Trouble with cyradm xfer

Paul Engle pengle at rice.edu
Wed Aug 2 13:31:20 EDT 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


HI,
  I'm trying to migrate users from one backend cyrus 2.3.7 server to 
another. I've got the imapd.conf on the servers set up so that 
authentication is working between them just fine (using gssapi). When I run 
the xfer command from inside cyradm, I get the following error:

cyrus1.mail.rice.edu> xfer user/wilma cyrus2.mail.rice.edu
xfermailbox: The remote Server(s) denied the operation

Examining the protocol log on cyrus2 shows me:

<1154539042<LC1 LOCALCREATE {10+}
user/wilma
>1154539042>LC1 OK Completed
<1154539042<D01 UNDUMP {10+}
user/wilma (NIL {2}
>1154539042>+ go ahead
>1154539042>D01 NO Bad protocol
>1154539042>* BYE decoding error: generic failure; SASL(-1): generic 
failure: security flags do not match required

And the syslog shows:

Aug  2 12:09:15 cyrus1 master[20761]: about to exec 
/usr/site/cyrus-imapd-2.3.7/bin/imapd
Aug  2 12:09:15 cyrus1 imap[20761]: executed
Aug  2 12:09:15 cyrus1 imap[20761]: accepted connection
Aug  2 12:09:15 cyrus1 imap[20761]: login: cyrus1.mail.rice.edu 
[10.129.93.100] mailadmin GSSAPI User logged in
Aug  2 12:17:22 cyrus1 imap[20761]: Could not move mailbox: user.wilma, 
UNDUMP failed
Aug  2 12:17:22 cyrus1 imap[20761]: Could not back out remote mailbox 
during move of user/wilma (Server(s) unavailable to complete operation)



And then the mailbox is in an untenable state. An empty mailbox exists on 
cyrus2, but on cyrus1 it's marked as a remote mailbox, so further attempts 
to do anything to it fail. The only way I've been able to return to a 
working state is to dump the mailboxes.db to text, edit the entry for that 
mailbox to be on a local partition again, and then reimport it.

Here are some relevant lines from my imapd.conf (the same on both cyrus1 & 
cyrus2)

admins: mailadmin
allowusermoves: 1
proxy_authname: mailadmin
proxyservers: mailadmin

I tried setting a defaultacl on cyrus2, but that didn't apply to the newly 
created mailbox.

Am I missing something obvious? Should I have created "user" as a mailbox 
first, with the default acl set appropriately, and only then created all 
the "user/foo" mailboxes? Right now, "user" isn't a mailbox, so trying to 
put an acl on it fails.

  -paul


- -- 
Paul D. Engle                | Rice University
Sr. Systems Administrator    | Information Technology - MS119
(713) 348-4702               | P.O. Box 1892
pengle at rice.edu              | Houston, TX 77251-1892
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFE0OFvCpkISWtyHNsRAnhYAJ9JeKZjFMgnIDliE92iE/y5dd26YACdFvnN
YOhS1Gjj5N52se0DwpJBNt4=
=U9Yd
-----END PGP SIGNATURE-----



More information about the Info-cyrus mailing list