Cyrus IMAP 2.2.3 & ldapdb auxprop

Alex Deiter tiamat at komi.mts.ru
Fri Mar 5 01:05:00 EST 2004


Igor Brezac пишет:

>>If  ldapdb auxprop plugin contacts with remote ldap server (i.e.
>>sasl_ldapdb_mech: EXTERNAL is not possible):
>>    
>>
>Why not?
>  
>
How will ldapdb contact with removed ldap the server using EXTERNAL?  
Use TLS ?

>Can you use GSSAPI mech with ldapsearch?
>  
>
Yes:
# kinit -k -t /etc/krb5.keytab service/cyrus
# klist
Credentials cache: FILE:/tmp/krb5cc_0
        Principal: service/cyrus at KOMI.MTS.RU

  Issued           Expires          Principal
Mar  5 08:55:58  Mar  5 18:55:58  krbtgt/KOMI.MTS.RU at KOMI.MTS.RU

# ldapsearch -Y GSSAPI -LLL -b 'dc=komi,dc=mts,dc=ru' '(uid=test)' uid
SASL/GSSAPI authentication started
SASL username: service/cyrus at KOMI.MTS.RU
SASL SSF: 56
SASL installing layers
dn: cn=test,ou=People,dc=komi,dc=mts,dc=ru
uid: test

>Does this work with client|server programs?  Look in
>cyrus-sasl-2.1.17/sample.
>
It work fine:

# ./server -p 777 -s ldap
trying 28, 1, 6
trying 2, 1, 6
accepted new connection
send: {57}
NTLM LOGIN ANONYMOUS PLAIN GSSAPI OTP DIGEST-MD5 CRAM-MD5
recv: {6}
GSSAPI
recv: {1}
Y
recv: {571}
`[82][2]7[6][9]*[86]H[86][F7][12][1][2][2][1][0]n[82][2]&0[82][2]"[A0][3][2][1][5][A1][3][2][1][E][A2][7][3][5][0] 
[0][0][0][A3][82][1]6a[82][1]20[82][1].[A0][3][2][1][5][A1][D][1B][B]KOMI.MTS.RU[A2]&0$[A0][3][2][1][1][A1][1D]0[1B][1B][4]ldap[1B][13]solveig.komi.mts.ru[A3][81][EF]0[81][EC][A0][3][2][1][10][A1][3][2][1][4][A2][81][DF][4][81][DC]X0<hK%[FC]aO[F2][B3][6][D4]K[7F][8B][EA]E+:[91][CF][CD][DB][E4]m[98][CA]<B[14][1A]|u[EE][C6][FA][FB][F6][FE][CC][FC][94][D6]+[E][E7]*[13][1]3[DE])[A8][D9][C5][EF][[[5][B0]I[AE][D0]v<j[96]/[1C]&/[86][FB][AF][BA]c[F1][F8][D1][F7][9E][E9][E3]W[E8]e[83]q[B0][9F][BB][95][C1][D][6]O;[9E][9B][A1][94][87]`Y[DC][F][DB]v[91][DE][B1][CA][C5]"[E4][1E][10][E3]'skV5d[ED][8][7F][D2][D1][84][1A][C8][FE][B0][3]d[0][CE]ds][C8][BF][1F][ED][C1]16T[CD][B5][19][F3]_[F9][D0][AF][F4][80]lB[F4]E:/[A3][84]E[D4][95]\[D5]$8[1A][F5][11][CD][D7]![A5][8A]2m[B8][90][87] 
U`[F5][89][DF][CE][E]1[8E][9D]9I[DC]6[3]NT[92]j|t{(/[AD][A9]E[D] 
6[C8][A4][81][D2]0[81][CF][A0][3][2][1][10][A2][81][C7][4][81][C4][D8]=[9]d3[A9][AD][8B][F][B2][F0][AC]k[B3][8D]Ck[15][94][1E][F]H[B8][5][A1][0]_X[A2]a[8][9A][88]s[D7][17][F8][C5][D7]a8\[F3]7[93][D][EE]|[12][BC][E][B7]'x:[8D]|[FC]o-[EE]K[95]-[CF]cn[83][9A]9[F8][A4]Wj[FA])\Xw[8D]1--[F2][E1][16][BF]+ 
[EC]H[CB]o[B9][EB][E8]^[4][EC]p[93][D1]o[E]F[3][E6]9cS[88][C6]2[8A]<[EA]![DC]GK[5][18][DA][FE][8B][E7]A[CD]jV[7F][9D]3[B1][81][C9][DF][CA]P[D2]F[DC][11]K[D5][A1][B7][B5]-[D5][FE]"x[D3]N[DD][E5][F0][16]'.[90][FD][81][E0][A][C]FA6#[B9]QV[81]z[14]3[B0][D3][A4][[95][E1]=[82][94],[9][F7]=[DB]R8[BD][98]
send: {110}
`l[6][9]*[86]H[86][F7][12][1][2][2][2][0]o]0[[A0][3][2][1][5][A1][3][2][1][F][A2]O0M[A0][3][2][1][10][A2]F[4]DE[E1][9C][FF]X[B9][5]$[E8]'~[F5][A5]+[A4][D7]2{=[FB][15][C4][9E][97][C]*[CF]&8)[89][91][81][D7][E3][A1][4][2][A0][EB][BF][12][FE]M[91]ZhF[15][8C][A4][A][D7][AD]A[E5][93][E][A4][5][E2][9D][93][8C]o1[91][F0]
recv: {0}

send: {65}
`?[6][9]*[86]H[86][F7][12][1][2][2][2][1][4][0][FF][FF][FF][FF][91]U[C8]9[19]+[BD][B][8E][2])[BA][1B][15]~E[E][B7][91]r[19]0#X[8A]6N[E1][DD][10][A8][FE][B9][86][EC][CF][1][0][0][0][4][4][4][4]
recv: {65}
`?[6][9]*[86]H[86][F7][12][1][2][2][2][1][4][0][FF][FF][FF][FF][D8][D4][12]zX[CF][9E][FE]t0[93]07[E3][8E][80][82]DJ[AE][DB]W6[C][BF][F4]:[1F][C0][B8][B8][D8]FO[85][B1][1][0][0][0][4][4][4][4]
successful authentication 'service/cyrus'
closing connection

# ./client -p 777 -s ldap solveig                         
receiving capability list... recv: {57}
NTLM LOGIN ANONYMOUS PLAIN GSSAPI OTP DIGEST-MD5 CRAM-MD5
NTLM LOGIN ANONYMOUS PLAIN GSSAPI OTP DIGEST-MD5 CRAM-MD5
please enter an authorization id: send: {6}
GSSAPI
send: {1}
Y
send: {571}
`[82][2]7[6][9]*[86]H[86][F7][12][1][2][2][1][0]n[82][2]&0[82][2]"[A0][3][2][1][5][A1][3][2][1][E][A2][7][3][5][0] 
[0][0][0][A3][82][1]6a[82][1]20[82][1].[A0][3][2][1][5][A1][D][1B][B]KOMI.MTS.RU[A2]&0$[A0][3][2][1][1][A1][1D]0[1B][1B][4]ldap[1B][13]solveig.komi.mts.ru[A3][81][EF]0[81][EC][A0][3][2][1][10][A1][3][2][1][4][A2][81][DF][4][81][DC]X0<hK%[FC]aO[F2][B3][6][D4]K[7F][8B][EA]E+:[91][CF][CD][DB][E4]m[98][CA]<B[14][1A]|u[EE][C6][FA][FB][F6][FE][CC][FC][94][D6]+[E][E7]*[13][1]3[DE])[A8][D9][C5][EF][[[5][B0]I[AE][D0]v<j[96]/[1C]&/[86][FB][AF][BA]c[F1][F8][D1][F7][9E][E9][E3]W[E8]e[83]q[B0][9F][BB][95][C1][D][6]O;[9E][9B][A1][94][87]`Y[DC][F][DB]v[91][DE][B1][CA][C5]"[E4][1E][10][E3]'skV5d[ED][8][7F][D2][D1][84][1A][C8][FE][B0][3]d[0][CE]ds][C8][BF][1F][ED][C1]16T[CD][B5][19][F3]_[F9][D0][AF][F4][80]lB[F4]E:/[A3][84]E[D4][95]\[D5]$8[1A][F5][11][CD][D7]![A5][8A]2m[B8][90][87] 
U`[F5][89][DF][CE][E]1[8E][9D]9I[DC]6[3]NT[92]j|t{(/[AD][A9]E[D] 
6[C8][A4][81][D2]0[81][CF][A0][3][2][1][10][A2][81][C7][4][81][C4][D8]=[9]d3[A9][AD][8B][F][B2][F0][AC]k[B3][8D]Ck[15][94][1E][F]H[B8][5][A1][0]_X[A2]a[8][9A][88]s[D7][17][F8][C5][D7]a8\[F3]7[93][D][EE]|[12][BC][E][B7]'x:[8D]|[FC]o-[EE]K[95]-[CF]cn[83][9A]9[F8][A4]Wj[FA])\Xw[8D]1--[F2][E1][16][BF]+ 
[EC]H[CB]o[B9][EB][E8]^[4][EC]p[93][D1]o[E]F[3][E6]9cS[88][C6]2[8A]<[EA]![DC]GK[5][18][DA][FE][8B][E7]A[CD]jV[7F][9D]3[B1][81][C9][DF][CA]P[D2]F[DC][11]K[D5][A1][B7][B5]-[D5][FE]"x[D3]N[DD][E5][F0][16]'.[90][FD][81][E0][A][C]FA6#[B9]QV[81]z[14]3[B0][D3][A4][[95][E1]=[82][94],[9][F7]=[DB]R8[BD][98]
recv: {110}
`l[6][9]*[86]H[86][F7][12][1][2][2][2][0]o]0[[A0][3][2][1][5][A1][3][2][1][F][A2]O0M[A0][3][2][1][10][A2]F[4]DE[E1][9C][FF]X[B9][5]$[E8]'~[F5][A5]+[A4][D7]2{=[FB][15][C4][9E][97][C]*[CF]&8)[89][91][81][D7][E3][A1][4][2][A0][EB][BF][12][FE]M[91]ZhF[15][8C][A4][A][D7][AD]A[E5][93][E][A4][5][E2][9D][93][8C]o1[91][F0]
send: {0}

recv: {65}
`?[6][9]*[86]H[86][F7][12][1][2][2][2][1][4][0][FF][FF][FF][FF][91]U[C8]9[19]+[BD][B][8E][2])[BA][1B][15]~E[E][B7][91]r[19]0#X[8A]6N[E1][DD][10][A8][FE][B9][86][EC][CF][1][0][0][0][4][4][4][4]
send: {65}
`?[6][9]*[86]H[86][F7][12][1][2][2][2][1][4][0][FF][FF][FF][FF][D8][D4][12]zX[CF][9E][FE]t0[93]07[E3][8E][80][82]DJ[AE][DB]W6[C][BF][F4]:[1F][C0][B8][B8][D8]FO[85][B1][1][0][0][0][4][4][4][4]
successful authentication
closing connection

Thanks a lot!

-- 
Александр Дейтер,
технический специалист службы автоматизации
ФОАО "МТС" в г.Сыктывкаре, РК




---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html




More information about the Info-cyrus mailing list