sasl_log_level: Use the same sasldb on two Cyrus Imapd servers

Thu Oct 18 00:27:06 EDT 2007

Hello Andreas

2007/10/17, Andreas Winkelmann <ml at awinkelmann.de>:

> > - I checked a lot of documentation but I did not find out how I can
> > set the log level for sasldb. I know the option is (sasl_)log_level
> > (tested also only log_level) but with no success (also checked
> > sasl.h). I get no more sasl debugging information then the standard
> > ones.
>
> Don't expect too much from this log_level Option.

I'm expect some more error messages regarding my problem below, for
example why my authentication fails.

> > - My goal is to use the same sasldb file for the server which works as
> > master/client replicants. I disscused this issue at end of the last
> > year with Andreas. Now I did some testing around this but I got no
> > success (see posting below).
>
> Where is your Problem with the Hints below?
>
> > What do I wrong? Any hints are welcome.

I tested your hints with the option -u domain.tld but could not
successfully login to the cyrus imap server. Or should I change
someting in the imapd,conf when I use the option -u domain.tld?

Regards,

> > ---------- Forwarded message ----------
> > From: Andreas Winkelmann <ml at awinkelmann.de>
> > Date: 11.11.2006 10:32
> > Subject: Re: How to move sasldb to another server?
> > To: cyrus-sasl at lists.andrew.cmu.edu
> >
> > Am Saturday 11 November 2006 08:57 schrieb Martin Schweizer:
> > > > > I have two cyrus imapd server (all software has the same version)
> > > > > which uses sasldb for authentication. For failover reasons I would
> > > > > like to "copy" regulary the sasldb from the main server to the backup
> > > > > server. How can I do that? I did copied by hand but this works not.
> > > >
> > > > Maybe you want to tell us, what "works not" means?
> > >
> > > ...  means you can not login (pop3, imap oder squirrmail)  if you use
> > > the copied file.
> > >
> > > > I would guess, you use the Hostname as Realm. This will change on the
> > > > other
> > >
> > > ... yea, I saw (with strings sasldb2.sb) that there are realms in the
> > > database. Probably that is the problem. Isn't it?
> >
> > You can use "sasldblistusers" or "sasldblistusers2" to see the contents of
> > sasldb.
> >
> > > > Server of course. You can solve this with setting servername in
> > > > imapd.conf to
> > >
> > > ... you mean I should turn on the main server name in the impad.conf
> > > from the backup server?
> >
> > This is the easiest choice.
> >
> > An entry in sasldb contains 3 or maybe 4 parts. Username, Realm, Password
> > (and Type: the "userPassword"). If your users uses only a Username, without
> > @domain-Part, the Hostname of the Server is used for this key. This is
> > servername in imapd.conf for Cyrus-Imapd.
> >
> > Either create entries with:
> >
> > # saslpasswd -cu domain.tld username
> >
> > And tell your users to use "user at domain.tld" as Username. This should work
> > on both servers, then.
> >
> > Or if you (have already) create(d) entries with:
> >
> > # saslpasswd -c username
> >
> > The Hostname of the Server is used and either your Users use
> > "username at host.domain.tld" as username or you have to change something
> > between the Source and Destination (Backup) Server. The easiest is to
> > change the servername (imapd.conf) of the Backup-Server to be equal the
> > other. Then Users can use "username" on both servers.
> >
> > > > the Hostname of the Source-Server. Or change sasldb after copying.
> > > > Or...
> > >
> > > ... what you mean with "change sasldb after copying"? Do something by
> > > hand?
> >
> > If the databasetype is bdb, you can use db_dump/db_load
> >
> > # db_dump -p /etc/sasldb2 | sed 's/host1\.domain\.tld/host2.domain.tld/' |
> > db_load /etc/sasldb2_new
> >
> > This is only an example, if you really want to use something like that, you
> > should work at least on the regexp in sed.
> >
> > Or a little Perl-Script.
>
> --
>         Andreas
>

-- 
Martin Schweizer
schweizer.martin at gmail.com
Tel.: +41 32 512 48 54 (VoIP)
Fax: +1 619 3300587