<br>Cyrus IMAPD version: 2.3.16 ( using a compiled source version )<br><br><br>My problem seems to be with the sasl authentication<br><br>frontend auth with mupdate - Ok<br>mupdate auth with frontend - Ok <br>frontend auth with backend - ???<br>
<br>------------------------------------------------------------------<br>My /etc/saslauthd.conf<br><br>ldap_servers: ldap://ldap.intranet<br>ldap_auth_method: bind<br>ldap_referrals: no<br>ldap_search_base: dc=domain1,dc=com<br>
ldap_verbose: on<br>ldap_debug: 6<br><br>Tested with testsaslauthd and postfix.<br><br>--------------------------------------------------------------------<br>In Frontend:<br><br># Mupdate<br>mupdate_server: mupdate.intranet <br>
mupdate_username: cyrmaster<br>mupdate_authname: cyrmaster<br>mupdate_password: data<br><br># Backend User<br>proxy_authname: cyrmaster<br>proxy_password: data<br><br># Administrator<br>admins: cyrmaster<br><br># SASL<br>
sasl_pwcheck_method: saslauthd<br>sasl_mech_list: PLAIN LOGIN<br>allowplaintext: yes<br>sasl_minimum_layer: 0<br>sasl_auto_transition: no<br>-----------------------------------------------------<br><br>In Backend:<br><br>
# Mupdate <br>mupdate_server: mupdate.intranet<br>mupdate_username: cyrmaster<br>mupdate_authname: cyrmaster<br>mupdate_password: data<br><br><br># Backend User<br>proxyservers: cyrmaster<br><br># Administrator<br>admins: cyrmaster<br>
<br># SASL<br>sasl_pwcheck_method: saslauthd<br>sasl_mech_list: PLAIN LOGIN<br>allowplaintext: yes<br>sasl_minimum_layer: 0<br>sasl_auto_transition: no<br><br>----------------------------------------------------------------------------------------<br>
<br>When i connect in frontend and create a mailbox:<br><br>cyradm --user cyrmaster frontend <br>frontend> cm user/bob backend1<br><br><br>in backend log:<br><br>Jul 14 23:48:34 backend1 saslauthd[6837]: ldap_simple_bind() failed -1 (Can't contact LDAP server).<br>
Jul 14 23:48:34 backend1 saslauthd[6837]: Retrying authentication<br>Jul 14 23:48:34 backend1 imap[7042]: auxpropfunc error invalid parameter supplied<br>Jul 14 23:48:34 backend1 imap[7042]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: ldapdb<br>
<br>But mailbox is created.<br><br>When setacl is used:<br><br>frontend> sam user/bob cyrmaster all<br><br>In backend log:<br><br>ul 14 23:52:45 backend1 imap[7050]: auxpropfunc error invalid parameter supplied<br>Jul 14 23:52:45 backend1 imap[7050]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: ldapdb<br>
Jul 14 23:52:45 backend1 imap[7042]: No worthy mechs found<br>Jul 14 23:52:45 backend1 imap[7051]: auxpropfunc error invalid parameter supplied<br>Jul 14 23:52:45 backend1 imap[7051]: _sasl_plugin_load 1ailed on sasl_auxprop_plug_init for plugin: ldapdb<br>
<br>---------------------------------------------------------------------------------------------------------------------------------------------------------------------<br><br>when try to reconstruct a mailbox:<br><br>frontend> reconstruct user/bob<br>
<br>Jul 15 00:09:53 uxrjo700 saslauthd[6841]: Authentication failed for cyrmaster: Bind to ldap server failed (invalid user/password or insufficient access) (-7)<br>Jul 15 00:09:53 uxrjo700 saslauthd[6841]: do_auth : auth failure: [user=cyrmaster] [service=imap] [realm=] [mech=ldap] [reason=Unknown]<br>
Jul 15 00:09:59 uxrjo700 imap[7116]: auxpropfunc error invalid parameter supplied<br>Jul 15 00:09:59 uxrjo700 imap[7116]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: ldapdb<br><br><br>I don' configure sasl plugin: ldapdb in imapd.conf , why this plugin is called ?<br>
.sasl_pwcheck_method: saslauthd is not sufficient for all operations ?<br>I need to configure some ldapdb parameter ??<br><br>I don' configure any TLS certificate is necessary to configure a TLS certificate ?<br>Even when PLAIN password is used ?<br>
<br>With means "No worthy mechs found" ?<br><br>I thank in advance for any help<br><br>Regards<br>Zinato<br><br><br><br><br><br><br><div class="gmail_quote">On Tue, Jul 13, 2010 at 8:24 PM, Lucas Zinato Carraro <span dir="ltr"><<a href="mailto:lucaszc@gmail.com">lucaszc@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;"><br><br>cyradm --user <a href="mailto:cyrmaster@domain1.com" target="_blank">cyrmaster@domain1.com</a> <a href="http://frontend.domain.com" target="_blank">frontend.domain.com</a><br>
Password: <br><a href="http://frontend.domain.com" target="_blank">frontend.domain.com</a>> <br>
<a href="http://frontend.domain.com" target="_blank">frontend.domain.com</a>> <br><a href="http://frontend.domain.com" target="_blank">frontend.domain.com</a>> cm user/test backend1.intranet --- OK <br>
<a href="http://frontend.domain.com" target="_blank">frontend.domain.com</a>> lm user/test <br>user/testepermissao (\HasNoChildren)<br> <br><a href="http://frontend.domain.com" target="_blank">frontend.domain.com</a>> info user/testepermissao <br>
{user/test}:<br> server: backend1.intranet<br><a href="http://correio.dataprev.gov.br" target="_blank">correio.dataprev.gov.br</a>> sam user/test <a href="mailto:cyrmaster@domain1.com" target="_blank">cyrmaster@domain1.com</a> all <br>
setaclmailbox: <a href="mailto:cyrmaster@domain1.com" target="_blank">cyrmaster@domain1.com</a>: lrswipkxtea: Server(s) unavailable to complete operation<br>
<br>---------------------------------------------------------------------------------------------------------------<br><br>Problem when set ACLs and QUOTA, but CREATE is OK<br><br>Using SASLAUTH with LDAP Server.<br><br>
--------------------------------------------------------------------------------------------------<br>
Configuration in <a href="http://frontend.domain.com" target="_blank">frontend.domain.com</a><br><br>............................................<br># Administrator<br>admins: <a href="mailto:cyrmaster@domain1.com" target="_blank">cyrmaster@domain1.com</a> <a href="mailto:cyrmaster@domain2.com" target="_blank">cyrmaster@domain2.com</a><br>
<br># Mupdate <br>mupdate_server: mupdate.intranet<br>mupdate_authname: mupdateuser<br>mupdate_password: password<br><br># Backend User <br>proxy_authname: backenduser<br>proxy_password: password1<br>backend1_password: password1<br>
<br>------------------------------------------------------------------------------------------------------<br>Configuration in backend1.intranet <br><br>............................<br># Mupdate <br>
mupdate_server: mupdate.intranet<br>
mupdate_authname: mupdateuser<br>
mupdate_password: password<br>
<br># Backend User<br>proxyservers: backenduser@intranet <a href="mailto:backenduser@domain1.com" target="_blank">backenduser@domain1.com</a> <a href="mailto:backenduser@domain2.com" target="_blank">backenduser@domain2.com</a> <br>
<br># Administrador<br>
admins: <a href="mailto:cyrmaster@domain1.com" target="_blank">cyrmaster@domain1.com</a> <a href="mailto:cyrmaster@domain2.com" target="_blank">cyrmaster@domain2.com</a><br><br><br>------------------------------------------------------------------------------------------------------<br>
Configuration in mupdate.intranet <br><br>..............<br><br><br>
# Backend User<br>proxy_authname: backenduser<br>proxy_password: password1<br><br># Administrator<br>admins: mupdateuser mupdateuser@intranet backenduser <a href="mailto:backenduser@domain1.com" target="_blank">backenduser@domain1.com</a> <a href="mailto:backenduser@domain2.com" target="_blank">backenduser@domain2.com</a><br>
<br><br>----------------------------------------------------------------------------------------------------------<br><br>When i use this command i see in backend :<br><br>Jul 13 19:52:34 backend1 imap[30484]: login: <a href="http://frontend.domain.com" target="_blank">frontend.domain.com</a> [192.168.136.151] <a href="mailto:cyrmaster@domain1.com" target="_blank">cyrmaster@domain1.com</a> PLAIN User logged in<br>
Jul 13 19:52:34 backend1 imap[30484]: fetching user_deny.db entry for '<a href="mailto:cyrmaster@domain1.com" target="_blank">cyrmaster@domain1.com</a>'<br>Jul 13 19:52:34 backend1 imap[30478]: accepted connection<br>
Jul 13 19:52:34 backend1 imap[30484]: couldn't authenticate to backend server: no mechanism available<br>
<br><br>Any help ?<br><br><br>Another question is: When i transfer a mailbox from backend1 to backend2 , backend1 auth in backend2 with <br>the user that request action ( in my example <a href="mailto:cyrmaster@domain1.com" target="_blank">cyrmaster@domain1.com</a> ) or with proxy_authname( <a href="mailto:backenduser@domain1.com" target="_blank">backenduser@domain1.com</a> ) ?<br>
<br><br><br>Thanks for any help<br><br>Regards<br><font color="#888888"><br>Zinato<br><br><br><br><br><br>
</font></blockquote></div><br>