Cyrus-imapd not providing realm information

lartc lartc at manchotnetworks.net
Mon Aug 25 08:13:05 EDT 2008


Hi,

I've got the same setup -- you should have 

ldap_realm: yourdomain.com

in /etc/saslauthd.conf

and you should start saslauthd daemon with the "-r" argument

hth,

charles




On Mon, 2008-08-25 at 14:04 +0200, tarjei wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi, I'm trying to get Cyrus IMAPD + saslauthd working with an
> virtdomains setup.
> 
> Relevant info:
> OS: Centos 5.2
> Cyrus-Imapd: 2.3.7
> Sasl: 2.1.22
> 
> imapd.conf:
> altnamespace: yes
> autocreatequota:-1
> createonpost: no
> autocreate_sieve_script: /var/lib/imap/sieve/default.script
> autocreateinboxfolders: Spam|Drafts|Sent|Trash
> autosubscribeinboxfolders: Spam|Drafts|Sent|Trash
> autosubscribesharedfolders: Spam|Ikke-Spam
> defaultdomain: example.com
> virtdomains: userid
> servername: mail.example.com
> unixhierarchysep: 1
> sasl_mech_list: plain
> sasl_pwcheck_method: saslauthd
> cmtp_overquota_perm_failure: no
> 
> saslauthd.conf:
> ldap_servers:     ldaps://ldap.example.com
> ldap_version:     3
> ldap_timeout:     10
> ldap_time_limit:  10
> ldap_search_base: dc=example,dc=com
> ldap_bind_dn:     uid=saslauthd,ou=Services,dc=example,dc=com
> ldap_password:    password
> ldap_scope:       sub
> ldap_uidattr:     mail
> ldap_filter_mode: yes
> ldap_filter:      (mail=%u@%r)
> 
> testsaslauth works:
> testsaslauthd -u tarjei -r example.com -p password
> 0: OK "Success."
> 
> but imtest fails:
> imtest -u tarjei at example.com -a tarjei at example.com -t "" localhost
> ...
> S: A01 NO authentication failure
> Authentication failed. generic failure
> 
> I then find the following in the log files:
> saslauthd[27506]: do_auth         : auth failure: [user=tarjei]
> [service=imap] [realm=] [mech=ldap] [reason=Unknown]
> 
> And in the ldap log:
> SRCH base="dc=example,dc=com" scope=2 deref=0 filter="(mail=tarjei@)"
> 
> 
> It seems to me that for some reason, the imap server is not passing on
> the full username - but just the part before the domainname.
> 
> Does anyone know what I am doing wrong? I seem so close :)
> 
> Kind regards,
> Tarjei
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iD8DBQFIsp/pYVRKCnSvzfIRAoN2AJ94nmeUJ1ir+SWICgZQwz1W9JQskACgn4X4
> kt/8icmlER1QImZK+ZR/r7U=
> =zTtD
> -----END PGP SIGNATURE-----
> ----
> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html



More information about the Info-cyrus mailing list