Re: upgrade from Cyrus 2.1.15 to cyrus 2.2.3 breaks LDAP auxprop authentication.
On Thu, 12 Feb 2004, Edward Rudd wrote: > I'm not getting the "no worthy mechs" error since I installed cyrus.c > patch.. But their are other errors with the authentication.. > I'm going to try and debug ldapdb when I get a chance.. Or try upgrading > openldap to 2.1.25 and the newer ldapdb release. > > Oh What release of Cyrus SASL are you using?? CVS head. -- Igor --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: upgrade from Cyrus 2.1.15 to cyrus 2.2.3 breaks LDAP auxprop authentication.
I'm not getting the "no worthy mechs" error since I installed cyrus.c patch.. But their are other errors with the authentication.. I'm going to try and debug ldapdb when I get a chance.. Or try upgrading openldap to 2.1.25 and the newer ldapdb release. Oh What release of Cyrus SASL are you using?? I'm probably just going to "fall back" to saslauthd for now and give up on "better authentication" for clients until I get this resolved, as I really want the newer versions of postfix and cyrus imapd installed on the "live servers".. Now it's time to write scripts to update my mail spools for the upgrade. On Thu, 2004-02-12 at 00:25, Igor Brezac wrote: > On Wed, 11 Feb 2004, Edward Rudd wrote: > > > OpenLDAP 2.1.22, LDAP AuxProp CVS release 1.1.2.3, I had tried updating > > to a newer release but it broke things due to the handling of the LDAP > > v4 PROXY_AUTHZ control in openldap (you directed me to the bug report > > about it), Cyrus SASL 2.1.15 (2.1.17 causes SLAPD to crash completely). > > sample client and server work fine, as does postfix. It's just cyrus > > IMAPd 2.2.3. > > Your cyrus.c looks good. My guess is that if you debug ldapdb.c you'll > find 'no worthy mechs' error which means that the ldapdb auxprop is not > using your new libldap. > > > What did they change from 2.1.x to 2.2.x? Can I roll back those changes? > > I have to look, but my guess is that too many changes took place. I can > write a quick patch for this, but the libldap fix works just as well. > > > > > On Wed, 2004-02-11 at 19:51, Igor Brezac wrote: > > > Hmm... Can you email me your libraries/libldap/cyrus.c? What version of > > > openldap do you use? I use the latest ldapdb auxprop and > > > OPENLDAP_REL_ENG_2_1 (which is 2.1.26 + some patches) > > > Does ldapdb auxprop work with sample(client|server)? > > > > > > -Igor > > > > > > On Wed, 11 Feb 2004, Edward Rudd wrote: > > > > > > > OK I patched my OpenLDAP and recompiled, installed restarted postfix, > > > > cyrus imapd, and started up ldap. And it still retuns "user not found" > > > > when I try to login to cyrus imap. But the auth.log now shows something > > > > different.. > > > > --- auth.log --- > > > > Feb 11 19:19:46 devel imtest: DIGEST-MD5 client step 2 > > > > Feb 11 19:19:53 devel imtest: DIGEST-MD5 client step 2 > > > > Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 server step 2 > > > > Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 client step 2 > > > > Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 client step 2 > > > > Feb 11 19:19:53 devel imap[2282]: bad userid authenticated > > > > Feb 11 19:19:53 devel imap[2282]: no secret in database > > > > > > > > And my ldap.log shows this (loglevel 255) > > > > --- ldap.log --- > > > > Feb 11 19:19:53 devel slapd[2053]: daemon: read activity on 12 > > > > Feb 11 19:19:53 devel slapd[2053]: connection_get(12) > > > > Feb 11 19:19:53 devel slapd[2053]: connection_get(12): got connid=5 > > > > Feb 11 19:19:53 devel slapd[2053]: connection_read(12): checking for > > > > input on id=5 > > > > Feb 11 19:19:53 devel slapd[2053]: ber_get_next on fd 12 failed errno=11 > > > > (Resource temporarily unavailable) > > > > Feb 11 19:19:53 devel slapd[2065]: connection_operation: error: SASL > > > > bind in progress (tag=66). > > > > Feb 11 19:19:53 devel slapd[2053]: daemon: select: listen=6 > > > > active_threads=1 tvp=NULL > > > > Feb 11 19:19:53 devel slapd[2065]: send_ldap_result: conn=5 op=1 p=3 > > > > Feb 11 19:19:53 devel slapd[2053]: daemon: activity on 1 descriptors > > > > Feb 11 19:19:53 devel slapd[2065]: send_ldap_result: err=1 matched="" > > > > text="SASL bind in progress" > > > > Feb 11 19:19:53 devel slapd[2053]: daemon: activity on: > > > > Feb 11 19:19:53 devel slapd[2065]: send_ldap_response: msgid=0 tag=48 > > > > err=1 > > > > Feb 11 19:19:53 devel slapd[2053]: 12r > > > > Feb 11 19:19:53 devel slapd[2065]: connection_closing: readying conn=5 > > > > sd=12 for close > > > > Feb 11 19:19:53 devel slapd[2053]: > > > > Feb 11 19:19:53 devel slapd[2065]: connection_resched: attempting > > > > closing conn=5 sd=12 > > > > Feb 11 19:19:53 devel slapd[2053]: daemon: read activity on 12 > > > > Feb 11 19:19:53 devel slapd[2065]: connection_close: conn=5 sd=12 > > > > Feb 11 19:19:53 devel slapd[2065]: daemon: removing 12 > > > > Feb 11 19:19:53 devel slapd[2053]: connection_get(12) > > > > Feb 11 19:19:53 devel slapd[2053]: connection_get(12): connection not > > > > used > > > > Feb 11 19:19:53 devel slapd[2053]: connection_read(12): no connection! > > > > Feb 11 19:19:53 devel slapd[2053]: daemon: removing 12 > > > > Feb 11 19:19:53 devel slapd[2053]: daemon: closing 12 > > > > > > > > On Wed, 2004-02-11 at 07:56, Igor Brezac wrote: > > > > > Check > > > > > http://www.openldap.org/its/index.cgi/Software%20Bugs?id=2926;selectid=2926 > > > > > > > > > > Cyrus-imap needs to be fixed, but it was easier to change openldap api. > > > > > > > > > > -Igor > > > > > > > > > > On Wed, 11 Feb 2004, Edward Rudd
Re: upgrade from Cyrus 2.1.15 to cyrus 2.2.3 breaks LDAP auxprop authentication.
On Wed, 11 Feb 2004, Edward Rudd wrote: > What did they change from 2.1.x to 2.2.x? Can I roll back those changes? The applicable change has to do with how SASL initilization happens. We now initialize the client side of SASL all the time, which causes this problem. The workaround is to not use global callbacks in the sasl_*_init calls. However, this appears to be a nontrivial fix (probably not a very difficult fix -- just not immediately simple). -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: upgrade from Cyrus 2.1.15 to cyrus 2.2.3 breaks LDAP auxprop authentication.
On Wed, 11 Feb 2004, Edward Rudd wrote: > OpenLDAP 2.1.22, LDAP AuxProp CVS release 1.1.2.3, I had tried updating > to a newer release but it broke things due to the handling of the LDAP > v4 PROXY_AUTHZ control in openldap (you directed me to the bug report > about it), Cyrus SASL 2.1.15 (2.1.17 causes SLAPD to crash completely). > sample client and server work fine, as does postfix. It's just cyrus > IMAPd 2.2.3. Your cyrus.c looks good. My guess is that if you debug ldapdb.c you'll find 'no worthy mechs' error which means that the ldapdb auxprop is not using your new libldap. > What did they change from 2.1.x to 2.2.x? Can I roll back those changes? I have to look, but my guess is that too many changes took place. I can write a quick patch for this, but the libldap fix works just as well. > > On Wed, 2004-02-11 at 19:51, Igor Brezac wrote: > > Hmm... Can you email me your libraries/libldap/cyrus.c? What version of > > openldap do you use? I use the latest ldapdb auxprop and > > OPENLDAP_REL_ENG_2_1 (which is 2.1.26 + some patches) > > Does ldapdb auxprop work with sample(client|server)? > > > > -Igor > > > > On Wed, 11 Feb 2004, Edward Rudd wrote: > > > > > OK I patched my OpenLDAP and recompiled, installed restarted postfix, > > > cyrus imapd, and started up ldap. And it still retuns "user not found" > > > when I try to login to cyrus imap. But the auth.log now shows something > > > different.. > > > --- auth.log --- > > > Feb 11 19:19:46 devel imtest: DIGEST-MD5 client step 2 > > > Feb 11 19:19:53 devel imtest: DIGEST-MD5 client step 2 > > > Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 server step 2 > > > Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 client step 2 > > > Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 client step 2 > > > Feb 11 19:19:53 devel imap[2282]: bad userid authenticated > > > Feb 11 19:19:53 devel imap[2282]: no secret in database > > > > > > And my ldap.log shows this (loglevel 255) > > > --- ldap.log --- > > > Feb 11 19:19:53 devel slapd[2053]: daemon: read activity on 12 > > > Feb 11 19:19:53 devel slapd[2053]: connection_get(12) > > > Feb 11 19:19:53 devel slapd[2053]: connection_get(12): got connid=5 > > > Feb 11 19:19:53 devel slapd[2053]: connection_read(12): checking for > > > input on id=5 > > > Feb 11 19:19:53 devel slapd[2053]: ber_get_next on fd 12 failed errno=11 > > > (Resource temporarily unavailable) > > > Feb 11 19:19:53 devel slapd[2065]: connection_operation: error: SASL > > > bind in progress (tag=66). > > > Feb 11 19:19:53 devel slapd[2053]: daemon: select: listen=6 > > > active_threads=1 tvp=NULL > > > Feb 11 19:19:53 devel slapd[2065]: send_ldap_result: conn=5 op=1 p=3 > > > Feb 11 19:19:53 devel slapd[2053]: daemon: activity on 1 descriptors > > > Feb 11 19:19:53 devel slapd[2065]: send_ldap_result: err=1 matched="" > > > text="SASL bind in progress" > > > Feb 11 19:19:53 devel slapd[2053]: daemon: activity on: > > > Feb 11 19:19:53 devel slapd[2065]: send_ldap_response: msgid=0 tag=48 > > > err=1 > > > Feb 11 19:19:53 devel slapd[2053]: 12r > > > Feb 11 19:19:53 devel slapd[2065]: connection_closing: readying conn=5 > > > sd=12 for close > > > Feb 11 19:19:53 devel slapd[2053]: > > > Feb 11 19:19:53 devel slapd[2065]: connection_resched: attempting > > > closing conn=5 sd=12 > > > Feb 11 19:19:53 devel slapd[2053]: daemon: read activity on 12 > > > Feb 11 19:19:53 devel slapd[2065]: connection_close: conn=5 sd=12 > > > Feb 11 19:19:53 devel slapd[2065]: daemon: removing 12 > > > Feb 11 19:19:53 devel slapd[2053]: connection_get(12) > > > Feb 11 19:19:53 devel slapd[2053]: connection_get(12): connection not > > > used > > > Feb 11 19:19:53 devel slapd[2053]: connection_read(12): no connection! > > > Feb 11 19:19:53 devel slapd[2053]: daemon: removing 12 > > > Feb 11 19:19:53 devel slapd[2053]: daemon: closing 12 > > > > > > On Wed, 2004-02-11 at 07:56, Igor Brezac wrote: > > > > Check > > > > http://www.openldap.org/its/index.cgi/Software%20Bugs?id=2926;selectid=2926 > > > > > > > > Cyrus-imap needs to be fixed, but it was easier to change openldap api. > > > > > > > > -Igor > > > > > > > > On Wed, 11 Feb 2004, Edward Rudd wrote: > > > > > > > > > I'm using the ldapdb auxprop plugin that comes with OpenLDAP 2.1.22 with > > > > > cyrus sasl 2.1.15, which works perfectly with the sasl2 sample server > > > > > and client programs, postfix 1.1.12, postfix 2.0.16, and cyrus imapd > > > > > 2.1.13 to cyrus imapd 2.1.15.. However when I upgraded to cyrus imapd > > > > > 2.2.3 (all of these are using Simon Matter's wonderful RPMS), I always > > > > > get user not found when trying to login as any user.. (fully qualified > > > > > user like [EMAIL PROTECTED] or the "cyrus" admin user). > > > > > > > > > > And my ldap logs show nothing going on.. literally.. I see a connection > > > > > coming in from sasl, and then disconnecting.. no other activity is > > > > > logged. And I have the loglevel for openldap set to 255. > > > > > > > > > > My auth.l
Re: upgrade from Cyrus 2.1.15 to cyrus 2.2.3 breaks LDAP auxprop authentication.
OpenLDAP 2.1.22, LDAP AuxProp CVS release 1.1.2.3, I had tried updating to a newer release but it broke things due to the handling of the LDAP v4 PROXY_AUTHZ control in openldap (you directed me to the bug report about it), Cyrus SASL 2.1.15 (2.1.17 causes SLAPD to crash completely). sample client and server work fine, as does postfix. It's just cyrus IMAPd 2.2.3. What did they change from 2.1.x to 2.2.x? Can I roll back those changes? On Wed, 2004-02-11 at 19:51, Igor Brezac wrote: > Hmm... Can you email me your libraries/libldap/cyrus.c? What version of > openldap do you use? I use the latest ldapdb auxprop and > OPENLDAP_REL_ENG_2_1 (which is 2.1.26 + some patches) > Does ldapdb auxprop work with sample(client|server)? > > -Igor > > On Wed, 11 Feb 2004, Edward Rudd wrote: > > > OK I patched my OpenLDAP and recompiled, installed restarted postfix, > > cyrus imapd, and started up ldap. And it still retuns "user not found" > > when I try to login to cyrus imap. But the auth.log now shows something > > different.. > > --- auth.log --- > > Feb 11 19:19:46 devel imtest: DIGEST-MD5 client step 2 > > Feb 11 19:19:53 devel imtest: DIGEST-MD5 client step 2 > > Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 server step 2 > > Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 client step 2 > > Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 client step 2 > > Feb 11 19:19:53 devel imap[2282]: bad userid authenticated > > Feb 11 19:19:53 devel imap[2282]: no secret in database > > > > And my ldap.log shows this (loglevel 255) > > --- ldap.log --- > > Feb 11 19:19:53 devel slapd[2053]: daemon: read activity on 12 > > Feb 11 19:19:53 devel slapd[2053]: connection_get(12) > > Feb 11 19:19:53 devel slapd[2053]: connection_get(12): got connid=5 > > Feb 11 19:19:53 devel slapd[2053]: connection_read(12): checking for > > input on id=5 > > Feb 11 19:19:53 devel slapd[2053]: ber_get_next on fd 12 failed errno=11 > > (Resource temporarily unavailable) > > Feb 11 19:19:53 devel slapd[2065]: connection_operation: error: SASL > > bind in progress (tag=66). > > Feb 11 19:19:53 devel slapd[2053]: daemon: select: listen=6 > > active_threads=1 tvp=NULL > > Feb 11 19:19:53 devel slapd[2065]: send_ldap_result: conn=5 op=1 p=3 > > Feb 11 19:19:53 devel slapd[2053]: daemon: activity on 1 descriptors > > Feb 11 19:19:53 devel slapd[2065]: send_ldap_result: err=1 matched="" > > text="SASL bind in progress" > > Feb 11 19:19:53 devel slapd[2053]: daemon: activity on: > > Feb 11 19:19:53 devel slapd[2065]: send_ldap_response: msgid=0 tag=48 > > err=1 > > Feb 11 19:19:53 devel slapd[2053]: 12r > > Feb 11 19:19:53 devel slapd[2065]: connection_closing: readying conn=5 > > sd=12 for close > > Feb 11 19:19:53 devel slapd[2053]: > > Feb 11 19:19:53 devel slapd[2065]: connection_resched: attempting > > closing conn=5 sd=12 > > Feb 11 19:19:53 devel slapd[2053]: daemon: read activity on 12 > > Feb 11 19:19:53 devel slapd[2065]: connection_close: conn=5 sd=12 > > Feb 11 19:19:53 devel slapd[2065]: daemon: removing 12 > > Feb 11 19:19:53 devel slapd[2053]: connection_get(12) > > Feb 11 19:19:53 devel slapd[2053]: connection_get(12): connection not > > used > > Feb 11 19:19:53 devel slapd[2053]: connection_read(12): no connection! > > Feb 11 19:19:53 devel slapd[2053]: daemon: removing 12 > > Feb 11 19:19:53 devel slapd[2053]: daemon: closing 12 > > > > On Wed, 2004-02-11 at 07:56, Igor Brezac wrote: > > > Check > > > http://www.openldap.org/its/index.cgi/Software%20Bugs?id=2926;selectid=2926 > > > > > > Cyrus-imap needs to be fixed, but it was easier to change openldap api. > > > > > > -Igor > > > > > > On Wed, 11 Feb 2004, Edward Rudd wrote: > > > > > > > I'm using the ldapdb auxprop plugin that comes with OpenLDAP 2.1.22 with > > > > cyrus sasl 2.1.15, which works perfectly with the sasl2 sample server > > > > and client programs, postfix 1.1.12, postfix 2.0.16, and cyrus imapd > > > > 2.1.13 to cyrus imapd 2.1.15.. However when I upgraded to cyrus imapd > > > > 2.2.3 (all of these are using Simon Matter's wonderful RPMS), I always > > > > get user not found when trying to login as any user.. (fully qualified > > > > user like [EMAIL PROTECTED] or the "cyrus" admin user). > > > > > > > > And my ldap logs show nothing going on.. literally.. I see a connection > > > > coming in from sasl, and then disconnecting.. no other activity is > > > > logged. And I have the loglevel for openldap set to 255. > > > > > > > > My auth.log shows "no worthy mechs found" and nothing in my imapd.log > > > > > > > > What changed in relation to SASL configuration from Cyrus IMAPD 2.1.x to > > > > 2.2.x?? > > > > > > > > Here is my relavent imapd.conf > > > > > > > > sasl_pwcheck_method: auxprop > > > > sasl_auxprop_plugin: ldapdb > > > > sasl_mech_list: plain digest-md5 cram-md5 ntlm > > > > > > > > sasl_ldapdb_uri: ldap:/// > > > > sasl_ldapdb_id: auxprop_user > > > > sasl_ldapdb_pw: password_for_said_user > > > > sasl_ldapdb_mech: DIGEST-MD5 > > > > > > > > Which
Re: upgrade from Cyrus 2.1.15 to cyrus 2.2.3 breaks LDAP auxprop authentication.
Hmm... Can you email me your libraries/libldap/cyrus.c? What version of openldap do you use? I use the latest ldapdb auxprop and OPENLDAP_REL_ENG_2_1 (which is 2.1.26 + some patches) Does ldapdb auxprop work with sample(client|server)? -Igor On Wed, 11 Feb 2004, Edward Rudd wrote: > OK I patched my OpenLDAP and recompiled, installed restarted postfix, > cyrus imapd, and started up ldap. And it still retuns "user not found" > when I try to login to cyrus imap. But the auth.log now shows something > different.. > --- auth.log --- > Feb 11 19:19:46 devel imtest: DIGEST-MD5 client step 2 > Feb 11 19:19:53 devel imtest: DIGEST-MD5 client step 2 > Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 server step 2 > Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 client step 2 > Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 client step 2 > Feb 11 19:19:53 devel imap[2282]: bad userid authenticated > Feb 11 19:19:53 devel imap[2282]: no secret in database > > And my ldap.log shows this (loglevel 255) > --- ldap.log --- > Feb 11 19:19:53 devel slapd[2053]: daemon: read activity on 12 > Feb 11 19:19:53 devel slapd[2053]: connection_get(12) > Feb 11 19:19:53 devel slapd[2053]: connection_get(12): got connid=5 > Feb 11 19:19:53 devel slapd[2053]: connection_read(12): checking for > input on id=5 > Feb 11 19:19:53 devel slapd[2053]: ber_get_next on fd 12 failed errno=11 > (Resource temporarily unavailable) > Feb 11 19:19:53 devel slapd[2065]: connection_operation: error: SASL > bind in progress (tag=66). > Feb 11 19:19:53 devel slapd[2053]: daemon: select: listen=6 > active_threads=1 tvp=NULL > Feb 11 19:19:53 devel slapd[2065]: send_ldap_result: conn=5 op=1 p=3 > Feb 11 19:19:53 devel slapd[2053]: daemon: activity on 1 descriptors > Feb 11 19:19:53 devel slapd[2065]: send_ldap_result: err=1 matched="" > text="SASL bind in progress" > Feb 11 19:19:53 devel slapd[2053]: daemon: activity on: > Feb 11 19:19:53 devel slapd[2065]: send_ldap_response: msgid=0 tag=48 > err=1 > Feb 11 19:19:53 devel slapd[2053]: 12r > Feb 11 19:19:53 devel slapd[2065]: connection_closing: readying conn=5 > sd=12 for close > Feb 11 19:19:53 devel slapd[2053]: > Feb 11 19:19:53 devel slapd[2065]: connection_resched: attempting > closing conn=5 sd=12 > Feb 11 19:19:53 devel slapd[2053]: daemon: read activity on 12 > Feb 11 19:19:53 devel slapd[2065]: connection_close: conn=5 sd=12 > Feb 11 19:19:53 devel slapd[2065]: daemon: removing 12 > Feb 11 19:19:53 devel slapd[2053]: connection_get(12) > Feb 11 19:19:53 devel slapd[2053]: connection_get(12): connection not > used > Feb 11 19:19:53 devel slapd[2053]: connection_read(12): no connection! > Feb 11 19:19:53 devel slapd[2053]: daemon: removing 12 > Feb 11 19:19:53 devel slapd[2053]: daemon: closing 12 > > On Wed, 2004-02-11 at 07:56, Igor Brezac wrote: > > Check > > http://www.openldap.org/its/index.cgi/Software%20Bugs?id=2926;selectid=2926 > > > > Cyrus-imap needs to be fixed, but it was easier to change openldap api. > > > > -Igor > > > > On Wed, 11 Feb 2004, Edward Rudd wrote: > > > > > I'm using the ldapdb auxprop plugin that comes with OpenLDAP 2.1.22 with > > > cyrus sasl 2.1.15, which works perfectly with the sasl2 sample server > > > and client programs, postfix 1.1.12, postfix 2.0.16, and cyrus imapd > > > 2.1.13 to cyrus imapd 2.1.15.. However when I upgraded to cyrus imapd > > > 2.2.3 (all of these are using Simon Matter's wonderful RPMS), I always > > > get user not found when trying to login as any user.. (fully qualified > > > user like [EMAIL PROTECTED] or the "cyrus" admin user). > > > > > > And my ldap logs show nothing going on.. literally.. I see a connection > > > coming in from sasl, and then disconnecting.. no other activity is > > > logged. And I have the loglevel for openldap set to 255. > > > > > > My auth.log shows "no worthy mechs found" and nothing in my imapd.log > > > > > > What changed in relation to SASL configuration from Cyrus IMAPD 2.1.x to > > > 2.2.x?? > > > > > > Here is my relavent imapd.conf > > > > > > sasl_pwcheck_method: auxprop > > > sasl_auxprop_plugin: ldapdb > > > sasl_mech_list: plain digest-md5 cram-md5 ntlm > > > > > > sasl_ldapdb_uri: ldap:/// > > > sasl_ldapdb_id: auxprop_user > > > sasl_ldapdb_pw: password_for_said_user > > > sasl_ldapdb_mech: DIGEST-MD5 > > > > > > Which is the same configuration as sample.conf (for the sample server > > > and client) and smtpd.conf (for postfix). Except those files don't have > > > the sasl_ prefix to the configuration directives.. > > > > > > > -- Igor --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: upgrade from Cyrus 2.1.15 to cyrus 2.2.3 breaks LDAP auxprop authentication.
OK I patched my OpenLDAP and recompiled, installed restarted postfix, cyrus imapd, and started up ldap. And it still retuns "user not found" when I try to login to cyrus imap. But the auth.log now shows something different.. --- auth.log --- Feb 11 19:19:46 devel imtest: DIGEST-MD5 client step 2 Feb 11 19:19:53 devel imtest: DIGEST-MD5 client step 2 Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 server step 2 Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 client step 2 Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 client step 2 Feb 11 19:19:53 devel imap[2282]: bad userid authenticated Feb 11 19:19:53 devel imap[2282]: no secret in database And my ldap.log shows this (loglevel 255) --- ldap.log --- Feb 11 19:19:53 devel slapd[2053]: daemon: read activity on 12 Feb 11 19:19:53 devel slapd[2053]: connection_get(12) Feb 11 19:19:53 devel slapd[2053]: connection_get(12): got connid=5 Feb 11 19:19:53 devel slapd[2053]: connection_read(12): checking for input on id=5 Feb 11 19:19:53 devel slapd[2053]: ber_get_next on fd 12 failed errno=11 (Resource temporarily unavailable) Feb 11 19:19:53 devel slapd[2065]: connection_operation: error: SASL bind in progress (tag=66). Feb 11 19:19:53 devel slapd[2053]: daemon: select: listen=6 active_threads=1 tvp=NULL Feb 11 19:19:53 devel slapd[2065]: send_ldap_result: conn=5 op=1 p=3 Feb 11 19:19:53 devel slapd[2053]: daemon: activity on 1 descriptors Feb 11 19:19:53 devel slapd[2065]: send_ldap_result: err=1 matched="" text="SASL bind in progress" Feb 11 19:19:53 devel slapd[2053]: daemon: activity on: Feb 11 19:19:53 devel slapd[2065]: send_ldap_response: msgid=0 tag=48 err=1 Feb 11 19:19:53 devel slapd[2053]: 12r Feb 11 19:19:53 devel slapd[2065]: connection_closing: readying conn=5 sd=12 for close Feb 11 19:19:53 devel slapd[2053]: Feb 11 19:19:53 devel slapd[2065]: connection_resched: attempting closing conn=5 sd=12 Feb 11 19:19:53 devel slapd[2053]: daemon: read activity on 12 Feb 11 19:19:53 devel slapd[2065]: connection_close: conn=5 sd=12 Feb 11 19:19:53 devel slapd[2065]: daemon: removing 12 Feb 11 19:19:53 devel slapd[2053]: connection_get(12) Feb 11 19:19:53 devel slapd[2053]: connection_get(12): connection not used Feb 11 19:19:53 devel slapd[2053]: connection_read(12): no connection! Feb 11 19:19:53 devel slapd[2053]: daemon: removing 12 Feb 11 19:19:53 devel slapd[2053]: daemon: closing 12 On Wed, 2004-02-11 at 07:56, Igor Brezac wrote: > Check > http://www.openldap.org/its/index.cgi/Software%20Bugs?id=2926;selectid=2926 > > Cyrus-imap needs to be fixed, but it was easier to change openldap api. > > -Igor > > On Wed, 11 Feb 2004, Edward Rudd wrote: > > > I'm using the ldapdb auxprop plugin that comes with OpenLDAP 2.1.22 with > > cyrus sasl 2.1.15, which works perfectly with the sasl2 sample server > > and client programs, postfix 1.1.12, postfix 2.0.16, and cyrus imapd > > 2.1.13 to cyrus imapd 2.1.15.. However when I upgraded to cyrus imapd > > 2.2.3 (all of these are using Simon Matter's wonderful RPMS), I always > > get user not found when trying to login as any user.. (fully qualified > > user like [EMAIL PROTECTED] or the "cyrus" admin user). > > > > And my ldap logs show nothing going on.. literally.. I see a connection > > coming in from sasl, and then disconnecting.. no other activity is > > logged. And I have the loglevel for openldap set to 255. > > > > My auth.log shows "no worthy mechs found" and nothing in my imapd.log > > > > What changed in relation to SASL configuration from Cyrus IMAPD 2.1.x to > > 2.2.x?? > > > > Here is my relavent imapd.conf > > > > sasl_pwcheck_method: auxprop > > sasl_auxprop_plugin: ldapdb > > sasl_mech_list: plain digest-md5 cram-md5 ntlm > > > > sasl_ldapdb_uri: ldap:/// > > sasl_ldapdb_id: auxprop_user > > sasl_ldapdb_pw: password_for_said_user > > sasl_ldapdb_mech: DIGEST-MD5 > > > > Which is the same configuration as sample.conf (for the sample server > > and client) and smtpd.conf (for postfix). Except those files don't have > > the sasl_ prefix to the configuration directives.. > > > > -- Edward Rudd <[EMAIL PROTECTED]> Website http://outoforder.cc/ --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: upgrade from Cyrus 2.1.15 to cyrus 2.2.3 breaks LDAP auxprop authentication.
On Wed, 11 Feb 2004, Edward Rudd wrote: > I'm using the ldapdb auxprop plugin that comes with OpenLDAP 2.1.22 with > cyrus sasl 2.1.15, which works perfectly with the sasl2 sample server > and client programs, postfix 1.1.12, postfix 2.0.16, and cyrus imapd > 2.1.13 to cyrus imapd 2.1.15.. However when I upgraded to cyrus imapd > 2.2.3 (all of these are using Simon Matter's wonderful RPMS), I always > get user not found when trying to login as any user.. (fully qualified > user like [EMAIL PROTECTED] or the "cyrus" admin user). We've seen some problems with how 2.2 initilizes SASL and working with the LDAPDB plugin. It is not an immediately trivial fix, but I've documented it as Bug 2366. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: upgrade from Cyrus 2.1.15 to cyrus 2.2.3 breaks LDAP auxprop authentication.
Check http://www.openldap.org/its/index.cgi/Software%20Bugs?id=2926;selectid=2926 Cyrus-imap needs to be fixed, but it was easier to change openldap api. -Igor On Wed, 11 Feb 2004, Edward Rudd wrote: > I'm using the ldapdb auxprop plugin that comes with OpenLDAP 2.1.22 with > cyrus sasl 2.1.15, which works perfectly with the sasl2 sample server > and client programs, postfix 1.1.12, postfix 2.0.16, and cyrus imapd > 2.1.13 to cyrus imapd 2.1.15.. However when I upgraded to cyrus imapd > 2.2.3 (all of these are using Simon Matter's wonderful RPMS), I always > get user not found when trying to login as any user.. (fully qualified > user like [EMAIL PROTECTED] or the "cyrus" admin user). > > And my ldap logs show nothing going on.. literally.. I see a connection > coming in from sasl, and then disconnecting.. no other activity is > logged. And I have the loglevel for openldap set to 255. > > My auth.log shows "no worthy mechs found" and nothing in my imapd.log > > What changed in relation to SASL configuration from Cyrus IMAPD 2.1.x to > 2.2.x?? > > Here is my relavent imapd.conf > > sasl_pwcheck_method: auxprop > sasl_auxprop_plugin: ldapdb > sasl_mech_list: plain digest-md5 cram-md5 ntlm > > sasl_ldapdb_uri: ldap:/// > sasl_ldapdb_id: auxprop_user > sasl_ldapdb_pw: password_for_said_user > sasl_ldapdb_mech: DIGEST-MD5 > > Which is the same configuration as sample.conf (for the sample server > and client) and smtpd.conf (for postfix). Except those files don't have > the sasl_ prefix to the configuration directives.. > > -- Igor --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
upgrade from Cyrus 2.1.15 to cyrus 2.2.3 breaks LDAP auxprop authentication.
I'm using the ldapdb auxprop plugin that comes with OpenLDAP 2.1.22 with cyrus sasl 2.1.15, which works perfectly with the sasl2 sample server and client programs, postfix 1.1.12, postfix 2.0.16, and cyrus imapd 2.1.13 to cyrus imapd 2.1.15.. However when I upgraded to cyrus imapd 2.2.3 (all of these are using Simon Matter's wonderful RPMS), I always get user not found when trying to login as any user.. (fully qualified user like [EMAIL PROTECTED] or the "cyrus" admin user). And my ldap logs show nothing going on.. literally.. I see a connection coming in from sasl, and then disconnecting.. no other activity is logged. And I have the loglevel for openldap set to 255. My auth.log shows "no worthy mechs found" and nothing in my imapd.log What changed in relation to SASL configuration from Cyrus IMAPD 2.1.x to 2.2.x?? Here is my relavent imapd.conf sasl_pwcheck_method: auxprop sasl_auxprop_plugin: ldapdb sasl_mech_list: plain digest-md5 cram-md5 ntlm sasl_ldapdb_uri: ldap:/// sasl_ldapdb_id: auxprop_user sasl_ldapdb_pw: password_for_said_user sasl_ldapdb_mech: DIGEST-MD5 Which is the same configuration as sample.conf (for the sample server and client) and smtpd.conf (for postfix). Except those files don't have the sasl_ prefix to the configuration directives.. -- Edward Rudd <[EMAIL PROTECTED]> Website http://outoforder.cc/ --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
