Cyrus2.2 with IMAPS/SASLauthd not working

FreiNet Technik cyrus-info at freinet.de
Fri Oct 26 09:34:42 EDT 2007


Hello all,

I set up a cyrus2.2 IMAP-Server with authentication to a
LDAP-userdirectory via "saslauthd". All ist working well if i use IMAP.
When i try to use IMAPs "mail auth" ist still working (used in groupware
web-client), but IMAP connections from clients time out.

It is logged in cyrus.log as:
  Oct 26 13:35:49 mailer cyrus/imaps[1531]: accepted connection
  Oct 26 13:35:49 mailer cyrus/imaps[1531]: telling master 3
  Oct 26 13:35:49 mailer cyrus/master[1407]: service imaps pid 1531 in
READY state: now unavailable and in BUSY state
  Oct 26 13:35:49 mailer cyrus/master[1407]: service imaps now has 0
ready workers
  Oct 26 13:35:49 mailer cyrus/master[1407]: service imaps pid 1531 in
BUSY state: now serving connection
  Oct 26 13:35:49 mailer cyrus/master[1407]: service imaps now has 0
ready workers
  Oct 26 13:36:31 mailer cyrus/imaps[1530]: imaps TLS negotiation
failed: client.example.net [192.168.x.x]
  Oct 26 13:36:31 mailer cyrus/imaps[1530]: Fatal error:
tls_start_servertls() failed
  Oct 26 13:36:31 mailer cyrus/master[1407]: process 1530 exited, status 75
  Oct 26 13:36:31 mailer cyrus/master[1407]: service imaps pid 1530 in
BUSY state: terminated abnormally

auth.log says:
  Oct 26 14:32:21 mailer cyrus/imaps[1972]: auxpropfunc error invalid
parameter supplied
  Oct 26 14:32:21 mailer cyrus/imaps[1972]: _sasl_plugin_load failed on
sasl_auxprop_plug_init for plugin: ldapdb

If i test the configuration with "imtest -s -v -a client mailer -p 993"
i am able to log in and fetch some mails.

In this case the log looks like:

  Oct 26 14:56:12 mailer cyrus/imaps[1994]: accepted connection
  Oct 26 14:56:12 mailer cyrus/imaps[1994]: telling master 3
  Oct 26 14:56:12 mailer cyrus/master[1957]: service imaps pid 1994 in
READY state: now unavailable and in BUSY state
  Oct 26 14:56:12 mailer cyrus/master[1957]: service imaps now has 0
ready workers
  Oct 26 14:56:12 mailer cyrus/master[1957]: service imaps pid 1994 in
BUSY state: now serving connection
  Oct 26 14:56:12 mailer cyrus/master[1957]: service imaps now has 0
ready workers
  Oct 26 14:56:12 mailer cyrus/imaps[1994]: mydelete: starting txn
2147483659
  Oct 26 14:56:12 mailer cyrus/imaps[1994]: mydelete: committing txn
2147483659
  Oct 26 14:56:12 mailer cyrus/imaps[1994]: mystore: starting txn 2147483660
  Oct 26 14:56:12 mailer cyrus/imaps[1994]: mystore: committing txn
2147483660
  Oct 26 14:56:12 mailer cyrus/imaps[1994]: starttls: TLSv1 with cipher
AES256-SHA (256/256 bits new) no authentication
  Oct 26 14:56:18 mailer cyrus/imaps[1994]: login: client.example.net
[192.168.x.x] client PLAIN+TLS User logged in
  Oct 26 14:56:27 mailer cyrus/imaps[1994]: seen_db: user client opened
/var/lib/cyrus/user/c/client.seen
  Oct 26 14:56:27 mailer cyrus/imaps[1994]: open: user client opened Inbox
  Oct 26 14:57:21 mailer cyrus/imaps[1994]: telling master 1
  Oct 26 14:57:21 mailer cyrus/master[1957]: service imaps pid 1994 in
BUSY state: now available and in READY state
  Oct 26 14:57:21 mailer cyrus/master[1957]: service imaps now has 1
ready workers

Can someone tell me the difference between connecting with client (i
tried with and without TLS, with and without "secure authentication" and
"imtest"? Where come these strange "_sasl_plugin_load" errors from when
"mail auth" works with imaps?
Can somebody please enlighten me?

Thanks in advance,
Holger

I use the following configs:

/etc/saslauthd.conf:
  ldap_servers: ldaps://ds1.example.net
  ldap_search_base: dc=example,dc=net
  ldap_mech: DIGEST_MD5


/etc/cyurus.conf (excerpt)
 #imap           cmd="imapd -U 30" listen="localhost:imap" prefork=0
maxchild=100
 imaps           cmd="imapd -s -U 30" listen="imaps" prefork=0 maxchild=100

/etc/imapd.conf (excerpt)
  # No anonymous logins
  allowanonymouslogin: no
  # Allow plaintext logins by default (SASL PLAIN)
  allowplaintext: yes
  sasl_mech_list: PLAIN
  sasl_pwcheck_method: saslauthd

________________________________________________________________________
FreiNet Gesellschaft fuer Informationsdienste mbH                       
Loerracher Strasse 5a, D-79115 Freiburg                                 
Telefon: +49-761-496-1700, Fax: +49-761-496-1790                        
http://www.freinet.de                                                   
                                                                        
Registergericht AG Freiburg i. Br. - HRB 4758                           
Geschaeftsfuehrung: Manfred Neufang                                     
USt-Id-Nr.:DE142316038 - FA Freiburg Stadt - Steuernummer 06425/40959   
Sparkasse Freiburg-Noerdlicher Breisgau - BLZ 680 501 01 - Konto 10105414
________________________________________________________________________




More information about the Info-cyrus mailing list