upgrade from Cyrus 2.1.15 to cyrus 2.2.3 breaks LDAP auxpropauthentication.

[Howard Chu]

> -----Original Message-----
> From: owner-cyrus-sasl at lists.andrew.cmu.edu
> [mailto:owner-cyrus-sasl at lists.andrew.cmu.edu]On Behalf Of Edward Rudd

> OK I patched my OpenLDAP and recompiled, installed restarted postfix,
> cyrus imapd, and started up ldap. And it still retuns "user not found"
> when I try to login to cyrus imap. But the auth.log now shows
> something different..
> --- auth.log ---
> Feb 11 19:19:46 devel imtest: DIGEST-MD5 client step 2
> Feb 11 19:19:53 devel imtest: DIGEST-MD5 client step 2
> Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 server step 2
> Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 client step 2
> Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 client step 2
> Feb 11 19:19:53 devel imap[2282]: bad userid authenticated
> Feb 11 19:19:53 devel imap[2282]: no secret in database
> ----

What happened to step 1?

> And my ldap.log shows this (loglevel 255)
> --- ldap.log ---
> Feb 11 19:19:53 devel slapd[2053]: daemon: read activity on 12
> Feb 11 19:19:53 devel slapd[2053]: connection_get(12)
> Feb 11 19:19:53 devel slapd[2053]: connection_get(12): got connid=5
> Feb 11 19:19:53 devel slapd[2053]: connection_read(12): checking for
> input on id=5

OpenLDAP's syslog output is not useful for debugging; it's mainly for
reporting normal operational status. You need to run slapd in debug mode and
save the output from stderr when you actually want to chase a bug.

In this case, both your auth.log and your ldap.log indicate that a SASL Bind
has been performed in an improper sequence (i.e., step 1 doesn't appear in
the log, and it seems that some other request has been made before the SASL
Bind properly completed.). To see exactly what happened, you'll need the
debug trace from slapd.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support