On Fri, 21 May 2004, Andrew B. Panphiloff wrote: > I have strange behaviour of cyrus-imapd and cyrus-sasl. > > imapd config : > > -------------------------------------------------------------------------- > tls_ca_file: /etc/ssl/cyrus.pem > tls_cert_file: /etc/ssl/cyrus.pem > tls_key_file: /etc/ssl/cyrus.pem > virtdomains: yes > defaultdomain: localhost > configdirectory: /var/imap > partition-default: /var/spool/imap > sievedir: /var/imap/sieve > altnamespace: no > unixhierarchysep: no > lmtp_downcase_rcpt: yes > admins: cyrus > allowanonymouslogin: no > popminpoll: 0 > autocreatequota: 100000 > createonpost: yes > autocreateinboxfolders: Sent | Drafts | Templates | Trash > autosubscribeinboxfolders: Sent | Drafts > umask: 077 > sieveusehomedir: false > hashimapspool: true > allowplaintext: yes > sasl_mech_list: plain login > sasl_minimum_layer: 0 > sasl_pwcheck_method: saslauthd > sasl_auto_transition: no > tls_ca_path: /etc/ssl/certs > tls_session_timeout: 1440 > tls_cipher_list: TLSv1:SSLv3:SSLv2:!NULL:!EXPORT:!DES:!LOW:@STRENGTH > lmtpsocket: /var/run/cyrus/socket/lmtp > idlesocket: /var/run/cyrus/socket/idle > notifysocket: /var/run/cyrus/socket/notify > --------------------------------------------------------------------------- > > saslauthd.conf config: > > --------------------------------------------------------------------------- > ldap_servers: ldap://127.0.0.1 > ldap_bind_dn: cn=admin,o=8ka.mipt.ru > ldap_bind_pw: xxx > ldap_version: 3 > ldap_search_base: ou=Mail,o=8ka.mipt.ru > ldap_filter: mail=%u
Change to ldap_filter: [EMAIL PROTECTED] and things will work. > why in first case saslauthd get "[EMAIL PROTECTED]" and "realm=" if you want to emulate imapd behavior, you need to 'testsaslauthd -u jeka -r 8ka.mipt.ru -p xxx' > but in second case it get "user=jeka" and "realm=8ka.mipt.ru" ? > How fix this behaviour ? libsasl splits fully qualified username before it is passed to saslauthd. An alternate fix is to download the cvs version of saslauthd and use -r option which reassembles fully qualified username before it is passed to authentication mechs. -- Igor --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
