virtual-domains+cyrus-imapd+saslauthd+ldap

Nikola Milutinovic Nikola.Milutinovic at ev.co.yu
Wed Jan 19 01:44:52 EST 2005


Walter Argüello Cortés wrote:

>***********************
>NO se encontró virus en el archivo adjunto : no filename
>
>Este E-mail se ha verificado por el programa de Antivirus de T.G. Express S.A.
>***********************
>  
>
>------------------------------------------------------------------------
>
>Hi:
>
>My problem is virtual-domains+cyrus-imapd+saslauthd+ldap.
>Using the next configuration:
>
>saturno:~ # saslauthd -v
>saslauthd 2.1.19
>authentication mechanisms: getpwent kerberos5 pam rimap shadow ldap
>
>saturno:~ # cat /etc/saslauthd.conf
>ldap_servers: ldap://127.0.0.1
>ldap_bind_dn: cn=ldapadmin,dc=systems,dc=com,dc=co
>ldap_bind_pw: secret
>ldap_search_base: ou=virtualdomains,dc=systems,dc=com,dc=co
>ldap_filter: (&(mail=%u)(uid=%U))
>
>When testing saslauthd with testsaslauthd and a valid entry in OpenLDAP:
>
>saturno:~ # testsaslauthd -u walter at dominio.com -p 54321
>0: OK "Success."
>
>
>But, when testing cyrus-imapd with the same entry in OpenLDAP, slapd is
>requested to do a search without the domain component of the username an
>the "@". Then, walter at dominio.com is truncated and gived to slapd
>(&(mail=walter)(uid=walter)) instead
>(&(mail=walter at dominio.com)(uid=walter))
>
>My cyrus config:
>
>saturno:~ # cat /etc/imapd.conf
>configdirectory: /var/lib/imap
>partition-default: /var/spool/imap
>sievedir: /var/lib/sieve
>admins: cyrus
>allowanonymouslogin: no
>autocreatequota: 102400
>reject8bit: no
>quotawarn: 90
>timeout: 30
>poptimeout: 10
>dracinterval: 0
>drachost: localhost
>sasl_pwcheck_method: saslauthd
>lmtp_overquota_perm_failure: no
>defaultdomain: curso.edu
>virtdomains: userid
>
>
>saturno:~ # rpm -q cyrus-imapd
>cyrus-imapd-2.2.8-6.3
>
>
>saturno:~ # pop3test -a walter at dominio.com
>WARNING: no hostname supplied, assuming localhost
>
>S: +OK saturno Cyrus POP3 v2.2.8 server ready
><628959723.1106067284 at saturno>
>C: CAPA
>S: +OK List of capabilities follows
>S: SASL DIGEST-MD5 CRAM-MD5
>S: EXPIRE NEVER
>S: LOGIN-DELAY 0
>S: TOP
>S: UIDL
>S: PIPELINING
>S: RESP-CODES
>S: AUTH-RESP-CODE
>S: USER
>S: IMPLEMENTATION Cyrus POP3 server v2.2.8
>S: .
>C: AUTH DIGEST-MD5
>S: +
>bm9uY2U9Ikc3blozdkY2dEZwR0lQcHhSNXNXOWErWDlaZU4ycEFSRmVhV1V2aFB3NU09IixyZWFsbT0ic2F0dXJubyIscW9wPSJhdXRoLGF1dGgtaW50LGF1dGgtY29uZiIsY2lwaGVyPSJyYzQtNDAscmM0LTU2LHJjNCxkZXMsM2RlcyIsbWF4YnVmPTQwOTYsY2hhcnNldD11dGYtOCxhbGdvcml0aG09bWQ1LXNlc3M=
>Please enter your password:
>C:
>dXNlcm5hbWU9InJvb3QiLHJlYWxtPSJzYXR1cm5vIixhdXRoemlkPSJ3YWx0ZXJAZG9taW5pby5jb20iLG5vbmNlPSJHN25aM3ZGNnRGcEdJUHB4UjVzVzlhK1g5WmVOMnBBUkZlYVdVdmhQdzVNPSIsY25vbmNlPSJJSXFacm15UWxTNlpEdHExMVhRUTNUWVZsTXhHbG9BV0NvRHpXOVdyQnY0PSIsbmM9MDAwMDAwMDEscW9wPWF1dGgtY29uZixjaXBoZXI9cmM0LG1heGJ1Zj0xMDI0LGRpZ2VzdC11cmk9InBvcC9sb2NhbGhvc3QiLHJlc3BvbnNlPWMyNjkwOWU2YzBmYzhiMGNiOGQ1NWVlNjNlNzNhYTk5
>S: -ERR [AUTH] authenticating: user not found
>Authentication failed. generic failure
>Security strength factor: 128
>quit
>+OK
>  
>

CRAM-MD5 and DIGEST-MD5 mechanisms work ONLY against "sasldb2". So far I 
have not seen a LDAP bridge for it.

I thought I saw a "axprop: ldap" idea somewhere along the road, but 
canćt say for sure.

Nix.


---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html




More information about the Info-cyrus mailing list