cyrus-pop3 and saslauthd. username check in mailbox.db?

Thomas Vogt tv at solnet.ch
Thu Dec 16 10:33:46 EST 2004


Hello

I've use cyrus-imapd 2.2.10 and saslauthd.

saslauthd works fine:
testsaslauthd -u pc322 -p testpw
0: OK "Success."

testsaslauthd -u test at lan -p testpw
0: OK "Success."

(same user in the ldap database. pc322 is uid, test at lan is
mailacceptinggeneralid)

Thats why I've defined ldap filter. The idea is to check mailboxes with
uid as username or with the ldap entry in mailacceptinggeneralid as
username.


imapd.conf:
configdirectory: /var/imap
partition-default: /var/spool/imap
servername: testserver.lan
hashimapspool: true
poptimeout: 10
allowplaintext: yes
sasl_pwcheck_method: saslauthd
ldap_filter: (|(uid=%u)(mailacceptinggeneralid=%u))


saslauthd.conf:
ldap_servers: ldap://home.lan
ldap_search_base: ou=people,ou=lan,dc=lan,dc=ch
ldap_filter: (|(uid=%u)(mailacceptinggeneralid=%u))


First of all. Do I've to definied the ldap_filter in imapd.conf and in
saslauthd.conf? I thought sasl_pwcheck_method: saslauthd for imapd.conf
is enough.


Login with the uid/mailbox name in ldap (username: pc322) works fine.

Escape character is '^]'.
+OK mail.lan Cyrus POP3 v2.2.10 server ready
<2989684599.1103209263 at mail.lan
user pc322
+OK Name is a valid mailbox
pass testpw
...


Now I tried to login with the username from mailacceptinggeneralid in
ldap (username: thomas at lan).

Escape character is '^]'.
+OK mail.lan Cyrus POP3 v2.2.10 server ready
<2989684599.1403209263 at mail.lan
user thomas at lan
-ERR [AUTH] Invalid user


This error message returned immediately. There was no check from cyrus
imapd to saslauthd => ldap.

Is it not possible to authenticate a user in cyrus-imapd with other
names than the default uid/mailbox name even if I've set ldap_filter? Is
the username check limited to the mailbox.db?
I mean cyrus can always get the uid if a user authenticate itself as
with another entry in den ldap server.

regards
Thomas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : https://lists.andrew.cmu.edu/mailman/private/info-cyrus/attachments/20041216/0298b7d4/attachment.bin


More information about the Info-cyrus mailing list