Cyrus IMAP 2.2.3 & ldapdb auxprop

Igor Brezac igor at ipass.net
Fri Mar 5 06:44:28 EST 2004


On Fri, 5 Mar 2004, Alex Deiter wrote:

> Igor Brezac пишет:
>
> >>If  ldapdb auxprop plugin contacts with remote ldap server (i.e.
> >>sasl_ldapdb_mech: EXTERNAL is not possible):
> >>
> >>
> >Why not?
> >
> >
> How will ldapdb contact with removed ldap the server using EXTERNAL?
> Use TLS ?

I do not understand this.  For EXTERNAL to work you have to use TLS
unless you use ldapi:// to connect to the ldap server.

>
> >Can you use GSSAPI mech with ldapsearch?
> >
> >
> Yes:
> # kinit -k -t /etc/krb5.keytab service/cyrus
> # klist
> Credentials cache: FILE:/tmp/krb5cc_0
>         Principal: service/cyrus at KOMI.MTS.RU
>
>   Issued           Expires          Principal
> Mar  5 08:55:58  Mar  5 18:55:58  krbtgt/KOMI.MTS.RU at KOMI.MTS.RU
>
> # ldapsearch -Y GSSAPI -LLL -b 'dc=komi,dc=mts,dc=ru' '(uid=test)' uid
> SASL/GSSAPI authentication started
> SASL username: service/cyrus at KOMI.MTS.RU
> SASL SSF: 56
> SASL installing layers
> dn: cn=test,ou=People,dc=komi,dc=mts,dc=ru
> uid: test
>
> >Does this work with client|server programs?  Look in
> >cyrus-sasl-2.1.17/sample.
> >
> It work fine:
>
> # ./server -p 777 -s ldap
> trying 28, 1, 6
> trying 2, 1, 6
> accepted new connection
> send: {57}
> NTLM LOGIN ANONYMOUS PLAIN GSSAPI OTP DIGEST-MD5 CRAM-MD5
> recv: {6}
> GSSAPI
> recv: {1}
> Y
> recv: {571}
> `[82][2]7[6][9]*[86]H[86][F7][12][1][2][2][1][0]n[82][2]&0[82][2]"[A0][3][2][1][5][A1][3][2][1][E][A2][7][3][5][0]
> [0][0][0][A3][82][1]6a[82][1]20[82][1].[A0][3][2][1][5][A1][D][1B][B]KOMI.MTS.RU[A2]&0$[A0][3][2][1][1][A1][1D]0[1B][1B][4]ldap[1B][13]solveig.komi.mts.ru[A3][81][EF]0[81][EC][A0][3][2][1][10][A1][3][2][1][4][A2][81][DF][4][81][DC]X0<hK%[FC]aO[F2][B3][6][D4]K[7F][8B][EA]E+:[91][CF][CD][DB][E4]m[98][CA]<B[14][1A]|u[EE][C6][FA][FB][F6][FE][CC][FC][94][D6]+[E][E7]*[13][1]3[DE])[A8][D9][C5][EF][[[5][B0]I[AE][D0]v<j[96]/[1C]&/[86][FB][AF][BA]c[F1][F8][D1][F7][9E][E9][E3]W[E8]e[83]q[B0][9F][BB][95][C1][D][6]O;[9E][9B][A1][94][87]`Y[DC][F][DB]v[91][DE][B1][CA][C5]"[E4][1E][10][E3]'skV5d[ED][8][7F][D2][D1][84][1A][C8][FE][B0][3]d[0][CE]ds][C8][BF][1F][ED][C1]16T[CD][B5][19][F3]_[F9][D0][AF][F4][80]lB[F4]E:/[A3][84]E[D4][95]\[D5]$8[1A][F5][11][CD][D7]![A5][8A]2m[B8][90][87]
> U`[F5][89][DF][CE][E]1[8E][9D]9I[DC]6[3]NT[92]j|t{(/[AD][A9]E[D]
> 6[C8][A4][81][D2]0[81][CF][A0][3][2][1][10][A2][81][C7][4][81][C4][D8]=[9]d3[A9][AD][8B][F][B2][F0][AC]k[B3][8D]Ck[15][94][1E][F]H[B8][5][A1][0]_X[A2]a[8][9A][88]s[D7][17][F8][C5][D7]a8\[F3]7[93][D][EE]|[12][BC][E][B7]'x:[8D]|[FC]o-[EE]K[95]-[CF]cn[83][9A]9[F8][A4]Wj[FA])\Xw[8D]1--[F2][E1][16][BF]+
> [EC]H[CB]o[B9][EB][E8]^[4][EC]p[93][D1]o[E]F[3][E6]9cS[88][C6]2[8A]<[EA]![DC]GK[5][18][DA][FE][8B][E7]A[CD]jV[7F][9D]3[B1][81][C9][DF][CA]P[D2]F[DC][11]K[D5][A1][B7][B5]-[D5][FE]"x[D3]N[DD][E5][F0][16]'.[90][FD][81][E0][A][C]FA6#[B9]QV[81]z[14]3[B0][D3][A4][[95][E1]=[82][94],[9][F7]=[DB]R8[BD][98]
> send: {110}
> `l[6][9]*[86]H[86][F7][12][1][2][2][2][0]o]0[[A0][3][2][1][5][A1][3][2][1][F][A2]O0M[A0][3][2][1][10][A2]F[4]DE[E1][9C][FF]X[B9][5]$[E8]'~[F5][A5]+[A4][D7]2{=[FB][15][C4][9E][97][C]*[CF]&8)[89][91][81][D7][E3][A1][4][2][A0][EB][BF][12][FE]M[91]ZhF[15][8C][A4][A][D7][AD]A[E5][93][E][A4][5][E2][9D][93][8C]o1[91][F0]
> recv: {0}
>
> send: {65}
> `?[6][9]*[86]H[86][F7][12][1][2][2][2][1][4][0][FF][FF][FF][FF][91]U[C8]9[19]+[BD][B][8E][2])[BA][1B][15]~E[E][B7][91]r[19]0#X[8A]6N[E1][DD][10][A8][FE][B9][86][EC][CF][1][0][0][0][4][4][4][4]
> recv: {65}
> `?[6][9]*[86]H[86][F7][12][1][2][2][2][1][4][0][FF][FF][FF][FF][D8][D4][12]zX[CF][9E][FE]t0[93]07[E3][8E][80][82]DJ[AE][DB]W6[C][BF][F4]:[1F][C0][B8][B8][D8]FO[85][B1][1][0][0][0][4][4][4][4]
> successful authentication 'service/cyrus'
> closing connection
>
> # ./client -p 777 -s ldap solveig
> receiving capability list... recv: {57}
> NTLM LOGIN ANONYMOUS PLAIN GSSAPI OTP DIGEST-MD5 CRAM-MD5
> NTLM LOGIN ANONYMOUS PLAIN GSSAPI OTP DIGEST-MD5 CRAM-MD5
> please enter an authorization id: send: {6}
> GSSAPI
> send: {1}
> Y
> send: {571}
> `[82][2]7[6][9]*[86]H[86][F7][12][1][2][2][1][0]n[82][2]&0[82][2]"[A0][3][2][1][5][A1][3][2][1][E][A2][7][3][5][0]
> [0][0][0][A3][82][1]6a[82][1]20[82][1].[A0][3][2][1][5][A1][D][1B][B]KOMI.MTS.RU[A2]&0$[A0][3][2][1][1][A1][1D]0[1B][1B][4]ldap[1B][13]solveig.komi.mts.ru[A3][81][EF]0[81][EC][A0][3][2][1][10][A1][3][2][1][4][A2][81][DF][4][81][DC]X0<hK%[FC]aO[F2][B3][6][D4]K[7F][8B][EA]E+:[91][CF][CD][DB][E4]m[98][CA]<B[14][1A]|u[EE][C6][FA][FB][F6][FE][CC][FC][94][D6]+[E][E7]*[13][1]3[DE])[A8][D9][C5][EF][[[5][B0]I[AE][D0]v<j[96]/[1C]&/[86][FB][AF][BA]c[F1][F8][D1][F7][9E][E9][E3]W[E8]e[83]q[B0][9F][BB][95][C1][D][6]O;[9E][9B][A1][94][87]`Y[DC][F][DB]v[91][DE][B1][CA][C5]"[E4][1E][10][E3]'skV5d[ED][8][7F][D2][D1][84][1A][C8][FE][B0][3]d[0][CE]ds][C8][BF][1F][ED][C1]16T[CD][B5][19][F3]_[F9][D0][AF][F4][80]lB[F4]E:/[A3][84]E[D4][95]\[D5]$8[1A][F5][11][CD][D7]![A5][8A]2m[B8][90][87]
> U`[F5][89][DF][CE][E]1[8E][9D]9I[DC]6[3]NT[92]j|t{(/[AD][A9]E[D]
> 6[C8][A4][81][D2]0[81][CF][A0][3][2][1][10][A2][81][C7][4][81][C4][D8]=[9]d3[A9][AD][8B][F][B2][F0][AC]k[B3][8D]Ck[15][94][1E][F]H[B8][5][A1][0]_X[A2]a[8][9A][88]s[D7][17][F8][C5][D7]a8\[F3]7[93][D][EE]|[12][BC][E][B7]'x:[8D]|[FC]o-[EE]K[95]-[CF]cn[83][9A]9[F8][A4]Wj[FA])\Xw[8D]1--[F2][E1][16][BF]+
> [EC]H[CB]o[B9][EB][E8]^[4][EC]p[93][D1]o[E]F[3][E6]9cS[88][C6]2[8A]<[EA]![DC]GK[5][18][DA][FE][8B][E7]A[CD]jV[7F][9D]3[B1][81][C9][DF][CA]P[D2]F[DC][11]K[D5][A1][B7][B5]-[D5][FE]"x[D3]N[DD][E5][F0][16]'.[90][FD][81][E0][A][C]FA6#[B9]QV[81]z[14]3[B0][D3][A4][[95][E1]=[82][94],[9][F7]=[DB]R8[BD][98]
> recv: {110}
> `l[6][9]*[86]H[86][F7][12][1][2][2][2][0]o]0[[A0][3][2][1][5][A1][3][2][1][F][A2]O0M[A0][3][2][1][10][A2]F[4]DE[E1][9C][FF]X[B9][5]$[E8]'~[F5][A5]+[A4][D7]2{=[FB][15][C4][9E][97][C]*[CF]&8)[89][91][81][D7][E3][A1][4][2][A0][EB][BF][12][FE]M[91]ZhF[15][8C][A4][A][D7][AD]A[E5][93][E][A4][5][E2][9D][93][8C]o1[91][F0]
> send: {0}
>
> recv: {65}
> `?[6][9]*[86]H[86][F7][12][1][2][2][2][1][4][0][FF][FF][FF][FF][91]U[C8]9[19]+[BD][B][8E][2])[BA][1B][15]~E[E][B7][91]r[19]0#X[8A]6N[E1][DD][10][A8][FE][B9][86][EC][CF][1][0][0][0][4][4][4][4]
> send: {65}
> `?[6][9]*[86]H[86][F7][12][1][2][2][2][1][4][0][FF][FF][FF][FF][D8][D4][12]zX[CF][9E][FE]t0[93]07[E3][8E][80][82]DJ[AE][DB]W6[C][BF][F4]:[1F][C0][B8][B8][D8]FO[85][B1][1][0][0][0][4][4][4][4]
> successful authentication
> closing connection
>
> Thanks a lot!
>
>

-- 
Igor

---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html




More information about the Info-cyrus mailing list