upgrade from Cyrus 2.1.15 to cyrus 2.2.3 breaks LDAP auxprop authentication.

Edward Rudd eddie at omegaware.com
Wed Feb 11 21:46:31 EST 2004


OpenLDAP 2.1.22, LDAP AuxProp CVS release 1.1.2.3, I had tried updating
to a newer release but it broke things due to the handling of the LDAP
v4 PROXY_AUTHZ control in openldap (you directed me to the bug report
about it), Cyrus SASL 2.1.15 (2.1.17 causes SLAPD to crash completely).
sample client and server work fine, as does postfix. It's just cyrus
IMAPd 2.2.3.
What did they change from 2.1.x to 2.2.x? Can I roll back those changes?

On Wed, 2004-02-11 at 19:51, Igor Brezac wrote:
> Hmm... Can you email me your libraries/libldap/cyrus.c?  What version of
> openldap do you use?  I use the latest ldapdb  auxprop and
> OPENLDAP_REL_ENG_2_1 (which is 2.1.26 + some patches)
> Does ldapdb auxprop work with sample(client|server)?
> 
> -Igor
> 
> On Wed, 11 Feb 2004, Edward Rudd wrote:
> 
> > OK I patched my OpenLDAP and recompiled, installed restarted postfix,
> > cyrus imapd, and started up ldap. And it still retuns "user not found"
> > when I try to login to cyrus imap. But the auth.log now shows something
> > different..
> > --- auth.log ---
> > Feb 11 19:19:46 devel imtest: DIGEST-MD5 client step 2
> > Feb 11 19:19:53 devel imtest: DIGEST-MD5 client step 2
> > Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 server step 2
> > Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 client step 2
> > Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 client step 2
> > Feb 11 19:19:53 devel imap[2282]: bad userid authenticated
> > Feb 11 19:19:53 devel imap[2282]: no secret in database
> > ----
> > And my ldap.log shows this (loglevel 255)
> > --- ldap.log ---
> > Feb 11 19:19:53 devel slapd[2053]: daemon: read activity on 12
> > Feb 11 19:19:53 devel slapd[2053]: connection_get(12)
> > Feb 11 19:19:53 devel slapd[2053]: connection_get(12): got connid=5
> > Feb 11 19:19:53 devel slapd[2053]: connection_read(12): checking for
> > input on id=5
> > Feb 11 19:19:53 devel slapd[2053]: ber_get_next on fd 12 failed errno=11
> > (Resource temporarily unavailable)
> > Feb 11 19:19:53 devel slapd[2065]: connection_operation: error: SASL
> > bind in progress (tag=66).
> > Feb 11 19:19:53 devel slapd[2053]: daemon: select: listen=6
> > active_threads=1 tvp=NULL
> > Feb 11 19:19:53 devel slapd[2065]: send_ldap_result: conn=5 op=1 p=3
> > Feb 11 19:19:53 devel slapd[2053]: daemon: activity on 1 descriptors
> > Feb 11 19:19:53 devel slapd[2065]: send_ldap_result: err=1 matched=""
> > text="SASL bind in progress"
> > Feb 11 19:19:53 devel slapd[2053]: daemon: activity on:
> > Feb 11 19:19:53 devel slapd[2065]: send_ldap_response: msgid=0 tag=48
> > err=1
> > Feb 11 19:19:53 devel slapd[2053]:  12r
> > Feb 11 19:19:53 devel slapd[2065]: connection_closing: readying conn=5
> > sd=12 for close
> > Feb 11 19:19:53 devel slapd[2053]:
> > Feb 11 19:19:53 devel slapd[2065]: connection_resched: attempting
> > closing conn=5 sd=12
> > Feb 11 19:19:53 devel slapd[2053]: daemon: read activity on 12
> > Feb 11 19:19:53 devel slapd[2065]: connection_close: conn=5 sd=12
> > Feb 11 19:19:53 devel slapd[2065]: daemon: removing 12
> > Feb 11 19:19:53 devel slapd[2053]: connection_get(12)
> > Feb 11 19:19:53 devel slapd[2053]: connection_get(12): connection not
> > used
> > Feb 11 19:19:53 devel slapd[2053]: connection_read(12): no connection!
> > Feb 11 19:19:53 devel slapd[2053]: daemon: removing 12
> > Feb 11 19:19:53 devel slapd[2053]: daemon: closing 12
> >
> > On Wed, 2004-02-11 at 07:56, Igor Brezac wrote:
> > > Check
> > > http://www.openldap.org/its/index.cgi/Software%20Bugs?id=2926;selectid=2926
> > >
> > > Cyrus-imap needs to be fixed, but it was easier to change openldap api.
> > >
> > > -Igor
> > >
> > > On Wed, 11 Feb 2004, Edward Rudd wrote:
> > >
> > > > I'm using the ldapdb auxprop plugin that comes with OpenLDAP 2.1.22 with
> > > > cyrus sasl 2.1.15, which works perfectly with the sasl2 sample server
> > > > and client programs, postfix 1.1.12, postfix 2.0.16, and cyrus imapd
> > > > 2.1.13 to cyrus imapd 2.1.15..   However when I upgraded to cyrus imapd
> > > > 2.2.3 (all of these are using Simon Matter's wonderful RPMS), I always
> > > > get user not found when trying to login as any user.. (fully qualified
> > > > user like test at nowhere.org or the "cyrus" admin user).
> > > >
> > > > And my ldap logs show nothing going on.. literally.. I see a connection
> > > > coming in from sasl, and then disconnecting.. no other activity is
> > > > logged. And I have the loglevel for openldap set to 255.
> > > >
> > > > My auth.log shows "no worthy mechs found" and nothing in my imapd.log
> > > >
> > > > What changed in relation to SASL configuration from Cyrus IMAPD 2.1.x to
> > > > 2.2.x??
> > > >
> > > > Here is my relavent imapd.conf
> > > >
> > > > sasl_pwcheck_method: auxprop
> > > > sasl_auxprop_plugin: ldapdb
> > > > sasl_mech_list:  plain digest-md5 cram-md5 ntlm
> > > >
> > > > sasl_ldapdb_uri: ldap:///
> > > > sasl_ldapdb_id: auxprop_user
> > > > sasl_ldapdb_pw: password_for_said_user
> > > > sasl_ldapdb_mech: DIGEST-MD5
> > > >
> > > > Which is the same configuration as sample.conf (for the sample server
> > > > and client) and smtpd.conf (for postfix). Except those files don't have
> > > > the sasl_ prefix to the configuration directives..
> > > >
> > > >
> >
-- 
Edward Rudd <eddie at omegaware.com>
Website http://outoforder.cc/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cyrus.c.gz
Type: application/x-gzip
Size: 6289 bytes
Desc: not available
Url : https://lists.andrew.cmu.edu/mailman/private/info-cyrus/attachments/20040211/664b24bd/cyrus.c.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ldapdb.c-1.1.2.3.gz
Type: application/x-gzip
Size: 2435 bytes
Desc: not available
Url : https://lists.andrew.cmu.edu/mailman/private/info-cyrus/attachments/20040211/664b24bd/ldapdb.c-1.1.2.3.bin


More information about the Info-cyrus mailing list