On Fri, 20 Sep 2002, Lee Hoffman wrote:
> I've been pulling my hair out with this for nearly 4 days now. I have > cyrus 2.1.5, sasl 2.1.7 on a RH7.3 box compiled as follows: > > SASL: > ./configure --enable-plain --disable-krb4 > --with-saslauthd=/var/run/saslauthd --with-ldap=/usr/local/lib > > IMAP: > ./configure --with-sasl=/usr/local/lib --with-perl --with-auth=unix > --with-ssl --with-dbdir=/usr/local/BerkeleyDB.4.0 --with-ucdsnmp=no > > Basically I CYRUS->SASLAUTHD->LDAP > > For some reason users intermittently will be prompted for their password > over and over. The sasl debug log show the following lines when that > happens: > > Sep 20 16:53:46 servername saslauthd[341]: Entry not found or more than > one entries found (uid=superman). > Sep 20 16:53:46 servername saslauthd[341]: AUTHFAIL: user=superman > service=imap realm= > > (ldap logs show nothing) > > The user always exists in the ldap directory. In fact 75% of the time > they can login and use mail without problems. It seems like when I > restart the ldap directory the AUTHFAILS stop happening for a while. I > have the ldap directory restarting ldap every 5 minutes now, which seems > to be keeping the AUTHFAILS to a minimum (but they are still happening). > > > I immediately figured it was an LDAP problem. However, I've now tried > openldap 2.0.25, 2.1.5, 2.0.23 as the ldap server. I've even tried each > of these three versions on two different servers (one with redhat, one > with debian). Both servers were completely different hardware. I also > tried different versions of the ldap client library (and of course > recompiled cyrus and sasl after trying each) on the cyrus server. > Nothing stops these intermittent AUTHFAILS. > > Does anyone have any idea whats going on? I'm desperate. Any ideas would > be appreciated. > Are there any other saslauthd lines in the syslog? What happens when you run ldapsearch -x -b ou=users,dc=location,dc=com -D cn=postfixAdmin,ou=software,dc=location,dc=com -W uid=superman on the command line after you start getting AUTHFAIL messages? How many entries, if any, are returned? Your configuration looks good. > > > SASLAUTHD.CONF: > > ldap_servers: ldaps://server1.com # (tried ldap and ldaps here) > ldap_bind_dn: cn=postfixAdmin,ou=software,dc=location,dc=com > ldap_bind_pw: password > ldap_auth_method: bind > ldap_search_base: ou=users,dc=location,dc=com > ldap_debug: 5000 > ldap_timeout: 15 # tried multiple values here too > ldap_time_limit: 15 # tried multiple values here too > > > IMAPD.CONF > > configdirectory: /export/cyrus/imap > partition-default: /export/cyrus/spool/imap > admins: admin > #sasl_pwcheck_method: pam > > tls_cert_file: /export/cyrus/server.pem > tls_key_file: /export/cyrus/server.pem > > allowanonymouslogin: no > allowplaintext: yes > sasl_mech_list: PLAIN > servername: localhost > autocreatequota: 10000 > reject8bit: no > quotawarn: 90 > timeout: 30 > poptimeout: 10 > dracinterval: 0 > drachost: localhost > sasl_pwcheck_method: saslauthd > #sievedir: /usr/sieve > #sendmail: /usr/sbin/sendmail > #sieve_maxscriptsize: 32 > #sieve_maxscripts: 5 > > # Get rid of folders as subfolders of INBOX > altnamespace: yes > unixhierarchysep: yes > > > -- Igor
