Problems testing cyrus imap server (cyrus sasl + ldapdb plugin)

Dan White dwhite at olp.net
Mon Nov 29 11:56:00 EST 2010


On 29/11/10 12:15 -0400, Fernando Torrez wrote:
>I configured cyrus-imapd to authenticate through cyrus-sasl with ldapdb auxprop.
>I did all tests suggested on cyrus-imap, cyrus-sasl, and openldap documentacions
>but  when trying with telnet command I got this error
>
>
>firewall:/usr/lib/sasl2 # telnet localhost imap
>Trying ::1...
>Connected to localhost.
>Escape character is '^]'.
>* OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID LOGINDISABLED AUTH=CRAM-MD5 AUTH=DIGEST-MD5 SASL-IR COMPRESS=DEFLATE] firewall Cyrus IMAP v2.3.16 server ready
>LOGIN test secret1
>LOGIN BAD Please login first

There are a couple of problems here unrelated to your ldapdb setup.

Your syntax is incorrect. It should be:

<tag> login user pass
e.g.

C LOGIN test secret1

The other is that you have the 'allowplaintext' option turned off, which is
the default, and is the reason for the LOGINDISABLED identifier. If you want
to authenticate via LOGIN, you'll need to enable that option in imapd.conf.

>firewall:/var/log # imtest -m digest-md5 -a cyrus -u fernandito -v localhost
<cut>
>S: A01 OK Success (privacy protection)
>Authenticated.
>Security strength factor: 128
>Asking for capabilities again since they might have changed
>C: C01 CAPABILITY
>S: * CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID LOGINDISABLED AUTH=CRAM-MD5 AUTH=DIGEST-MD5 COMPRESS=DEFLATE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE SCAN IDLE X-NETSCAPE URLAUTH
>S: C01 OK Completed


># esta seccion es para la autenticacion via plugin auxiliar: ldapdb
>sasl_log_level: 7
>sasl_mech_list: DIGEST-MD5 PLAIN LOGIN CRAM-MD5 EXTERNAL
>sasl_pwcheck_method: auxprop
>sasl_auxprop_plugin: ldapdb
>sasl_ldapdb_uri: ldap://localhost
>sasl_ldapdb_id: cyrus
>sasl_ldapdb_pw: secret
>sasl_ldapdb_mech: DIGEST-MD5
>sasl_auto_transition: no

Looks reasonable.

-- 
Dan White


More information about the Info-cyrus mailing list