Problem setup Cyrus Aggregation ( Murder )

Lucas Zinato Carraro lucaszc at gmail.com
Wed Jul 14 23:12:56 EDT 2010 

Cyrus IMAPD version: 2.3.16 ( using a compiled source version )


My problem seems to be with the sasl authentication

frontend  auth with mupdate - Ok
mupdate auth with frontend   - Ok
frontend auth with backend -  ???

------------------------------------------------------------------
My /etc/saslauthd.conf

ldap_servers: ldap://ldap.intranet
ldap_auth_method: bind
ldap_referrals: no
ldap_search_base: dc=domain1,dc=com
ldap_verbose: on
ldap_debug: 6

Tested with testsaslauthd  and postfix.

--------------------------------------------------------------------
In Frontend:

# Mupdate
mupdate_server:  mupdate.intranet
mupdate_username: cyrmaster
mupdate_authname: cyrmaster
mupdate_password: data

# Backend User
proxy_authname: cyrmaster
proxy_password: data

# Administrator
admins: cyrmaster

# SASL
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN LOGIN
allowplaintext: yes
sasl_minimum_layer: 0
sasl_auto_transition: no
-----------------------------------------------------

In Backend:

# Mupdate
mupdate_server: mupdate.intranet
mupdate_username: cyrmaster
mupdate_authname: cyrmaster
mupdate_password: data


# Backend User
proxyservers: cyrmaster

# Administrator
admins: cyrmaster

#  SASL
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN LOGIN
allowplaintext: yes
sasl_minimum_layer: 0
sasl_auto_transition: no

----------------------------------------------------------------------------------------

When i connect in frontend and create a mailbox:

cyradm --user cyrmaster frontend
frontend> cm user/bob backend1


in backend log:

Jul 14 23:48:34 backend1 saslauthd[6837]: ldap_simple_bind() failed -1
(Can't contact LDAP server).
Jul 14 23:48:34 backend1 saslauthd[6837]: Retrying authentication
Jul 14 23:48:34 backend1 imap[7042]: auxpropfunc error invalid parameter
supplied
Jul 14 23:48:34 backend1 imap[7042]: _sasl_plugin_load failed on
sasl_auxprop_plug_init for plugin: ldapdb

But mailbox is created.

When setacl is used:

frontend> sam user/bob cyrmaster all

In backend log:

ul 14 23:52:45 backend1 imap[7050]: auxpropfunc error invalid parameter
supplied
Jul 14 23:52:45 backend1 imap[7050]: _sasl_plugin_load failed on
sasl_auxprop_plug_init for plugin: ldapdb
Jul 14 23:52:45 backend1 imap[7042]: No worthy mechs found
Jul 14 23:52:45 backend1 imap[7051]: auxpropfunc error invalid parameter
supplied
Jul 14 23:52:45 backend1 imap[7051]: _sasl_plugin_load 1ailed on
sasl_auxprop_plug_init for plugin: ldapdb

---------------------------------------------------------------------------------------------------------------------------------------------------------------------

when try to reconstruct a mailbox:

frontend> reconstruct  user/bob

Jul 15 00:09:53 uxrjo700 saslauthd[6841]: Authentication failed for
cyrmaster: Bind to ldap server failed (invalid user/password or insufficient
access) (-7)
Jul 15 00:09:53 uxrjo700 saslauthd[6841]: do_auth         : auth failure:
[user=cyrmaster] [service=imap] [realm=] [mech=ldap] [reason=Unknown]
Jul 15 00:09:59 uxrjo700 imap[7116]: auxpropfunc error invalid parameter
supplied
Jul 15 00:09:59 uxrjo700 imap[7116]: _sasl_plugin_load failed on
sasl_auxprop_plug_init for plugin: ldapdb


I don' configure  sasl plugin: ldapdb in imapd.conf , why this plugin is
called ?
.sasl_pwcheck_method: saslauthd is not sufficient for all operations ?
I need to configure some ldapdb parameter ??

I don'  configure any TLS certificate is necessary to configure a TLS
certificate ?
Even when PLAIN password is used ?

With means "No worthy mechs found"  ?

I thank in advance for any help

Regards
Zinato






On Tue, Jul 13, 2010 at 8:24 PM, Lucas Zinato Carraro <lucaszc at gmail.com>wrote:

>
>
> cyradm --user cyrmaster at domain1.com  frontend.domain.com
> Password:
> frontend.domain.com>
>
> frontend.domain.com>
>
> frontend.domain.com> cm user/test  backend1.intranet               --- OK
>
> frontend.domain.com> lm user/test
> user/testepermissao (\HasNoChildren)
>
> frontend.domain.com> info
> user/testepermissao
> {user/test}:
>   server: backend1.intranet
> correio.dataprev.gov.br> sam user/test  cyrmaster at domain1.com all
> setaclmailbox: cyrmaster at domain1.com: lrswipkxtea: Server(s) unavailable
> to complete operation
>
>
> ---------------------------------------------------------------------------------------------------------------
>
> Problem when set ACLs and QUOTA, but CREATE is OK
>
> Using SASLAUTH with LDAP Server.
>
>
> --------------------------------------------------------------------------------------------------
> Configuration in frontend.domain.com
>
> ............................................
> # Administrator
> admins:  cyrmaster at domain1.com  cyrmaster at domain2.com
>
> # Mupdate
> mupdate_server: mupdate.intranet
> mupdate_authname: mupdateuser
> mupdate_password: password
>
> # Backend User
> proxy_authname: backenduser
> proxy_password: password1
> backend1_password: password1
>
>
> ------------------------------------------------------------------------------------------------------
> Configuration in backend1.intranet
>
> ............................
> # Mupdate
> mupdate_server: mupdate.intranet
> mupdate_authname: mupdateuser
> mupdate_password: password
>
> # Backend User
> proxyservers: backenduser at intranet backenduser at domain1.com
> backenduser at domain2.com
>
> # Administrador
> admins:  cyrmaster at domain1.com cyrmaster at domain2.com
>
>
>
> ------------------------------------------------------------------------------------------------------
> Configuration in mupdate.intranet
>
> ..............
>
>
> # Backend User
> proxy_authname: backenduser
> proxy_password: password1
>
> # Administrator
> admins:  mupdateuser mupdateuser at intranet backenduser
> backenduser at domain1.com backenduser at domain2.com
>
>
>
> ----------------------------------------------------------------------------------------------------------
>
> When i use this command i see in backend :
>
> Jul 13 19:52:34 backend1 imap[30484]: login: frontend.domain.com[192.168.136.151]
> cyrmaster at domain1.com PLAIN User logged in
> Jul 13 19:52:34 backend1 imap[30484]: fetching user_deny.db entry for '
> cyrmaster at domain1.com'
> Jul 13 19:52:34 backend1 imap[30478]: accepted connection
> Jul 13 19:52:34 backend1 imap[30484]: couldn't authenticate to backend
> server: no mechanism available
>
>
> Any help ?
>
>
> Another question is:   When i transfer a mailbox from backend1 to backend2
> , backend1 auth in backend2 with
> the user that request action ( in my example  cyrmaster at domain1.com  ) or
> with proxy_authname( backenduser at domain1.com ) ?
>
>
>
> Thanks for any help
>
> Regards
>
> Zinato
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20100715/f7baeff5/attachment.html

More information about the Info-cyrus mailing list