web.cmu.edu/archive/message.php3?index=5091&array_index=2
for
> info on how to setup the "Sent Items" and "Drafts" folders.
>
> Scot
>
>

Cyrus Imap 2.0.9 and Outlook Express 5.0

[Peter Erickson]

I am running Cyrus Imap 2.0.9 and am trying to look at all the
mailboxes
that I have access to with outlook express but the only box that I see
is my
inbox, not any of the others that I have access to. Anyone have any
ideas??
If possible I would like to stay with OE because everyone in the
company
knows it.

duplicate_prune

[Peter Erickson]

I just installed Cyrus IMAP 2.0.9 on a FreeBSD 4.2 box and I have been
getting the following errors. Is this bad and what can I do to fix
this. Thanks.

Jan 19 15:37:00 imp master[22423]: process started
Jan 19 15:37:00 imp ctl_mboxlist[22424]: running mboxlist recovery
Jan 19 15:37:01 imp ctl_mboxlist[22424]: done running mboxlist
recovery
Jan 19 15:37:01 imp master[22423]: ready for work
Jan 19 15:37:01 imp ctl_mboxlist[22426]: checkpointing mboxlist
Jan 19 15:37:01 imp ctl_deliver[22427]: duplicate_prune: pruning back
3 days
Jan 19 15:37:01 imp ctl_deliver[22427]: duplicate_prune: opening
/var/imap/deliverdb/deliver-a.db: No such file or directory
Jan 19 15:37:01 imp ctl_deliver[22427]: duplicate_prune: opening
/var/imap/deliverdb/deliver-b.db: No such file or directory

Jan 19 15:37:01 imp ctl_deliver[22427]: duplicate_prune: opening
/var/imap/deliverdb/deliver-y.db: No such file or directory
Jan 19 15:37:01 imp ctl_deliver[22427]: duplicate_prune: opening
/var/imap/deliverdb/deliver-z.db: No such file or directory
imp#

WebMail

[Peter Erickson]

Okay I finally got Cyrus Imap up and working and am looking at adding
WebMail. I know that I have a couple of options, but I am looking for
some recommmendations on which is the best. I already have Apache
installed along with php 4.0.3 and I am lookin for something that is
able to authenticate via the sasldb instead of a mySQL etc. approach?
Any feedback very helpful. Thanks.

Re: Sasl 1.5.24 + Berkeley 3.1.17

[Peter Erickson]

Thank you again for the response. One last question I hope. After
running the configure with the CPPFLAGS and LDFLAGS to point to the
source of Berkeley, and installing. I run saslpasswd and everything
gets added fine, but when I run sasldblistusers, I am not seeing the
users with a PLAIN mechanism as shown.

[root@silky sbin]# ./saslpasswd -c cyrus
Password:
Again (for verification):
[root@silky sbin]# ./sasldblistusers
user: cyrus realm: silky.platinumpersonals.com mech: CRAM-MD5
user: cyrus realm: silky.platinumpersonals.com mech: DIGEST-MD5
[root@silky sbin]#

So figuring I just screwed something up, I recompiled and put
in --enable-plain and I get a generic failure error.

[root@silky sbin]# ./saslpasswd -c cyrus
Password:
Again (for verification):
saslpasswd: generic failure
[root@silky sbin]# ./sasldblistusers
user: cyrus realm: silky.platinumpersonals.com mech: CRAM-MD5
user: cyrus realm: silky.platinumpersonals.com mech: DIGEST-MD5
[root@silky sbin]#

 Any ideas?? Thanks again.

- Original Message -
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Tuesday, January 09, 2001 12:00 PM
Subject: Re: Sasl 1.5.24 + Berkeley 3.1.17


> Peter Erickson writes:
> >
> >Thanks for the response. I am new to this stuff, so sorry if I'm
> >asking stupid questions. After doing the configure with the
CPPFLAGS
> >and LDFLAGS, is there a way to tell which database is used? The
newer
> >(3.1.17) or the older one (2.somthing)?
>
> This is tricky.  I generally do:
>
> strings sasldblistusers | grep -i sleepy
>
> This also works with sendmail and cyrus.
>
> > Is is better to use the
> >original source or the installation directory for the FLAGS?
>
> That's your choice.  I find that having multiple installed versions
> is very confusing.
>
> > Also, I
> >believe that for CPPFLAGS I put in the directory for the headers
and
> >for LDFLAGS I use the directory for the libraries. Is this correct
and
> >where can I find info on what the -I, -L, and -R mean? Thanks
again.
>
> Yes, that's correct.  See the man pages for your compiler and linker
> for details on their options.
>
>
> --
> -Gary Mills--Unix Support--U of M Academic Computing and
Networking-

Re: Sasl 1.5.24 + Berkeley 3.1.17

[Peter Erickson]

Thanks for the response. I am new to this stuff, so sorry if I'm
asking stupid questions. After doing the configure with the CPPFLAGS
and LDFLAGS, is there a way to tell which database is used? The newer
(3.1.17) or the older one (2.somthing)? Is is better to use the
original source or the installation directory for the FLAGS? Also, I
believe that for CPPFLAGS I put in the directory for the headers and
for LDFLAGS I use the directory for the libraries. Is this correct and
where can I find info on what the -I, -L, and -R mean? Thanks again.

- Original Message -
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Tuesday, January 09, 2001 11:06 AM
Subject: Re: Sasl 1.5.24 + Berkeley 3.1.17


> >From [EMAIL PROTECTED] Tue Jan  9 10:38 CST
2001
> >
> >env CPPFLAGS="-I/usr/local/src/db-3.1.17/build_unix" \
> >
> >
> >
 LDFLAGS="-L/usr/local/src/db-3.1.17/build_unix -R/usr/local/lib"
> >\
> >./configure --enable-login --disable-krb4 --disabble-gssapi
> >
> >when configuring, I noticed somthing in the output:
> >checking DB path to use... /etc/sasldb
> >checking for db.h... yes
> >checking for db_create in -ldb-3... no
> >checking for db_create in -ldb... yes
> >checking DB library to use... berkeley
> >checking for dlopen in -ldl... yes
> >
> >If I'm using db 3.1.17 and if this worked, should the db_create
> >in -ldb-3 be yes and the other no? And how can I tell for sure if
it
> >worked or not? Finally, if this did not work, what can I do to get
it
> >to work? Any help will be more than appreciated. Thanks.
>
> It's confusing because the configure program uses the term `DB'
> for two completely different purposes.  `DB path' refers to the
> location of the SASL database file, which defaults to /etc/sasldb.
> `DB library' refers to the software package to be used to implement
> this database, and defaults to `berkeley', the Berkeley database
> system.  Configure looks in standard locations for the header files
> and libraries of this system.  You can augment this search list
> with the CPPFLAGS and LDFLAGS environment variables.  If you have
> already installed a specific version of the Berkeley DB software,
> just use those environment variables to specify the installed
location.
> You can also specify the source location as you did above.  Both
> should be the same.
>
>
>
> --
> -Gary Mills--Unix Support--U of M Academic Computing and
Networking-

Sasl 1.5.24 + Berkeley 3.1.17

[Peter Erickson]

Hope fully this is the right place to ask this question. In order to
get imap 2.0.9 to work correctly, I needed to install a new version of
Berkeley which installed into /usr/local/BerkeleyDB.3.1 But After
installing the new db to work with imap, I found that I needed to
reinstall the sasl package with this new db instead of the old one
that is installed in /usr/lib and /usr/include. Is there a way to do
this within the configure with CPPFLAGS and LDFLAGS?? I don't
understand them enough to do it. I tired:

env CPPFLAGS="-I/usr/local/src/db-3.1.17/build_unix" \


  LDFLAGS="-L/usr/local/src/db-3.1.17/build_unix -R/usr/local/lib"
\
./configure --enable-login --disable-krb4 --disabble-gssapi

when configuring, I noticed somthing in the output:
checking DB path to use... /etc/sasldb
checking for db.h... yes
checking for db_create in -ldb-3... no
checking for db_create in -ldb... yes
checking DB library to use... berkeley
checking for dlopen in -ldl... yes

If I'm using db 3.1.17 and if this worked, should the db_create
in -ldb-3 be yes and the other no? And how can I tell for sure if it
worked or not? Finally, if this did not work, what can I do to get it
to work? Any help will be more than appreciated. Thanks.

failure: prot layer failure

[Peter Erickson]

I hope that this will make sense. I'll try my best. 
I am trying to setup imap system that needs to be able to be accessible to 
Outlook Express 5.00. I am running Cyrus Imap 2.0.9 and when I try to login I 
get:
 
[root@silky bin]# ./imtest -m login -u cyrus 
localhostC: C01 CAPABILITYS: * OK silky.platinumpersonals.com Cyrus 
IMAP4 v2.0.9 server readyS: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ 
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT MULTIAPPEES: C01 OK 
CompletedPassword: C: L01 LOGIN root {9}+ go aheadC: 
failure: prot layer failure[root@silky bin]# 

my imapd.conf:
[root@silky /etc]# vi imapd.conf 
configdirectory: /var/imappartition-default: /var/spool/imapadmins: 
cyrus rootsasl_pwcheck_method: sasldb
 
I want to be able to use the sasldb, but I need to 
use PLAIN because I don't believe that outlook can use Kerberos (or at least by 
what I have been told) and to do that it looks like I need to enable STARTTLS, 
but when I do that i get the following error with imtest:
 
[root@foobar bin]# ./imtest -t "" 
foobar.domain.comC: C01 CAPABILITYS: * OK foobar.domain.com Cyrus IMAP4 
v2.0.9 server readyS: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ 
NAMESPACE UIDPLUS IDNO_ATOMISTARTTLSS: C01 OK CompletedS01 OK 
Begin TLS negotiation nowverify error:num=18:self signed certificateTLS 
connection established: TLSv1 with cipher DES-CBC3-SHA (168/168 bits)C: C01 
CAPABILITYS: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE 
UIDPLUS IDNO_ATOMIC_RENAME UNSELECT MULTIAPPEND SORT 
THREAD=ORDEREDSUBJECTTHREAD=REFERENCES IDLESTARTTLS AUTH=PLAINS: C01 
OK CompletedPlease enter your password:C: A01 AUTHENTICATE PLAINS: 
+C:S: A01 NO bad protocol / cancelAuthentication failed. generic 
failureSecurity strength factor: 0. logout* BYE LOGOUT received. 
OK CompletedConnection closed.[root@foobar 
bin]#  
 
any ideas?? Thanks.
 

sasl_client_int: undefined symbol

[Peter Erickson]

If this is a repeat, please forgive me. I sent the letter to the list
and recieved a reply on how the delivery failed.

Please help.
I realize that this has been posted before, but I am new to the whole
editing makefiles and applying patches thing. So I am sort of looking
for a detailed answer on this problem. After compiling Cyrus Imap
2.0.9 and running cyradm on FreeBSD 4.1, I get the following error:

neptune# cyradm
Can't load
'/usr/local/lib/perl5/site_perl/5.005/i386-freebsd/auto/Cyrus/IMAP/IMA
P.so' for module Cyrus::IMAP:
/usr/local/lib/perl5/site_perl/5.005/i386-freebsd/auto/Cyrus/IMAP/IMAP
.so: Undefined symbol "sasl_client_init" at
/usr/local/lib/perl5/5.6.0/i386-freebsd/DynaLoader.pm line 200.
 at
/usr/local/lib/perl5/site_perl/5.005/i386-freebsd/Cyrus/IMAP/Admin.pm
line 43
Compilation failed in require at
/usr/local/lib/perl5/site_perl/5.005/i386-freebsd/Cyrus/IMAP/Admin.pm
line 43.
BEGIN failed--compilation aborted at
/usr/local/lib/perl5/site_perl/5.005/i386-freebsd/Cyrus/IMAP/Admin.pm
line 43.
Compilation failed in require at
/usr/local/lib/perl5/site_perl/5.005/i386-freebsd/Cyrus/IMAP/Shell.pm
line 58.
BEGIN failed--compilation aborted at
/usr/local/lib/perl5/site_perl/5.005/i386-freebsd/Cyrus/IMAP/Shell.pm
line 58.
Compilation failed in require.
BEGIN failed--compilation aborted.
neptune#

I know it has to do with not being able to find the correct run path,
but how do I fix that. Is there something that I can add to the
./configure command that will fix this or only editing the makefile. I
am not running ssl (or at least not right now ). My source code is for
cyrus is in:

Imap: /usr/local/src/cyrus-imapd-2.0.9
sasl: /usr/local/src/cyrus-sasl-1.5.24

When I compiled the source, I ran the following commands:
./configure --with-auth=unix --with-dbdir=/usr/local/BerkeleyDB.3.1 --
without-krb
make depend
make all
make install

I saw that someone wrote a patch, but I was not sure how to apply it
nor was I running imap with ssl. Any help will be greatly appreciated.
Thanks in advance.

Undefined symbol "sasl_client_init"

[Peter Erickson]

Please help.
I realize that this has been posted before, but I 
am new to the whole editing makefiles and applying patches thing. So I am sort 
of looking for a detailed answer on this problem. After compiling Cyrus Imap 
2.0.9 and running cyradm on FreeBSD 4.1, I get the following error:
 
neptune# cyradmCan't load 
'/usr/local/lib/perl5/site_perl/5.005/i386-freebsd/auto/Cyrus/IMAP/IMAP.so' for 
module Cyrus::IMAP: 
/usr/local/lib/perl5/site_perl/5.005/i386-freebsd/auto/Cyrus/IMAP/IMAP.so: 
Undefined symbol "sasl_client_init" at 
/usr/local/lib/perl5/5.6.0/i386-freebsd/DynaLoader.pm line 200. at 
/usr/local/lib/perl5/site_perl/5.005/i386-freebsd/Cyrus/IMAP/Admin.pm line 
43Compilation failed in require at 
/usr/local/lib/perl5/site_perl/5.005/i386-freebsd/Cyrus/IMAP/Admin.pm line 
43.BEGIN failed--compilation aborted at 
/usr/local/lib/perl5/site_perl/5.005/i386-freebsd/Cyrus/IMAP/Admin.pm line 
43.Compilation failed in require at 
/usr/local/lib/perl5/site_perl/5.005/i386-freebsd/Cyrus/IMAP/Shell.pm line 
58.BEGIN failed--compilation aborted at 
/usr/local/lib/perl5/site_perl/5.005/i386-freebsd/Cyrus/IMAP/Shell.pm line 
58.Compilation failed in require.BEGIN failed--compilation 
aborted.neptune# 
I know it has to do with not being able to find the 
correct run path, but how do I fix that. Is there something that I can add to 
the ./configure command that will fix this or only editing the makefile. I am 
not running ssl (or at least not right now ). My source code is for cyrus is 
in:
 
Imap: /usr/local/src/cyrus-imapd-2.0.9
sasl: /usr/local/src/cyrus-sasl-1.5.24
 
When I compiled the source, I ran the following 
commands:
./configure --with-auth=unix 
--with-dbdir=/usr/local/BerkeleyDB.3.1 --without-krb
make depend
make all
make install
 
I saw that someone wrote a patch, but I was not 
sure how to apply it nor was I running imap with ssl. Any help will be greatly 
appreciated. Thanks in advance.