On Tue, 15 Mar 2005, Julian W H Osborne wrote:
Dear All,
I'm having some problems getting Cyrus imap to work correctly with sasl and ldap. Using the testsaslauthd command all is okay, username and domain
is passed through. However, when using the imap or pop client only the user part of the login name is passed through, e.g. if username is
[EMAIL PROTECTED] only test is being passed through. I've pasted everything I think is useful.
System details are:
Linux localhost.localdomain 2.6.10-1.770_FC2 #1 Sat Feb 26 21:40:22 EST 2005 i686 i686 i386 GNU/Linux
Fedora Core release 2 (Tettnang)
cyrus-imapd-2.2.10-3.fc2
cyrus-sasl-2.1.18-2.2
Thanks
Julian
testsaslauthd =============
testsaslauthd -u [EMAIL PROTECTED] -p password 0: OK "Success."
Mar 15 16:37:17 localhost slapd[3234]: conn=18 op=3 BIND anonymous mech=implicit ssf=0
Mar 15 16:37:17 localhost slapd[3234]: conn=18 op=3 BIND dn="cn=manager,o=virtual_domain" method=128
Mar 15 16:37:17 localhost slapd[3234]: conn=18 op=3 BIND dn="cn=Manager,o=virtual_domain" mech=SIMPLE ssf=0
Mar 15 16:37:17 localhost slapd[3234]: conn=18 op=3 RESULT tag=97 err=0 text=
Mar 15 16:37:17 localhost slapd[3234]: conn=18 op=4 SRCH base="o=virtual_domain" scope=2 filter="([EMAIL PROTECTED])"
Mar 15 16:37:17 localhost slapd[3234]: conn=18 op=4 SRCH attr=dn
Mar 15 16:37:17 localhost slapd[3234]: conn=18 op=4 SEARCH RESULT tag=101 err=0 nentries=1 text=
Mar 15 16:37:17 localhost slapd[3234]: conn=18 op=5 BIND anonymous mech=implicit ssf=0
Mar 15 16:37:17 localhost slapd[3234]: conn=18 op=5 BIND dn="[EMAIL PROTECTED],ou=it-dept,ou=uk,ou=imsmaxims.com,o=virtual_domain" method=128
Mar 15 16:37:17 localhost slapd[3234]: conn=18 op=5 BIND dn="[EMAIL PROTECTED],ou=it-dept,ou=uk,ou=imsmaxims.com,o=virtual_domain" mech=SIMPLE ssf=0
Mar 15 16:37:17 localhost slapd[3234]: conn=18 op=5 RESULT tag=97 err=0 text=
IMAP Connection =============== telnet localhost 143 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. * OK IMAP . login [EMAIL PROTECTED] password . NO Login failed: authentication failure . logout * BYE LOGOUT received . OK Completed Connection closed by foreign host.
Mar 15 16:38:45 localhost slapd[3234]: conn=19 op=3 BIND anonymous mech=implicit ssf=0
Mar 15 16:38:45 localhost slapd[3234]: conn=19 op=3 BIND dn="cn=manager,o=virtual_domain" method=128
Mar 15 16:38:45 localhost slapd[3234]: conn=19 op=3 BIND dn="cn=Manager,o=virtual_domain" mech=SIMPLE ssf=0
Mar 15 16:38:45 localhost slapd[3234]: conn=19 op=3 RESULT tag=97 err=0 text=
Mar 15 16:38:45 localhost slapd[3234]: conn=19 op=4 SRCH base="o=virtual_domain" scope=2 filter="(uid=test)"
Mar 15 16:38:45 localhost slapd[3234]: conn=19 op=4 SRCH attr=dn
Mar 15 16:38:45 localhost slapd[3234]: conn=19 op=4 SEARCH RESULT tag=101 err=0 nentries=0 text=
imapd.conf (/etc/) ==================
# SASL Features sasl_maximum_layer: 256 sasl_minimum_layer: 0 sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN
# Virtual Domain Support # Default domain defaultdomain: imsmaxims.com
# Toggle virtual domains or or off # tried both userid and yes and on virtdomains: userid
saslauthd.conf (/etc/) ====================== ldap_servers: ldap://127.0.0.1/ ldap_bind_dn: cn=manager, o=virtual_domain ldap_bind_pw: secret ldap_search_base: o=virtual_domain ldap_version: 3 ldap_filter: (uid=%u) --------> have tried [EMAIL PROTECTED] also
Use the following params:
ldap_default_domain: imsmaxims.com ldap_filter: [EMAIL PROTECTED]
cyrus-imapd will drop the domain part if it is the same as defaultdomain. In addition, libsasl will pass fully qualified userids as two separate tokens (user and domain) to saslauthd. So, %u will always be just user without the domain part. You can pass -r to saslauthd for the userid reassembly, but you will still have problems with defaultdomain logins. The above changes to saslauthd.conf should work for you.
-Igor
ldap_scope: sub
Cyrus.conf (/usr/lib/sasl2/) ============================ pwcheck_method:saslauthd
-- Igor --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
