sasl_log_level: Use the same sasldb on two Cyrus Imapd servers

Martin Schweizer schweizer.martin at gmail.com
Wed Oct 17 04:31:02 EDT 2007


Hello

- I checked a lot of documentation but I did not find out how I can
set the log level for sasldb. I know the option is (sasl_)log_level
(tested also only log_level) but with no success (also checked
sasl.h). I get no more sasl debugging information then the standard
ones.

- My goal is to use the same sasldb file for the server which works as
master/client replicants. I disscused this issue at end of the last
year with Andreas. Now I did some testing around this but I got no
success (see posting below).

What do I wrong? Any hints are welcome.

Regards,


---------- Forwarded message ----------
From: Andreas Winkelmann <ml at awinkelmann.de>
Date: 11.11.2006 10:32
Subject: Re: How to move sasldb to another server?
To: cyrus-sasl at lists.andrew.cmu.edu


Am Saturday 11 November 2006 08:57 schrieb Martin Schweizer:

> > > I have two cyrus imapd server (all software has the same version)
> > > which uses sasldb for authentication. For failover reasons I would
> > > like to "copy" regulary the sasldb from the main server to the backup
> > > server. How can I do that? I did copied by hand but this works not.
> >
> > Maybe you want to tell us, what "works not" means?
>
> ...  means you can not login (pop3, imap oder squirrmail)  if you use
> the copied file.
>
> > I would guess, you use the Hostname as Realm. This will change on the
> > other
>
> ... yea, I saw (with strings sasldb2.sb) that there are realms in the
> database. Probably that is the problem. Isn't it?

You can use "sasldblistusers" or "sasldblistusers2" to see the contents of
sasldb.

> > Server of course. You can solve this with setting servername in
> > imapd.conf to
>
> ... you mean I should turn on the main server name in the impad.conf
> from the backup server?

This is the easiest choice.

An entry in sasldb contains 3 or maybe 4 parts. Username, Realm, Password (and
Type: the "userPassword"). If your users uses only a Username, without
@domain-Part, the Hostname of the Server is used for this key. This is
servername in imapd.conf for Cyrus-Imapd.

Either create entries with:

# saslpasswd -cu domain.tld username

And tell your users to use "user at domain.tld" as Username. This should work on
both servers, then.

Or if you (have already) create(d) entries with:

# saslpasswd -c username

The Hostname of the Server is used and either your Users use
"username at host.domain.tld" as username or you have to change something
between the Source and Destination (Backup) Server. The easiest is to change
the servername (imapd.conf) of the Backup-Server to be equal the other. Then
Users can use "username" on both servers.

> > the Hostname of the Source-Server. Or change sasldb after copying. Or...
>
> ... what you mean with "change sasldb after copying"? Do something by hand?

If the databasetype is bdb, you can use db_dump/db_load

# db_dump -p /etc/sasldb2 | sed 's/host1\.domain\.tld/host2.domain.tld/' |
db_load /etc/sasldb2_new

This is only an example, if you really want to use something like that, you
should work at least on the regexp in sed.

Or a little Perl-Script.

--
        Andreas


-- 
Martin Schweizer
schweizer.martin at gmail.com
Tel.: +41 32 512 48 54 (VoIP)
Fax: +1 619 3300587


More information about the Cyrus-sasl mailing list