sasl_log_level: Use the same sasldb on two Cyrus Imapd servers

Andreas Winkelmann ml at awinkelmann.de
Wed Oct 17 14:40:08 EDT 2007 

On Mittwoch, 17. Oktober 2007, Martin Schweizer wrote:

> - I checked a lot of documentation but I did not find out how I can
> set the log level for sasldb. I know the option is (sasl_)log_level
> (tested also only log_level) but with no success (also checked
> sasl.h). I get no more sasl debugging information then the standard
> ones.

Don't expect too much from this log_level Option.

> - My goal is to use the same sasldb file for the server which works as
> master/client replicants. I disscused this issue at end of the last
> year with Andreas. Now I did some testing around this but I got no
> success (see posting below).

Where is your Problem with the Hints below? 

> What do I wrong? Any hints are welcome.

> ---------- Forwarded message ----------
> From: Andreas Winkelmann <ml at awinkelmann.de>
> Date: 11.11.2006 10:32
> Subject: Re: How to move sasldb to another server?
> To: cyrus-sasl at lists.andrew.cmu.edu
>
> Am Saturday 11 November 2006 08:57 schrieb Martin Schweizer:
> > > > I have two cyrus imapd server (all software has the same version)
> > > > which uses sasldb for authentication. For failover reasons I would
> > > > like to "copy" regulary the sasldb from the main server to the backup
> > > > server. How can I do that? I did copied by hand but this works not.
> > >
> > > Maybe you want to tell us, what "works not" means?
> >
> > ...  means you can not login (pop3, imap oder squirrmail)  if you use
> > the copied file.
> >
> > > I would guess, you use the Hostname as Realm. This will change on the
> > > other
> >
> > ... yea, I saw (with strings sasldb2.sb) that there are realms in the
> > database. Probably that is the problem. Isn't it?
>
> You can use "sasldblistusers" or "sasldblistusers2" to see the contents of
> sasldb.
>
> > > Server of course. You can solve this with setting servername in
> > > imapd.conf to
> >
> > ... you mean I should turn on the main server name in the impad.conf
> > from the backup server?
>
> This is the easiest choice.
>
> An entry in sasldb contains 3 or maybe 4 parts. Username, Realm, Password
> (and Type: the "userPassword"). If your users uses only a Username, without
> @domain-Part, the Hostname of the Server is used for this key. This is
> servername in imapd.conf for Cyrus-Imapd.
>
> Either create entries with:
>
> # saslpasswd -cu domain.tld username
>
> And tell your users to use "user at domain.tld" as Username. This should work
> on both servers, then.
>
> Or if you (have already) create(d) entries with:
>
> # saslpasswd -c username
>
> The Hostname of the Server is used and either your Users use
> "username at host.domain.tld" as username or you have to change something
> between the Source and Destination (Backup) Server. The easiest is to
> change the servername (imapd.conf) of the Backup-Server to be equal the
> other. Then Users can use "username" on both servers.
>
> > > the Hostname of the Source-Server. Or change sasldb after copying.
> > > Or...
> >
> > ... what you mean with "change sasldb after copying"? Do something by
> > hand?
>
> If the databasetype is bdb, you can use db_dump/db_load
>
> # db_dump -p /etc/sasldb2 | sed 's/host1\.domain\.tld/host2.domain.tld/' |
> db_load /etc/sasldb2_new
>
> This is only an example, if you really want to use something like that, you
> should work at least on the regexp in sed.
>
> Or a little Perl-Script.

-- 
	Andreas

More information about the Cyrus-sasl mailing list