Switching to Mysql from sasldb2 SOLVED

Sat Feb 2 09:02:18 EST 2013

OK, I found the documentation here:
/usr/share/doc/cyrus-sasl-lib-2.1.23/options.html

I had a maybe 2 mistakes which are commented below!

Also SELinux is preventing /usr/lib/cyrus-imapd/imapd from search access on
the directory /var/lib/mysql.

The fix for that is:
# cat /var/log/messages | audit2allow -m local > imap-sql.te
# checkmodule -M -m imap-sql.mod imap-sql.te
# semodule_package -o imap-sql.pp -m imap-sql.mod
# semodule -i imap-sql.pp

WARNING: Do NOT just follow the above unless you know what you are doing! You
actually need to do the first step above more than once then edit the
imap-sql.te file before installing the policy. This is del

Charles Bradshaw

On: Fri, 1 Feb 2013 23:15:15 +0000, Charles Bradshaw wrote:

> I am trying to switch from using sasldb2 to mysql, but I am seeing:
> 
> Feb  1 22:48:20 ****** imaps[2553]: badlogin: ********* [192.168.0.8]
> DIGEST-MD5 [SASL(-13): user not found: no secret in
> 
> In /etc/log/maillog (I have inserted ******* to hide the actual 
> server and host atempting to login)
> 
> I am seeing no query on the database so I presume I have something 
> wrong with one of my configurations?
> 
> Any help would be most appreciated. Where is the documentation for imapd.conf
> using mysql?
> 
> $ yum list cyrus-sasl-sql
> Installed Packages
> cyrus-sasl-sql.i686   2.1.23-31.fc17
> 
>   ~ o ~
> 
> /etc/imapd.conf
> configdirectory: /var/lib/imap
> partition-default: /var/spool/imap
> admins: cyrus
> sievedir: /var/lib/imap/sieve
> sendmail: /usr/sbin/sendmail
> hashimapspool: true
> #
> sasl_pwcheck_method: auxprop
> sasl_mech_list: PLAIN DIGEST-MD5 CRAM-MD5
> #
> #sasl_auxprop_plugin:sasldb
> sasl_auxprop_plugin:sql
> #
> # added these for mysql
> sasl_sql_engine:mysql
> sasl_sql_hostname:localhost:3306

Above should be sasl_sql_hostnames NOT sasl_sql_hostname!

> sasl_sql_user:mail_admin
> sasl_sql_passwd:********
> sasl_sql_database:mail
> sql_statement:SELECT pwd FROM users WHERE id = '%u@%r'

Above should be sasl_sql_select NOT sql_statement!

> sasl_sql_verbose:yes

No such tag as sql_verbose!

> sasl_sql_usessl: no
> #
> allowplaintext: yes
> debug: yes
> unixhierarchysep: yes
> #
> virtdomains: userid
> tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
> tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
> tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt
> tls_cipher_list: TLSv1:SSLv3:!NULL:!EXPORT:!DES:!LOW:@STRENGTH
> 
>   ~ o ~
> 
> /etc/sasl2/Sendmail
> pwcheck_method:auxprop
> mech_list:DIGEST-MD5 CRAM-MD5 PLAIN
> #
> #auxprop_plugin:sasldb
> auxprop_plugin:sql
> #
> # adde these for mysql
> sql_engine:mysql
> sql_hostname:localhost:3303

Above should be sql_hostnames NOT sql_hostname !
> sql_user:mail_admin
> sql_passwd:********
> sql_database:mail
> sql_statement:SELECT pwd FROM users WHERE id = '%u@%r'

Above should be sql_select NOT sql_statement

> sql_verbose:yes
> sql_usessl: no
> #
> debug:yes
> log_level:5
> 
>  ~ o ~
> 
> Mysql query session (just to prove that it works):
> 
> $ mysql --user mail_admin --password
> Enter password: 
> Welcome to the MySQL monitor.  Commands end with ; or \g.
> Your MySQL connection id is 44
> Server version: 5.5.29-log MySQL Community Server (GPL)
> 
> Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
> 
> Oracle is a registered trademark of Oracle Corporation and/or its
> affiliates. Other names may be trademarks of their respective
> owners.
> 
> Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
> 
> mysql> SELECT pwd FROM mail.users WHERE id = 'test at mydomain';
> +----------+
> | pwd      |
> +----------+
> | ******** |
> +----------+
> 1 row in set (0.00 sec)
> 
> mysql> quit
> Bye
> 
> ----
> Cyrus Home Page: http://www.cyrusimap.org/
> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> To Unsubscribe:
> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
------- End of Original Message -------