_sasl_plugin_load failed on sasl_canonuser_init for plugin: ldapdb
Marten Lehmann
lehmann at cnm.de
Fri Jan 13 20:20:57 EST 2012
Hello,
I found out how to get rid of this annoying error messages, but not
indeed to remove the cause of it.
Typically, cyrus-imapd should just handle authentication as it is
requested to do by the configuration in imapd.conf. Regarding
sasl-authentication, it is the value of the option "sasl_pwcheck_method".
So as long as one doesn't configure cyrus-imapd to use the auxprop
plugin and the ldap backup, cyrus-imapd shouldn't try to use or even
load this plugin. Actually, I'm not the only one having this problem. I
noticed a posting from a user that claimed, that in his configuration he
got dozends of logs of canonuserfunc errors with _sasl_plugin_load
failing like me, but with the sql plugin in his case. And his solution
for this was to compile cyrus-imapd without the sql plugin.
So while I'm using prebaked packages from Ubuntu I applied the same
action by purging the libsasl2-modules-ldap package and voilà: The
errors disappeared!
IMHO this behaviour is not ok. There are other fails in the same league:
- deliver.db gets created altough I turned duplicatesuppression off
- I have to create an empty user_deny.db although I have no need for
this functionality
- tls_sessions.db is created, although no SSL processes are configured
(this is all offloaded to an POP3S/IMAPS proxy in front of our backends).
Who is responsible for this part of the code? I cannot understand how
this bogus behaviour could stay for so long in the production code of
cyrus-imapd.
Kind regards
Marten
On 08.01.2012 05:58, Marten Lehmann wrote:
> Hello,
>
> I configured cyrus to use saslauthd for authentication. The related
> lines in /etc/imapd.conf are as follows:
>
> sasl_mech_list: PLAIN
> allowapop: no
> sasl_pwcheck_method: saslauthd
> sasl_auto_transition: no
>
> Now, everything works fine, SASL-Authentication, LMTP, POP3, IMAP, with
> just one problem: /var/log/auth.log is filling up with lines like this:
>
> cyrus/lmtp[6233]: canonuserfunc error -7
> cyrus/lmtp[6233]: _sasl_plugin_load failed on sasl_canonuser_init for
> plugin: ldapdb
> cyrus/lmtp[6233]: auxpropfunc error invalid parameter supplied
> cyrus/lmtp[6233]: _sasl_plugin_load failed on sasl_auxprop_plug_init for
> plugin: ldapdb
> cyrus/lmtp[6233]: canonuserfunc error -7
> cyrus/lmtp[6233]: _sasl_plugin_load failed on sasl_canonuser_init for
> plugin: ldapdb
>
> But I nowhere configured cyrus to use auxprop authentication or the
> ldapdb plugin. Also, openldap is running on a different server so all
> that cyrus should use is saslauthd which indeed works. But I cannot live
> with that mass of errors in the logfile, even though they don't seem to
> harm anything.
>
> What is causing them?
>
> Kind regards
> Marten
> ----
> Cyrus Home Page: http://www.cyrusimap.org/
> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
More information about the Info-cyrus
mailing list