From lan at zato.ru Fri Nov 2 07:08:45 2018 From: lan at zato.ru (Alexander N. Lunev) Date: Fri, 2 Nov 2018 14:08:45 +0300 Subject: ldapdb_canonuser_plug_init invalid parameter supplied In-Reply-To: <20181031133849.GB10053@dan.olp.net> References: <613c0137-21a2-347f-0d37-25abfc8957f1@zato.ru> <20181031133849.GB10053@dan.olp.net> Message-ID: <96a724a3-0a84-b4c7-eccc-8d69961e02ae@zato.ru> 31.10.2018 16:38, Dan White ?????: > On 10/31/18?10:58?+0300, Alexander N. Lunev via Cyrus-sasl wrote: >> I'm stuck in the problem that cyrus-sasl library doesn't recognize >> ldapdb auxprop plugin. > ~$ cat /usr/lib/sasl2/pluginviewer.conf | grep ldapdb_uri > ldapdb_uri: ldapi:/// OK, now pluginviewer is listing ldapdb plugin. But i'm still seeing messages like: lmtpunix[40882]: ldapdb_canonuser_plug_init() failed in sasl_canonuser_add_plugin(): invalid parameter supplied exim: ldapdb_canonuser_plug_init() failed in sasl_canonuser_add_plugin(): invalid parameter supplied sshd[69937]: ldapdb_canonuser_plug_init() failed in sasl_canonuser_add_plugin(): invalid parameter supplied These messages telling me that something is wrong. Am i right? -- Best regards Alexander Lunev From hyc at highlandsun.com Fri Nov 2 14:06:24 2018 From: hyc at highlandsun.com (Howard Chu) Date: Fri, 2 Nov 2018 18:06:24 +0000 Subject: ldapdb_canonuser_plug_init invalid parameter supplied In-Reply-To: <96a724a3-0a84-b4c7-eccc-8d69961e02ae@zato.ru> References: <613c0137-21a2-347f-0d37-25abfc8957f1@zato.ru> <20181031133849.GB10053@dan.olp.net> <96a724a3-0a84-b4c7-eccc-8d69961e02ae@zato.ru> Message-ID: Alexander N. Lunev via Cyrus-sasl wrote: > 31.10.2018 16:38, Dan White ?????: >> On 10/31/18?10:58?+0300, Alexander N. Lunev via Cyrus-sasl wrote: >>> I'm stuck in the problem that cyrus-sasl library doesn't recognize ldapdb auxprop plugin. >> ~$ cat /usr/lib/sasl2/pluginviewer.conf | grep ldapdb_uri >> ldapdb_uri: ldapi:/// > > OK, now pluginviewer is listing ldapdb plugin. But i'm still seeing messages? like: > > lmtpunix[40882]: ldapdb_canonuser_plug_init() failed in sasl_canonuser_add_plugin(): invalid parameter supplied > > exim: ldapdb_canonuser_plug_init() failed in sasl_canonuser_add_plugin(): invalid parameter supplied > > sshd[69937]: ldapdb_canonuser_plug_init() failed in sasl_canonuser_add_plugin(): invalid parameter supplied > > These messages telling me that something is wrong. Am i right? They're telling you the same thing is wrong - each app needs the ldapdb_uri to be configured. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/ From lan at zato.ru Fri Nov 2 14:32:50 2018 From: lan at zato.ru (Alexander Lunev) Date: Fri, 02 Nov 2018 21:32:50 +0300 Subject: ldapdb_canonuser_plug_init invalid parameter supplied Message-ID: Oh, then can I somehow write default config file for all programs? Or there is another more elegant way? 2 ????. 2018 ?. 9:06 PM ???????????? Howard Chu ???????: > > Alexander N. Lunev via Cyrus-sasl wrote: > > 31.10.2018 16:38, Dan White ?????: > >> On 10/31/18?10:58?+0300, Alexander N. Lunev via Cyrus-sasl wrote: > >>> I'm stuck in the problem that cyrus-sasl library doesn't recognize ldapdb auxprop plugin. > >> ~$ cat /usr/lib/sasl2/pluginviewer.conf | grep ldapdb_uri > >> ldapdb_uri: ldapi:/// > > > > OK, now pluginviewer is listing ldapdb plugin. But i'm still seeing messages? like: > > > > lmtpunix[40882]: ldapdb_canonuser_plug_init() failed in sasl_canonuser_add_plugin(): invalid parameter supplied > > > > exim: ldapdb_canonuser_plug_init() failed in sasl_canonuser_add_plugin(): invalid parameter supplied > > > > sshd[69937]: ldapdb_canonuser_plug_init() failed in sasl_canonuser_add_plugin(): invalid parameter supplied > > > > These messages telling me that something is wrong. Am i right? > > They're telling you the same thing is wrong - each app needs the ldapdb_uri to be configured. > > -- > ? -- Howard Chu > ? CTO, Symas Corp.?????????? http://www.symas.com > ? Director, Highland Sun???? http://highlandsun.com/hyc/ > ? Chief Architect, OpenLDAP? http://www.openldap.org/project/ From mike at flyn.org Thu Nov 8 01:24:31 2018 From: mike at flyn.org (W. Michael Petullo) Date: Thu, 8 Nov 2018 01:24:31 -0500 Subject: Cyrus-sasl official releases? Message-ID: <20181108062431.GA24605@imp.flyn.org> Is there any update on the final 2.1.27 release? We presently provide a 2.1.27-rc8 package for OpenWrt. Have you seen the merge request at https://github.com/cyrusimap/cyrus-sasl/pull/544? We have begun to apply this patch locally within our package. -- Mike :wq From murch at fastmail.com Fri Nov 9 08:30:48 2018 From: murch at fastmail.com (Ken Murchison) Date: Fri, 9 Nov 2018 08:30:48 -0500 Subject: Cyrus-sasl official releases? In-Reply-To: <20181108062431.GA24605@imp.flyn.org> References: <20181108062431.GA24605@imp.flyn.org> Message-ID: <3d15f490-a0aa-ab38-8741-0a33120714e6@fastmail.com> Attached is one last release candidate with (hopefully) Windows builds fixed, and fixes for a bunch of Coverity complaints. Please test ASAP.? I want this out the door next week for sure. On 11/08/2018 01:24 AM, W. Michael Petullo wrote: > Is there any update on the final 2.1.27 release? We presently provide > a 2.1.27-rc8 package for OpenWrt. > > Have you seen the merge request at > https://github.com/cyrusimap/cyrus-sasl/pull/544? We have begun to > apply this patch locally within our package. > -- Kenneth Murchison Cyrus Development Team FastMail US LLC -------------- next part -------------- A non-text attachment was scrubbed... Name: cyrus-sasl-2.1.27-rc9.tar.gz Type: application/gzip Size: 4111249 bytes Desc: not available URL: From murch at fastmail.com Tue Nov 20 10:00:56 2018 From: murch at fastmail.com (Ken Murchison) Date: Tue, 20 Nov 2018 10:00:56 -0500 Subject: SASL 2.1.27 Message-ID: <9a09ebfd-0fa8-fc0d-b707-4133227cb0b9@fastmail.com> All, I'm pleased to announce the release of the long-awaited SASL 2.1.27 which can be downloaded from here: * HTTP: https://www.cyrusimap.org/releases/cyrus-sasl-2.1.27.tar.gz https://www.cyrusimap.org/releases/cyrus-sasl-2.1.27.tar.gz.sig * FTP: ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-2.1.27.tar.gz ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-2.1.27.tar.gz.sig md5sum: a33820c66e0622222c5aefafa1581083 cyrus-sasl-2.1.27.tar.gz b295313b9915be32b334f7e88f30dacd cyrus-sasl-2.1.27.tar.gz.sig The (mostly) complete list of changes from 2.1.26 are these: * Added support for OpenSSL 1.1 * Added support for lmdb (from Howard Chu) * Lots of build fixes (from Ignacio Casal Quinteiro and others) * Treat SCRAM and DIGEST-MD5 as more secure than PLAIN when selecting client mech * DIGEST-MD5 plugin: o Fixed memory leaks o Fixed a segfault when looking for non-existent reauth cache o Prevent client from going from step 3 back to step 2 o Allow cmusaslsecretDIGEST-MD5 property to be disabled * GSSAPI plugin: o Added support for retrieving negotiated SSF o Properly compute maxbufsize AFTER security layers have been set * SCRAM plugin: o Added support for SCRAM-SHA-256 o Allow SCRAM-* to be used by HTTP * LOGIN plugin: o Don?t prompt client for password until requested by server * NTLM plugin: o Fixed crash due to uninitialized HMAC context * saslauthd: o cache.c: + Don?t use cached credentials if timeout has expired + Fixed debug logging output o ipc_doors.c: + Fixed potential DoS attack (from Oracle) o ipc_unix.c: + Prevent premature closing of socket o auth_rimap.c: + Added support LOGOUT command + Added support for unsolicited CAPABILITY responses in LOGIN reply + Properly detect end of responses (don?t needlessly wait) + Properly handle backslash in passwords o auth_httpform: + Fix off-by-one error in string termination + Added support for 204 success response o auth_krb5.c: + Added krb5_conv_krb4_instance option + Added more verbose error logging -- Ken Murchison Cyrus Development Team FastMail US LLC -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: murch.vcf Type: text/x-vcard Size: 4 bytes Desc: not available URL: From ignacio.casal at nice-software.com Tue Nov 20 16:23:44 2018 From: ignacio.casal at nice-software.com (Ignacio Casal) Date: Tue, 20 Nov 2018 22:23:44 +0100 Subject: SASL 2.1.27 In-Reply-To: <9a09ebfd-0fa8-fc0d-b707-4133227cb0b9@fastmail.com> References: <9a09ebfd-0fa8-fc0d-b707-4133227cb0b9@fastmail.com> Message-ID: Thanks Ken for getting this released. Very much appreciated El mar., 20 nov. 2018 16:10, Ken Murchison escribi?: > All, > > I'm pleased to announce the release of the long-awaited SASL 2.1.27 which > can be downloaded from here: > > > * HTTP: > > https://www.cyrusimap.org/releases/cyrus-sasl-2.1.27.tar.gz > https://www.cyrusimap.org/releases/cyrus-sasl-2.1.27.tar.gz.sig > > * FTP: > > ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-2.1.27.tar.gz > ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-2.1.27.tar.gz.sig > > md5sum: > > a33820c66e0622222c5aefafa1581083 cyrus-sasl-2.1.27.tar.gz > b295313b9915be32b334f7e88f30dacd cyrus-sasl-2.1.27.tar.gz.sig > > > The (mostly) complete list of changes from 2.1.26 are these: > > - Added support for OpenSSL 1.1 > - Added support for lmdb (from Howard Chu) > - Lots of build fixes (from Ignacio Casal Quinteiro and others) > - Treat SCRAM and DIGEST-MD5 as more secure than PLAIN when selecting > client mech > - DIGEST-MD5 plugin: > - Fixed memory leaks > - Fixed a segfault when looking for non-existent reauth cache > - Prevent client from going from step 3 back to step 2 > - Allow cmusaslsecretDIGEST-MD5 property to be disabled > - GSSAPI plugin: > - Added support for retrieving negotiated SSF > - Properly compute maxbufsize AFTER security layers have been set > - SCRAM plugin: > - Added support for SCRAM-SHA-256 > - Allow SCRAM-* to be used by HTTP > - LOGIN plugin: > - Don?t prompt client for password until requested by server > - NTLM plugin: > - Fixed crash due to uninitialized HMAC context > - saslauthd: > - cache.c: > - Don?t use cached credentials if timeout has expired > - Fixed debug logging output > - ipc_doors.c: > - Fixed potential DoS attack (from Oracle) > - ipc_unix.c: > - Prevent premature closing of socket > - auth_rimap.c: > - Added support LOGOUT command > - Added support for unsolicited CAPABILITY responses in LOGIN > reply > - Properly detect end of responses (don?t needlessly wait) > - Properly handle backslash in passwords > - auth_httpform: > - Fix off-by-one error in string termination > - Added support for 204 success response > - auth_krb5.c: > - Added krb5_conv_krb4_instance option > - Added more verbose error logging > > > > > -- > Ken Murchison > Cyrus Development Team > FastMail US LLC > > -------------- next part -------------- An HTML attachment was scrubbed... URL: