Re: Cyrus Imapd shared folders question [auf Viren überprüft]

jc.duss59 at laposte.net jc.duss59 at laposte.net
Fri Feb 16 05:51:36 EST 2007 

Hy all,

I'm still trying to manage and configure authorization using
ldap groups without success on cyrus 2.3.7 ... :(

sasl authentication works fine with ldap and saslauthd.

I've changed my groups on ldap to be easily configurated :

dn: cn=mongroupe,ou=groups,o=mydomain,dc=fr
objectClass: top
objectClass: groupOfNames
description: Test
cn: mongroupe
member: uid=toto1
member: uid=toto2

in my imapd.conf :
If i use only it :
sasl_pwcheck_method: saslauthd

Authentication works.

If I add it for authorization :

auth_mech: pts
pts_module: ldap
ldap_sasl: 1
ldap_uri: ldap.mydomain.com
ldap_mech: PLAIN DIGEST-MD5 CRAM-MD5 LOGIN
ldap_base: o=mydomain,dc=fr
ldap_group_base: ou=groups,o=mydomain,dc=fr
ldap_group_filter: cn=%U
ldap_member_filter: uid=%U
ldap_group_scope: sub
ldap_member_method: filter

I get problem to open cyradm :

Feb 16 11:48:48 imaptest perl: GSSAPI Error:  Miscellaneous
failure (see text) (No such file or directory)
Feb 16 11:48:50 imaptest imap[11070]: DBERROR db4:
/var/imap/ptclient/ptscache.db: unexpected file type or format
Feb 16 11:48:50 imaptest imap[11070]: DBERROR: opening
/var/imap/ptclient/ptscache.db: Invalid argument
Feb 16 11:48:50 imaptest imap[11070]: DBERROR: opening
/var/imap/ptclient/ptscache.db: cyrusdb error
Feb 16 11:48:50 imaptest imap[11070]: ptload completely
failed: unable to canonify identifier: cyrus
Feb 16 11:48:50 imaptest imap[11070]: badlogin:
localhost.mydomain.com [::1] DIGEST-MD5 [SASL(-13):
authentication failure: unable canonify user and get auxprops]
Feb 16 11:48:53 imaptest perl: No worthy mechs found

I don't get exactly what i need to be able to configure
groups...!!


Can someone help me, please?


---------- Debut du message initial -----------

De     : info-cyrus-bounces at lists.andrew.cmu.edu
A      : "hans.moser" hans.moser at ofd-sth.niedersachsen.de
Copies : "info-cyrus" info-cyrus at lists.andrew.cmu.edu
Date   : Fri,  2 Feb 2007 09:56:14 +0100
Objet  : Re: Cyrus Imapd shared folders question [auf Viren
überprüft]

> 
> Thanks!
> 
> I will try with your configuration!
> 
> ldapsearch -x -h ldap.mydomain.com -b
> ou=groups,o=mydomain,dc=fr cn=mongroupe
> 
> Give me that result : 
> # extended LDIF
> #
> # LDAPv3
> # base <ou=groups,o=mydomain,dc=fr> with scope subtree
> # filter: cn=mongroupe
> # requesting: ALL
> #
> 
> # mongroupe, groups, mydomain, fr
> dn: cn=mongroupe,ou=groups,o=mydomain,dc=fr
> objectClass: top
> objectClass: groupOfNames
> description: Test
> cn: mongroupe
> member: cn=toto,ou=users,o=mydomain,dc=FR
> member: cn=toto2,ou=users,o=mydomain,dc=fr
> 
> # search result
> search: 2
> result: 0 Success
> 
> # numResponses: 2
> # numEntries: 1
> 
> 
> 
> And ldapsearch -x -h ldap.mydomain.com -b
> ou=users,o=mydomain,dc=fr cn=toto2
> 
> 
> # extended LDIF
> #
> # LDAPv3
> # base <ou=users,o=mydomain,dc=fr> with scope subtree
> # filter: cn=toto2
> # requesting: ALL
> #
> 
> # toto2, users, mydomain, fr
> dn: cn=toto2,ou=users,o=mydomain,dc=fr
> o: mydomain
> initials: toto
> givenName: toto2
> street: my street
> sn: TEST2
> ou: mydomain
> l: there
> mail: toto2 at mydomain.com
> facsimileTelephoneNumber: 333
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> objectClass: Person
> uid: toto2
> postalCode: 555658
> cn: toto2
> st: Nord
> 
> # search result
> search: 2
> result: 0 Success
> 
> # numResponses: 2
> # numEntries: 1
> 
> 
> Here is the Ldif structure for my groups :
> dn: cn=mongroupe, ou=groups, o=mydomain,dc=fr
> description: Test
> objectClass: top
> objectClass: groupOfNames
> member: cn=toto,ou=users,o=mydomain,dc=FR
> member: cn=toto2,ou=users,o=mydomain,dc=fr
> cn: mongroupe
> 
> 
> 
> So how can i make my filter on group and member?
> 
> 
> 
> 
> ---------- Debut du message initial -----------
> 
> De     : "Hans Moser" hans.moser at ofd-sth.niedersachsen.de
> A      : "jc.duss59 at laposte.net" jc.duss59 at laposte.net
> Copies : "info-cyrus" info-cyrus at lists.andrew.cmu.edu
> Date   : Thu, 01 Feb 2007 18:30:53 +0100
> Objet  : Re: Cyrus Imapd shared folders question [auf Viren
> überprüft]
> 
> > jc.duss59 at laposte.net schrieb:
> > 
> > > Jan 31 17:59:37 imaptest ptloader[726]:
> > > ldap_sasl_interactive_bind() failed 16 (No such attribute).
> > > Jan 31 17:59:37 imaptest imap[727]: ptload(): bad response
> > > from ptloader server: ptsmodule_connect() failed
> > > Jan 31 17:59:37 imaptest imap[727]: ptload completely
failed:
> > > unable to canonify identifier: toto2
> > > Jan 31 17:59:37 imaptest imap[727]: badlogin: [10.1.45.1]
> > > plaintext toto2 invalid user
> > Please show the toto2 entry from your ldap server.
> > 
> > # ldapsearch -x -h ldap.mydomain.com  -b
> ou=users,o=myorg,dc=fr uid=toto2
> > 
> > you must have anonymous read access to uid.
> > 
> > I use this in imapd 2.2.12 (ldapdb and pts):
> > 
> > sasl_log_level: 5
> > sasl_pwcheck_method: auxprob
> > sasl_auxprob_plugin: ldapdb
> > sasl_ldapdb_uri: ldap://foo
> > sasl_ldapdb_id: human
> > sasl_ldapdb_pw: pw
> > sasl_ldapdb_mech:  PLAIN DIGEST-MD5 CRAM-MD5 LOGIN
> > allowplaintext: yes
> > sasl_minimum_layer: 0
> > sasl_ldapdb_starttls: Demand
> > sasl_ldap_search_base: ou=humans,ou=bar
> > sasl_ldap_search_filter: maildrop=%U
> > tls_cert_file: foo.pem
> > tls_key_file: foo6.pem
> > tls_ca_file: foo06.pem
> > tls_ca_path: ssl/ca
> > #
> > # ptloader ldap:
> > ldap_id: human
> > ldap_sasl: 1
> > ldap_password: pw
> > ldap_uri: ldap://foo
> > ldap_mech: PLAIN DIGEST-MD5 CRAM-MD5 LOGIN
> > ldap_start_tls: 1
> > ldap_tls_cacert_file: foo.pem
> > ldap_tls_cert: foo6.pem
> > ldap_tls_key: foo06.pem
> > ldap_base: ou=humans,ou=bar
> > ldap_group_base: ou=gruppen,ou=humans,ou=bar
> > ldap_group_filter: ou=%U
> > ldap_member_attribute: member
> > ldap_group_scope: sub
> > ldap_member_method: attribute
> > 
> > 
> > Hans
> > 
> 
> Envoyez vos cartes de voeux depuis www.laposte.net 
> Elles seront ensuite distribuées par le facteur : pratique
et malin !
> 
> ----
> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
> List Archives/Info:
http://asg.web.cmu.edu/cyrus/mailing-list.html
> 

Envoyez vos cartes de voeux depuis www.laposte.net 
Elles seront ensuite distribuées par le facteur : pratique et malin !

More information about the Info-cyrus mailing list