How to move sasldb to another server?

Andreas Winkelmann ml at awinkelmann.de
Sat Nov 11 03:32:21 EST 2006 

Am Saturday 11 November 2006 08:57 schrieb Martin Schweizer:

> > > I have two cyrus imapd server (all software has the same version)
> > > which uses sasldb for authentication. For failover reasons I would
> > > like to "copy" regulary the sasldb from the main server to the backup
> > > server. How can I do that? I did copied by hand but this works not.
> >
> > Maybe you want to tell us, what "works not" means?
>
> ...  means you can not login (pop3, imap oder squirrmail)  if you use
> the copied file.
>
> > I would guess, you use the Hostname as Realm. This will change on the
> > other
>
> ... yea, I saw (with strings sasldb2.sb) that there are realms in the
> database. Probably that is the problem. Isn't it?

You can use "sasldblistusers" or "sasldblistusers2" to see the contents of 
sasldb.

> > Server of course. You can solve this with setting servername in
> > imapd.conf to
>
> ... you mean I should turn on the main server name in the impad.conf
> from the backup server?

This is the easiest choice.

An entry in sasldb contains 3 or maybe 4 parts. Username, Realm, Password (and 
Type: the "userPassword"). If your users uses only a Username, without 
@domain-Part, the Hostname of the Server is used for this key. This is 
servername in imapd.conf for Cyrus-Imapd.

Either create entries with:

# saslpasswd -cu domain.tld username

And tell your users to use "user at domain.tld" as Username. This should work on 
both servers, then.

Or if you (have already) create(d) entries with:

# saslpasswd -c username

The Hostname of the Server is used and either your Users use 
"username at host.domain.tld" as username or you have to change something 
between the Source and Destination (Backup) Server. The easiest is to change 
the servername (imapd.conf) of the Backup-Server to be equal the other. Then 
Users can use "username" on both servers.

> > the Hostname of the Source-Server. Or change sasldb after copying. Or...
>
> ... what you mean with "change sasldb after copying"? Do something by hand?

If the databasetype is bdb, you can use db_dump/db_load

# db_dump -p /etc/sasldb2 | sed 's/host1\.domain\.tld/host2.domain.tld/' | 
db_load /etc/sasldb2_new

This is only an example, if you really want to use something like that, you 
should work at least on the regexp in sed.

Or a little Perl-Script.

-- 
	Andreas

More information about the Cyrus-sasl mailing list