virtual-domains+cyrus-imapd+saslauthd+ldap
Igor Brezac
igor at ipass.net
Wed Jan 19 12:01:36 EST 2005
You have two problems. You cannot use secret based mech with saslauthd,
only plaintext will work such as plain and login. Second, you need to run
'saslauthd -r' (see man page for more info) or change ldap_filter to
(&(mail=%U@%r)(uid=%U))
-Igor
On Tue, 18 Jan 2005, Walter [ISO-8859-1] Argüello Cortés wrote:
> ***********************
> NO se encontró virus en el archivo adjunto : no filename
>
> Este E-mail se ha verificado por el programa de Antivirus de T.G. Express S.A.
> ***********************
>
--
Igor
-------------- next part --------------
Hi:
My problem is virtual-domains+cyrus-imapd+saslauthd+ldap.
Using the next configuration:
saturno:~ # saslauthd -v
saslauthd 2.1.19
authentication mechanisms: getpwent kerberos5 pam rimap shadow ldap
saturno:~ # cat /etc/saslauthd.conf
ldap_servers: ldap://127.0.0.1
ldap_bind_dn: cn=ldapadmin,dc=systems,dc=com,dc=co
ldap_bind_pw: secret
ldap_search_base: ou=virtualdomains,dc=systems,dc=com,dc=co
ldap_filter: (&(mail=%u)(uid=%U))
When testing saslauthd with testsaslauthd and a valid entry in OpenLDAP:
saturno:~ # testsaslauthd -u walter at dominio.com -p 54321
0: OK "Success."
But, when testing cyrus-imapd with the same entry in OpenLDAP, slapd is
requested to do a search without the domain component of the username an
the "@". Then, walter at dominio.com is truncated and gived to slapd
(&(mail=walter)(uid=walter)) instead
(&(mail=walter at dominio.com)(uid=walter))
My cyrus config:
saturno:~ # cat /etc/imapd.conf
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
sievedir: /var/lib/sieve
admins: cyrus
allowanonymouslogin: no
autocreatequota: 102400
reject8bit: no
quotawarn: 90
timeout: 30
poptimeout: 10
dracinterval: 0
drachost: localhost
sasl_pwcheck_method: saslauthd
lmtp_overquota_perm_failure: no
defaultdomain: curso.edu
virtdomains: userid
saturno:~ # rpm -q cyrus-imapd
cyrus-imapd-2.2.8-6.3
saturno:~ # pop3test -a walter at dominio.com
WARNING: no hostname supplied, assuming localhost
S: +OK saturno Cyrus POP3 v2.2.8 server ready
<628959723.1106067284 at saturno>
C: CAPA
S: +OK List of capabilities follows
S: SASL DIGEST-MD5 CRAM-MD5
S: EXPIRE NEVER
S: LOGIN-DELAY 0
S: TOP
S: UIDL
S: PIPELINING
S: RESP-CODES
S: AUTH-RESP-CODE
S: USER
S: IMPLEMENTATION Cyrus POP3 server v2.2.8
S: .
C: AUTH DIGEST-MD5
S: +
bm9uY2U9Ikc3blozdkY2dEZwR0lQcHhSNXNXOWErWDlaZU4ycEFSRmVhV1V2aFB3NU09IixyZWFsbT0ic2F0dXJubyIscW9wPSJhdXRoLGF1dGgtaW50LGF1dGgtY29uZiIsY2lwaGVyPSJyYzQtNDAscmM0LTU2LHJjNCxkZXMsM2RlcyIsbWF4YnVmPTQwOTYsY2hhcnNldD11dGYtOCxhbGdvcml0aG09bWQ1LXNlc3M=
Please enter your password:
C:
dXNlcm5hbWU9InJvb3QiLHJlYWxtPSJzYXR1cm5vIixhdXRoemlkPSJ3YWx0ZXJAZG9taW5pby5jb20iLG5vbmNlPSJHN25aM3ZGNnRGcEdJUHB4UjVzVzlhK1g5WmVOMnBBUkZlYVdVdmhQdzVNPSIsY25vbmNlPSJJSXFacm15UWxTNlpEdHExMVhRUTNUWVZsTXhHbG9BV0NvRHpXOVdyQnY0PSIsbmM9MDAwMDAwMDEscW9wPWF1dGgtY29uZixjaXBoZXI9cmM0LG1heGJ1Zj0xMDI0LGRpZ2VzdC11cmk9InBvcC9sb2NhbGhvc3QiLHJlc3BvbnNlPWMyNjkwOWU2YzBmYzhiMGNiOGQ1NWVlNjNlNzNhYTk5
S: -ERR [AUTH] authenticating: user not found
Authentication failed. generic failure
Security strength factor: 128
quit
+OK
Connection closed.
The saslauthd's log:
Jan 18 12:07:58 saturno saslauthd[4331]: Entry not found
((&(mail=walter)(uid=walter))).
Jan 18 12:07:58 saturno saslauthd[4331]: Authentication failed for
walter/dominio.com: User not fou
nd (-6)
Jan 18 12:07:58 saturno saslauthd[4331]: do_auth : auth failure:
[user=walter] [service=pop
] [realm=dominio.com] [mech=ldap] [reason=Unknown]
Jan 18 12:07:58 saturno pop3[6596]: badlogin: localhost [127.0.0.1]
plaintext walter at dominio.com SA
SL(-13): authentication failure: checkpass failed
Help me please!
Walter.
More information about the Info-cyrus
mailing list