upgrade from Cyrus 2.1.15 to cyrus 2.2.3 breaks LDAP auxprop authentication.

Igor Brezac igor at ipass.net
Wed Feb 11 20:51:44 EST 2004


Hmm... Can you email me your libraries/libldap/cyrus.c?  What version of
openldap do you use?  I use the latest ldapdb  auxprop and
OPENLDAP_REL_ENG_2_1 (which is 2.1.26 + some patches)
Does ldapdb auxprop work with sample(client|server)?

-Igor

On Wed, 11 Feb 2004, Edward Rudd wrote:

> OK I patched my OpenLDAP and recompiled, installed restarted postfix,
> cyrus imapd, and started up ldap. And it still retuns "user not found"
> when I try to login to cyrus imap. But the auth.log now shows something
> different..
> --- auth.log ---
> Feb 11 19:19:46 devel imtest: DIGEST-MD5 client step 2
> Feb 11 19:19:53 devel imtest: DIGEST-MD5 client step 2
> Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 server step 2
> Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 client step 2
> Feb 11 19:19:53 devel imap[2282]: DIGEST-MD5 client step 2
> Feb 11 19:19:53 devel imap[2282]: bad userid authenticated
> Feb 11 19:19:53 devel imap[2282]: no secret in database
> ----
> And my ldap.log shows this (loglevel 255)
> --- ldap.log ---
> Feb 11 19:19:53 devel slapd[2053]: daemon: read activity on 12
> Feb 11 19:19:53 devel slapd[2053]: connection_get(12)
> Feb 11 19:19:53 devel slapd[2053]: connection_get(12): got connid=5
> Feb 11 19:19:53 devel slapd[2053]: connection_read(12): checking for
> input on id=5
> Feb 11 19:19:53 devel slapd[2053]: ber_get_next on fd 12 failed errno=11
> (Resource temporarily unavailable)
> Feb 11 19:19:53 devel slapd[2065]: connection_operation: error: SASL
> bind in progress (tag=66).
> Feb 11 19:19:53 devel slapd[2053]: daemon: select: listen=6
> active_threads=1 tvp=NULL
> Feb 11 19:19:53 devel slapd[2065]: send_ldap_result: conn=5 op=1 p=3
> Feb 11 19:19:53 devel slapd[2053]: daemon: activity on 1 descriptors
> Feb 11 19:19:53 devel slapd[2065]: send_ldap_result: err=1 matched=""
> text="SASL bind in progress"
> Feb 11 19:19:53 devel slapd[2053]: daemon: activity on:
> Feb 11 19:19:53 devel slapd[2065]: send_ldap_response: msgid=0 tag=48
> err=1
> Feb 11 19:19:53 devel slapd[2053]:  12r
> Feb 11 19:19:53 devel slapd[2065]: connection_closing: readying conn=5
> sd=12 for close
> Feb 11 19:19:53 devel slapd[2053]:
> Feb 11 19:19:53 devel slapd[2065]: connection_resched: attempting
> closing conn=5 sd=12
> Feb 11 19:19:53 devel slapd[2053]: daemon: read activity on 12
> Feb 11 19:19:53 devel slapd[2065]: connection_close: conn=5 sd=12
> Feb 11 19:19:53 devel slapd[2065]: daemon: removing 12
> Feb 11 19:19:53 devel slapd[2053]: connection_get(12)
> Feb 11 19:19:53 devel slapd[2053]: connection_get(12): connection not
> used
> Feb 11 19:19:53 devel slapd[2053]: connection_read(12): no connection!
> Feb 11 19:19:53 devel slapd[2053]: daemon: removing 12
> Feb 11 19:19:53 devel slapd[2053]: daemon: closing 12
>
> On Wed, 2004-02-11 at 07:56, Igor Brezac wrote:
> > Check
> > http://www.openldap.org/its/index.cgi/Software%20Bugs?id=2926;selectid=2926
> >
> > Cyrus-imap needs to be fixed, but it was easier to change openldap api.
> >
> > -Igor
> >
> > On Wed, 11 Feb 2004, Edward Rudd wrote:
> >
> > > I'm using the ldapdb auxprop plugin that comes with OpenLDAP 2.1.22 with
> > > cyrus sasl 2.1.15, which works perfectly with the sasl2 sample server
> > > and client programs, postfix 1.1.12, postfix 2.0.16, and cyrus imapd
> > > 2.1.13 to cyrus imapd 2.1.15..   However when I upgraded to cyrus imapd
> > > 2.2.3 (all of these are using Simon Matter's wonderful RPMS), I always
> > > get user not found when trying to login as any user.. (fully qualified
> > > user like test at nowhere.org or the "cyrus" admin user).
> > >
> > > And my ldap logs show nothing going on.. literally.. I see a connection
> > > coming in from sasl, and then disconnecting.. no other activity is
> > > logged. And I have the loglevel for openldap set to 255.
> > >
> > > My auth.log shows "no worthy mechs found" and nothing in my imapd.log
> > >
> > > What changed in relation to SASL configuration from Cyrus IMAPD 2.1.x to
> > > 2.2.x??
> > >
> > > Here is my relavent imapd.conf
> > >
> > > sasl_pwcheck_method: auxprop
> > > sasl_auxprop_plugin: ldapdb
> > > sasl_mech_list:  plain digest-md5 cram-md5 ntlm
> > >
> > > sasl_ldapdb_uri: ldap:///
> > > sasl_ldapdb_id: auxprop_user
> > > sasl_ldapdb_pw: password_for_said_user
> > > sasl_ldapdb_mech: DIGEST-MD5
> > >
> > > Which is the same configuration as sample.conf (for the sample server
> > > and client) and smtpd.conf (for postfix). Except those files don't have
> > > the sasl_ prefix to the configuration directives..
> > >
> > >
>

-- 
Igor




More information about the Info-cyrus mailing list