cyrus-sasl / ldap problem
Gregory Chagnon
gregchagnon at hotmail.com
Tue Oct 29 15:04:47 EST 2002
Thanks Igor, that helped a little...now it looks like it's being
authenticated against the LDAP database and getting granted access.
However, when I run imtest -m login -a cliff.clavin localhost, I get this:
[root at Lunar]:/usr/src/cyrus-sasl-2.1.9/saslauthd> imtest -m login -a
cliff.clavin localhost
S: * OK Lunar Cyrus IMAP4 v2.1.9-Invoca-RPM-2.1.9-6 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT
THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS LISTEXT
LIST-SUBSCRIBED ANNOTATEMORE X-NETSCAPE
S: C01 OK Completed
Please enter your password:
C: L01 LOGIN cliff.clavin {6}
S: + go ahead
C: <omitted>
S: L01 NO Login failed: authentication failure
Authentication failed. generic failure
Security strength factor: 0
Here is the last 100 lines from my ldap.log file:
[root at Lunar]:/usr/src/cyrus-sasl-2.1.9/saslauthd> tail -n 100
/var/log/ldap.log
Oct 29 15:04:09 Lunar slapd[3188]: => key_read
Oct 29 15:04:09 Lunar slapd[3188]: <= index_read 1 candidates
Oct 29 15:04:09 Lunar slapd[3188]: <= equality_candidates 1
Oct 29 15:04:09 Lunar slapd[3188]: <= filter_candidates 1
Oct 29 15:04:09 Lunar slapd[3188]: <= list_candidates 1
Oct 29 15:04:09 Lunar slapd[3188]: <= filter_candidates 1
Oct 29 15:04:09 Lunar slapd[3188]: <= list_candidates 1
Oct 29 15:04:09 Lunar slapd[3188]: <= filter_candidates 1
Oct 29 15:04:09 Lunar slapd[3188]: ====> cache_return_entry_r( 3 ): returned
(0)
Oct 29 15:04:09 Lunar slapd[3188]: => id2entry_r( 26 )
Oct 29 15:04:09 Lunar slapd[3188]: ====> cache_find_entry_id( 26 )
"uid=cliff.clavin,ou=Users,dc=gregbox,dc=com" (found) (1 tries)
Oct 29 15:04:09 Lunar slapd[3188]: <= id2entry_r( 26 ) 0x8189108 (cache)
Oct 29 15:04:09 Lunar slapd[3188]: => test_filter
Oct 29 15:04:09 Lunar slapd[3188]: EQUALITY
Oct 29 15:04:09 Lunar slapd[3188]: => access_allowed: search access to
"uid=cliff.clavin,ou=Users,dc=gregbox,dc=com" "uid" requested
Oct 29 15:04:09 Lunar slapd[3188]: <= root access granted
Oct 29 15:04:09 Lunar slapd[3188]: <= test_filter 6
Oct 29 15:04:09 Lunar slapd[3188]: => send_search_entry:
"uid=cliff.clavin,ou=Users,dc=gregbox,dc=com"
Oct 29 15:04:09 Lunar slapd[3188]: => access_allowed: read access to
"uid=cliff.clavin,ou=Users,dc=gregbox,dc=com" "entry" requested
Oct 29 15:04:09 Lunar slapd[3188]: <= root access granted
Oct 29 15:04:09 Lunar slapd[3188]: => access_allowed: read access to
"uid=cliff.clavin,ou=Users,dc=gregbox,dc=com" "objectClass" requested
Oct 29 15:04:09 Lunar slapd[3188]: <= root access granted
Oct 29 15:04:09 Lunar slapd[3188]: => access_allowed: read access to
"uid=cliff.clavin,ou=Users,dc=gregbox,dc=com" "objectClass" requested
Oct 29 15:04:09 Lunar slapd[3188]: <= root access granted
Oct 29 15:04:09 Lunar slapd[3188]: => access_allowed: read access to
"uid=cliff.clavin,ou=Users,dc=gregbox,dc=com" "objectClass" requested
Oct 29 15:04:09 Lunar slapd[3188]: <= root access granted
Oct 29 15:04:09 Lunar slapd[3188]: => access_allowed: read access to
"uid=cliff.clavin,ou=Users,dc=gregbox,dc=com" "cn" requested
Oct 29 15:04:09 Lunar slapd[3188]: <= root access granted
Oct 29 15:04:09 Lunar slapd[3188]: => access_allowed: read access to
"uid=cliff.clavin,ou=Users,dc=gregbox,dc=com" "cn" requested
Oct 29 15:04:09 Lunar slapd[3188]: <= root access granted
Oct 29 15:04:09 Lunar slapd[3188]: => access_allowed: read access to
"uid=cliff.clavin,ou=Users,dc=gregbox,dc=com" "sn" requested
Oct 29 15:04:09 Lunar slapd[3188]: <= root access granted
Oct 29 15:04:09 Lunar slapd[3188]: => access_allowed: read access to
"uid=cliff.clavin,ou=Users,dc=gregbox,dc=com" "sn" requested
Oct 29 15:04:09 Lunar slapd[3188]: <= root access granted
Oct 29 15:04:09 Lunar slapd[3188]: => access_allowed: read access to
"uid=cliff.clavin,ou=Users,dc=gregbox,dc=com" "uid" requested
Oct 29 15:04:09 Lunar slapd[3188]: <= root access granted
Oct 29 15:04:09 Lunar slapd[3188]: => access_allowed: read access to
"uid=cliff.clavin,ou=Users,dc=gregbox,dc=com" "uid" requested
Oct 29 15:04:09 Lunar slapd[3188]: <= root access granted
Oct 29 15:04:09 Lunar slapd[3188]: => access_allowed: read access to
"uid=cliff.clavin,ou=Users,dc=gregbox,dc=com" "uidNumber" requested
Oct 29 15:04:09 Lunar slapd[3188]: <= root access granted
Oct 29 15:04:09 Lunar slapd[3188]: => access_allowed: read access to
"uid=cliff.clavin,ou=Users,dc=gregbox,dc=com" "uidNumber" requested
Oct 29 15:04:09 Lunar slapd[3188]: <= root access granted
Oct 29 15:04:09 Lunar slapd[3188]: => access_allowed: read access to
"uid=cliff.clavin,ou=Users,dc=gregbox,dc=com" "gidNumber" requested
Oct 29 15:04:09 Lunar slapd[3188]: <= root access granted
Oct 29 15:04:09 Lunar slapd[3188]: => access_allowed: read access to
"uid=cliff.clavin,ou=Users,dc=gregbox,dc=com" "gidNumber" requested
Oct 29 15:04:09 Lunar slapd[3188]: <= root access granted
Oct 29 15:04:09 Lunar slapd[3188]: => access_allowed: read access to
"uid=cliff.clavin,ou=Users,dc=gregbox,dc=com" "homeDirectory" requested
Oct 29 15:04:09 Lunar slapd[3188]: <= root access granted
Oct 29 15:04:09 Lunar slapd[3188]: => access_allowed: read access to
"uid=cliff.clavin,ou=Users,dc=gregbox,dc=com" "homeDirectory" requested
Oct 29 15:04:09 Lunar slapd[3188]: <= root access granted
Oct 29 15:04:09 Lunar slapd[3188]: => access_allowed: read access to
"uid=cliff.clavin,ou=Users,dc=gregbox,dc=com" "loginShell" requested
Oct 29 15:04:09 Lunar slapd[3188]: <= root access granted
Oct 29 15:04:09 Lunar slapd[3188]: => access_allowed: read access to
"uid=cliff.clavin,ou=Users,dc=gregbox,dc=com" "loginShell" requested
Oct 29 15:04:09 Lunar slapd[3188]: <= root access granted
Oct 29 15:04:10 Lunar slapd[3188]: => access_allowed: read access to
"uid=cliff.clavin,ou=Users,dc=gregbox,dc=com" "gecos" requested
Oct 29 15:04:10 Lunar slapd[3188]: <= root access granted
Oct 29 15:04:10 Lunar slapd[3188]: => access_allowed: read access to
"uid=cliff.clavin,ou=Users,dc=gregbox,dc=com" "gecos" requested
Oct 29 15:04:10 Lunar slapd[3188]: <= root access granted
Oct 29 15:04:10 Lunar slapd[3188]: => access_allowed: read access to
"uid=cliff.clavin,ou=Users,dc=gregbox,dc=com" "description" requested
Oct 29 15:04:10 Lunar slapd[3188]: <= root access granted
Oct 29 15:04:10 Lunar slapd[3188]: => access_allowed: read access to
"uid=cliff.clavin,ou=Users,dc=gregbox,dc=com" "description" requested
Oct 29 15:04:10 Lunar slapd[3188]: <= root access granted
Oct 29 15:04:10 Lunar slapd[3188]: => access_allowed: read access to
"uid=cliff.clavin,ou=Users,dc=gregbox,dc=com" "userPassword" requested
Oct 29 15:04:10 Lunar slapd[3188]: <= root access granted
Oct 29 15:04:10 Lunar slapd[3188]: => access_allowed: read access to
"uid=cliff.clavin,ou=Users,dc=gregbox,dc=com" "userPassword" requested
Oct 29 15:04:10 Lunar slapd[3188]: <= root access granted
Oct 29 15:04:10 Lunar slapd[3188]: conn=122 op=1 ENTRY
dn="uid=cliff.clavin,ou=Users,dc=gregbox,dc=com"
Oct 29 15:04:10 Lunar slapd[3188]: <= send_search_entry
Oct 29 15:04:10 Lunar slapd[3188]: ====> cache_return_entry_r( 26 ):
returned (0)
Oct 29 15:04:10 Lunar slapd[3188]: send_ldap_search_result 0::
Oct 29 15:04:10 Lunar slapd[3188]: send_ldap_response: msgid=2 tag=101 err=0
Oct 29 15:04:10 Lunar slapd[3188]: conn=122 op=1 SEARCH RESULT tag=101 err=0
text=
Oct 29 15:04:10 Lunar slapd[664]: daemon: activity on 1 descriptors
Oct 29 15:04:10 Lunar slapd[664]: daemon: activity on:
Oct 29 15:04:10 Lunar slapd[664]: 23r
Oct 29 15:04:10 Lunar slapd[664]:
Oct 29 15:04:10 Lunar slapd[664]: daemon: read activity on 23
Oct 29 15:04:10 Lunar slapd[664]: connection_get(23)
Oct 29 15:04:10 Lunar slapd[664]: connection_get(23): got connid=122
Oct 29 15:04:10 Lunar slapd[664]: connection_read(23): checking for input on
id=122
Oct 29 15:04:10 Lunar slapd[664]: ber_get_next on fd 23 failed errno=11
(Resource temporarily unavailable)
Oct 29 15:04:10 Lunar slapd[11016]: do_bind
Oct 29 15:04:10 Lunar slapd[664]: daemon: select: listen=6 active_threads=1
tvp=NULL
Oct 29 15:04:10 Lunar slapd[11016]: do_bind: version=3
dn="uid=cliff.clavin,ou=Users,dc=gregbox,dc=com" method=128
Oct 29 15:04:10 Lunar slapd[11016]: conn=122 op=2 BIND
dn="UID=CLIFF.CLAVIN,OU=USERS,DC=GREGBOX,DC=COM" method=128
Oct 29 15:04:10 Lunar slapd[11016]: ==> ldbm_back_bind: dn:
uid=cliff.clavin,ou=Users,dc=gregbox,dc=com
Oct 29 15:04:10 Lunar slapd[11016]: dn2entry_r: dn:
"UID=CLIFF.CLAVIN,OU=USERS,DC=GREGBOX,DC=COM"
Oct 29 15:04:10 Lunar slapd[11016]: => dn2id(
"UID=CLIFF.CLAVIN,OU=USERS,DC=GREGBOX,DC=COM" )
Oct 29 15:04:10 Lunar slapd[11016]: ====>
cache_find_entry_dn2id("UID=CLIFF.CLAVIN,OU=USERS,DC=GREGBOX,DC=COM"): 26 (1
tries)
Oct 29 15:04:10 Lunar slapd[11016]: <= dn2id 26 (in cache)
Oct 29 15:04:10 Lunar slapd[11016]: => id2entry_r( 26 )
Oct 29 15:04:10 Lunar slapd[11016]: ====> cache_find_entry_id( 26 )
"uid=cliff.clavin,ou=Users,dc=gregbox,dc=com" (found) (1 tries)
Oct 29 15:04:10 Lunar slapd[11016]: <= id2entry_r( 26 ) 0x8189108 (cache)
Oct 29 15:04:10 Lunar slapd[11016]: => access_allowed: auth access to
"uid=cliff.clavin,ou=Users,dc=gregbox,dc=com" "userPassword" requested
Oct 29 15:04:10 Lunar slapd[11016]: => access_allowed: backend default auth
access granted to ""
Oct 29 15:04:10 Lunar slapd[11016]: send_ldap_result: conn=122 op=2 p=3
Oct 29 15:04:10 Lunar slapd[11016]: send_ldap_result: 49::
Oct 29 15:04:10 Lunar slapd[11016]: send_ldap_response: msgid=3 tag=97
err=49
Oct 29 15:04:10 Lunar slapd[11016]: ====> cache_return_entry_r( 26 ):
returned (0)
[root at Lunar]:/usr/src/cyrus-sasl-2.1.9/saslauthd>
>From: Igor Brezac <igor at ipass.net>
>Reply-To: info-cyrus at lists.andrew.cmu.edu
>To: Gregory Chagnon <gregchagnon at hotmail.com>
>CC: info-cyrus at lists.andrew.cmu.edu
>Subject: Re: cyrus-sasl / ldap problem
>Date: Tue, 29 Oct 2002 14:34:27 -0500 (EST)
>
>
>On Tue, 29 Oct 2002, Gregory Chagnon wrote:
>
> > One more thing...now when I run testsaslauthd, I get this entry in
> > /var/log/ldap.log:
> >
> > Oct 29 14:13:58 Lunar slapd[5790]: conn=102 op=1 SRCH base="" scope=2
> > filter="(uid=greg.chagnon)"
> > Oct 29 14:13:58 Lunar slapd[5790]: send_ldap_result: conn=102 op=1 p=3
> > Oct 29 14:13:58 Lunar slapd[5790]: send_ldap_result: 10::
> > Oct 29 14:13:58 Lunar slapd[5790]: send_ldap_response: msgid=2 tag=101
> > err=32
> > Oct 29 14:13:58 Lunar slapd[5790]: conn=102 op=1 RESULT tag=101 err=32
>text=
> >
> > Shouldn't SRCH base be set to something? In my case it would be
> > ou=Users,dc=gregbox,dc=com. Where is that set?
>
>You need to specify search base in saslauthd.conf:
>
>ldap_search_base: ou=Users,dc=gregbox,dc=com
>
>-Igor
>
> > -Greg
> >
> >
> >
> >
> >
> >
> > >From: Igor Brezac <igor at ipass.net>
> > >Reply-To: info-cyrus at lists.andrew.cmu.edu
> > >To: Gregory Chagnon <gregchagnon at hotmail.com>
> > >CC: info-cyrus at lists.andrew.cmu.edu
> > >Subject: Re: cyrus-sasl / ldap problem
> > >Date: Tue, 29 Oct 2002 10:52:59 -0500 (EST)
> > >
> > >
> > >It looks like saslauthd is not running or testsaslauthd is pointing to
>a
> > >wrong socket. I am not sure where you got your rpm sources from, but I
> > >suggest that you get the sources from CMU and recompile:
> > >http://asg.web.cmu.edu/cyrus/download/
> > >
> > >I recommend that you download cyrus-sasl from CVS:
> > >http://asg.web.cmu.edu/cyrus/download/anoncvs.html
> > >
> > >-Igor
> > >
> > >On Tue, 29 Oct 2002, Gregory Chagnon wrote:
> > >
> > > > Igor:
> > > > I get this error when I run testsaslauthd:
> > > > [root at Lunar]:/usr/src/cyrus-sasl-2.1.9/saslauthd> ./testsaslauthd -u
> > > > cliff.clavin -p *****
> > > > connect() : No such file or directory
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > >From: Igor Brezac <igor at ipass.net>
> > > > >Reply-To: info-cyrus at lists.andrew.cmu.edu
> > > > >To: Gregory Chagnon <gregchagnon at hotmail.com>
> > > > >CC: info-cyrus at lists.andrew.cmu.edu
> > > > >Subject: Re: cyrus-sasl / ldap problem
> > > > >Date: Tue, 29 Oct 2002 09:22:22 -0500 (EST)
> > > > >
> > > > >
> > > > >Test saslauthd first. cd $cyrus-sasl-src/saslauthd; make
>testsaslauthd
> > > > >./testsaslauthd -u username -p password
> > > > >
> > > > >If you do not get OK, check syslog for saslauthd errors.
> > > > >
> > > > >-Igor
> > > > >
> > > > >On Tue, 29 Oct 2002, Gregory Chagnon wrote:
> > > > >
> > > > > > Hi:I'm having a problem getting Cyrus IMAP to work with
>OpenLDAP.
> > >User
> > > > > > cliff.clavin is under ou=Users,dc=gregbox,dc=com. When I run
> > >imtest,
> > > > >here
> > > > > > is the error I get...thanks everyone so much in advance:
> > > > > >
> > > > > > [root at Lunar]:/home/gchagnon> imtest -m login -a cliff.clavin
> > >localhost
> > > > > > S: * OK Lunar Cyrus IMAP4 v2.1.9-Invoca-RPM-2.1.9-6 server ready
> > > > > > C: C01 CAPABILITY
> > > > > > S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+
>MAILBOX-REFERRALS
> > > > > > NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN
>MULTIAPPEND
> > >SORT
> > > > > > THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS LISTEXT
> > > > > > LIST-SUBSCRIBED ANNOTATEMORE X-NETSCAPE
> > > > > > S: C01 OK Completed
> > > > > > Please enter your password:
> > > > > > C: L01 LOGIN cliff.clavin {6}
> > > > > > S: + go ahead
> > > > > > C: <omitted>
> > > > > > S: L01 NO Login failed: generic failure
> > > > > > Authentication failed. generic failure
> > > > > > Security strength factor: 0
> > > > > > C: Q01 LOGOUT
> > > > > > Connection closed.
> > > > > >
> > > > > >
> > > > > > Here is the entry from /var/log/imap.log:
> > > > > >
> > > > > > Oct 29 08:47:14 Lunar master[6197]: about to exec
> > > > >/usr/libexec/cyrus/imapd
> > > > > > Oct 29 08:47:14 Lunar imap[6197]: executed
> > > > > > Oct 29 08:47:14 Lunar imapd[5489]: accepted connection
> > > > > > Oct 29 08:47:16 Lunar imapd[5489]: badlogin: Lunar[127.0.0.1]
> > >plaintext
> > > > > > cliff.clavin SASL(-1): generic failure: checkpass failed
> > > > > > Oct 29 08:48:24 Lunar master[5446]: process 5489 exited, status
>0
> > > > > >
> > > > > >
> > > > > > Here are my config files:
> > > > > >
> > > > > > <<imap.conf>>
> > > > > >
> > > > > > configdirectory: /var/lib/imap
> > > > > > partition-default: /var/spool/imap
> > > > > > admins: cliff.clavin cyrus gchagnon
> > > > > > allowanonymouslogin: no
> > > > > > sieveuserhomedir: no
> > > > > > sievedir: /var/lib/imap/sieve
> > > > > > sendmail: /usr/sbin/sendmail
> > > > > > hashimapspool: true
> > > > > > sasl_pwcheck_method: saslauthd
> > > > > > sasl_passwd_check: saslauthd
> > > > > > sasl_ldap_server: localhost
> > > > > > #sasl_ldap_basedn: ou=Users,dc=gregbox,dc=com
> > > > > > sasl_ldap_basedn: dc=gregbox,dc=com
> > > > > > sasl_mech_list: PLAIN
> > > > > > tls_cert_file: /usr/share/ssl/certs/cyrus-imapd.pem
> > > > > > tls_key_file: /usr/share/ssl/certs/cyrus-imapd.pem
> > > > > >
> > > > > > <<saslauthd.conf>>
> > > > > >
> > > > > > ldap_servers: ldap://localhost/
> > > > > > ldap_bind_dn: cn=Manager,dc=gregbox,dc=com
> > > > > > ldap_bind_pw: *******
> > > > > >
> > > > > > <<slapd.conf (important parts)>>
> > > > > > database ldbm
> > > > > > suffix "dc=gregbox,dc=com"
> > > > > > rootdn "cn=Manager,dc=gregbox,dc=com"
> > > > > > rootpw *******
> > > > > > directory /var/lib/ldap
> > > > > >
> > > > > > index objectClass,uid,uidNumber,gidNumber,memberUid eq
> > > > > > index cn,mail,surname,givenname
> > >eq,subinitial
> > > > > >
> > > > > >
> > > > > >
> > > > > >
>_________________________________________________________________
> > > > > > Protect your PC - get McAfee.com VirusScan Online
> > > > > > http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
> > > > > >
> > > > > >
> > > > >
> > > > >--
> > > > >Igor
> > > >
> > > >
> > > > _________________________________________________________________
> > > > Unlimited Internet access -- and 2 months free! Try MSN.
> > > > http://resourcecenter.msn.com/access/plans/2monthsfree.asp
> > > >
> > > >
> > >
> > >--
> > >Igor
> >
> >
> > _________________________________________________________________
> > Get faster connections -- switch to MSN Internet Access!
> > http://resourcecenter.msn.com/access/plans/default.asp
> >
> >
>
>--
>Igor
_________________________________________________________________
Unlimited Internet access for only $21.95/month. Try MSN!
http://resourcecenter.msn.com/access/plans/2monthsfree.asp
More information about the Info-cyrus
mailing list