ldapdb auxprop configuration

Lars Hanke lars at lhanke.de
Fri Jan 2 16:37:08 EST 2009


Thanks Dan,

 > To make sure that the ldapdb plugin is installed correctly:
 > # cat > /usr/lib/sasl2/pluginview.conf
 > # pluginviewer | grep ldapdb
hermod:/# grep sasl /etc/imapd.conf | grep -v '^#' | grep -v '^\s*$' | 
sed 's/^sasl_//' > /usr/lib/sasl2/pluginviewer.conf
hermod:/# saslpluginviewer -a
Installed auxprop mechanisms are:
ldapdb sasldb
List of auxprop plugins follows
Plugin "ldapdb" ,       API version: 4
        supports store: yes

Plugin "sasldb" ,       API version: 4
        supports store: yes

Didn't know this tool so far. Should it say something different?

 > Does your /var/log/auth.log or /var/log/syslog give you anything useful?
At least it's not too useful to me ... (after setting sasl_log_level: 7)

/var/log/auth.log:
Jan  2 22:31:15 hermod cyrus/imap[3432]: DIGEST-MD5 server step 1
Jan  2 22:31:15 hermod imtest: DIGEST-MD5 client step 2
Jan  2 22:31:17 hermod imtest: DIGEST-MD5 client step 2
Jan  2 22:31:17 hermod cyrus/imap[3432]: DIGEST-MD5 server step 2

/var/log/syslog:
Jan  2 22:31:15 hermod cyrus/master[3432]: about to exec 
/usr/lib/cyrus/bin/imapd
Jan  2 22:31:15 hermod cyrus/imap[3432]: executed
Jan  2 22:31:15 hermod cyrus/imap[3432]: accepted connection
Jan  2 22:31:17 hermod cyrus/master[3425]: process 3432 exited, signaled 
to death by 11
Jan  2 22:31:17 hermod cyrus/master[3425]: service imap pid 3432 in BUSY 
state: terminated abnormally

 > You may want to experiment with the ldapdb_starttls and ldapdb_rc 
options (see sasl's options.html doc).  See 'man ldap.conf' for options 
that you can place in ldaprc. If you do choose to use starttls, you'll 
need to replace ldaps://hel.mgr with ldap://hel.mgr.

I tried
sasl_ldapdb_uri: ldap://hel.mgr
sasl_ldapdb_starttls: try

and it comes out the same; slapd logs a successful STARTTLS.

I tried:
sasl_ldapdb_rc: /etc/ldap/ldap.conf

which yields sending short packages in both cases. This slapd debug 
output is from a STARTTLS variant:
TLS: can't accept: A TLS packet with unexpected length was received..
connection_read(16): TLS accept failure error=-1 id=8, closing
connection_closing: readying conn=8 sd=16 for close
connection_close: conn=8 sd=16
conn=8 fd=16 closed (TLS negotiation failure)

But still imtest fails with "failure: prot layer failure". There is no 
activity in slapd before the password is entered in imtest.



More information about the Info-cyrus mailing list