IMTEST OpenLDAP, a clarification.

Igor Brezac igor at ypass.net
Mon Oct 31 10:12:43 EST 2005 

On Mon, 31 Oct 2005, O Plameras wrote:

> Hi,
>
> I've used imtest in testing my Cyrus-IMAPD setup and I noticed
> what seems to be strange, which I'll explain after I've stated
> my setup.
>
> My setup
>
> 1. OS - Fedora Core 4 - kernel-2.6.13-1.1526_FC4
> 2. OpenLDAP-2.2.29-1.FC4
> 3. Cyrus-SASL-2.1.21-5_rhfc4
> 4. Cyrus-IMAPD-2.2.12-6.fc4
>
> My OpenLDAP uses SASL-MECH digest-md5, e.g. these commands work
> successfully:
>
> $ldapwhoami -Y digest-md5 -U oscarp -w password
> $ldapwhoami -Y digest-md5 -U root -w secret
>
> My Cyrus-IMAPD config, /etc/imapd.conf has,
>
> configdirectory: /var/lib/imap
> partition-default: /var/spool/imap
> admins: root
> sievedir: /var/lib/imap/sieve
> sendmail: /usr/sbin/sendmail
> hashimapspool: true
> tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
> tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
> tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt
> sasl_pwcheck_method: auxprop
> sasl_mech_list: digest-md5
> sasl_auxprop_plugin: ldapdb
> sasl_ldapdb_uri: ldap://hdtv.example.com.ex
> sasl_ldapdb_id: root
> sasl_ldapdb_pw: secret
> sasl_ldapdb_mech: digest-md5
>
> Now, when I do,
>
> $imtest -u root localhost  and use password 'secret' this works.
> $imtest -u oscarp localhost and use password 'password' this does
>  not work.
>
> But this one works,
> $imtest -u oscarp localhost and password 'secret'.
>
> When I created another user/password in OpenLDAP like
> johnblue/hissecret and do,
> $imtest -u johnblue localhost and use password 'hissecret' this does
> not work either.
>
> But this one works,
> $imtest -u johnblue localhost and password 'secret'.
>
> It appears that imtest requires the use of sasl_ldapdb_pw as password
> no matter what user is used to have a successful imtest.
>
> Is this the intention ?
>
> Please note that when using the same setup to check emails
> with thunderbird for example they work correctly.

You are not using imtest properly.  You are basically running proxy 
autorization as root.  Use imtest -a johnblue localhost

-- 
Igor

More information about the Info-cyrus mailing list