ldap authentication problem
Hi, list I'm using cyrus imapd 2.3.7 with ldap user database and everything works fine in simple case. For user accounts I use ou=users,o=firm. Now I want make admin account in different part of DIT uid=cyrus,ou=virtusers,o=firm but have a problem. My imapd.conf: ... ldap_filter: (uid=%u) ldap_scope: one ldap_base: ou=users,o=firm ldap_tls_cacert_file: /etc/ssl/cacert.pem ldap_sasl: no ldap_uri: ldap://ldap ldap_start_tls: yes pts_module: ldap ... My saslauthd.conf: ldap_servers: ldaps://ldap ldap_tls_cacert_file: /etc/ssl/cacert.pem ldap_search_base: ou=%3,o=%2 ldap_default_realm: users.firm.com ldap_filter: uid=%U saslauthd work fine -- I test it with testsaslauthd. I can authentificate as 'user' '[EMAIL PROTECTED]' and '[EMAIL PROTECTED]' in one ldap DIT. But cyrus imapd works only with short names of users. I test it with imtest. Variations with ldap_filter (uid=%u | uid=%U | uid=%U,ou=%3,o=%2), ldap_scope (one | sub) and ldap_base (ou=users,o=firm | o=firm) in different combinations do not help to make authentication for [EMAIL PROTECTED] Where is problem? Thanks. Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
sync_(client|server) problem
Hi, list
I'm trying to make master-master rolling replication with
sync_(client|server) on two cyrus imapd servers. It's working, but
only when I run sync_client process manually, after cyrus is starting.
When I run it from cyrus.conf START section (as recommended
http://cyrusimap.web.cmu.edu/imapd/install-replication.html) only two
processes start -- idled and sync_client.
Both servers are using ldap database for user accounts and possibly
the problem is in ptloader -- it might not be started before
sync_client. Option -w, for sync_client also, doesn't resolve this
problem.
Can somebody help me?
My system:
FreeBSD 6.1-STABLE
cyrus-imapd-2.3.7
cyrus-sasl-saslauthd-2.1.22
openldap-sasl-client-2.3.27
In debug.log:
Oct 26 13:12:07 jailhost2 sync_client[88131]: received server certificate
Oct 26 13:12:07 jailhost2 sync_client[88131]: ptload(): pinging ptloader
Oct 26 13:12:07 jailhost2 sync_client[88131]: No data available at all from
ptload()
truss output:
gettimeofday({1161868266.654938},0x0)= 0 (0x0)
getpid() = 88131 (0x15843)
sendto(8,"<183>Oct 26 13:11:06 sync_client"...,68,0x0,NULL,0x0) = 68 (0x44)
gettimeofday({1161868266.656500},0x0)= 0 (0x0)
getpid() = 88131 (0x15843)
sendto(8,"<181>Oct 26 13:11:06 sync_client"...,116,0x0,NULL,0x0) = 116 (0x74)
gettimeofday({1161868266.658221},0x0)= 0 (0x0)
read(7,"\^W\^C\^A\0`",5) = 5 (0x5)
read(7,"\\V\M-qF\M^M.\M^M\240\M-aTO\M-S"...,96) = 96 (0x60)
stat("/var/imap/ptclient/ptscache.db",{mode=-rw---
,inode=376856,size=32768,blksize=4096}) = 0 (0x0)
open("/var/imap/ptclient/ptscache.db",O_RDWR,00) = 14 (0xe)
fcntl(14,F_SETFD,FD_CLOEXEC) = 0 (0x0)
read(14,"\^A\0\0\0\M-%X\^D\0\0\0\0\0b1\^E"...,512) = 512 (0x200)
close(14)= 0 (0x0)
open("/var/imap/ptclient/ptscache.db",O_RDWR|O_CREAT,00) = 14 (0xe)
fcntl(14,F_SETFD,FD_CLOEXEC) = 0 (0x0)
fstat(14,{mode=-rw--- ,inode=376856,size=32768,blksize=4096}) = 0 (0x0)
gettimeofday({1161868266.713132},0x0)= 0 (0x0)
gettimeofday({1161868266.713730},0x0)= 0 (0x0)
getpid() = 88131 (0x15843)
sendto(8,"<183>Oct 26 13:11:06 sync_client"...,67,0x0,NULL,0x0) = 67 (0x43)
socket(PF_LOCAL,SOCK_STREAM,0) = 15 (0xf)
fcntl(15,F_GETFL,) = 2 (0x2)
fcntl(15,F_SETFL,O_NONBLOCK|0x2) = 0 (0x0)
connect(15,{ AF_UNIX "/var/imap/ptclient/ptsock" },106) ERR#61 'Connection
refused'
gettimeofday({1161868266.717179},0x0)= 0 (0x0)
getpid() = 88131 (0x15843)
sendto(8,"<179>Oct 26 13:11:06 sync_client"...,103,0x0,NULL,0x0) = 103 (0x67)
close(15)= 0 (0x0)
gettimeofday({1161868266.719725},0x0)= 0 (0x0)
getpid() = 88131 (0x15843)
sendto(8,"<183>Oct 26 13:11:06 sync_client"...,79,0x0,NULL,0x0) = 79 (0x4f)
close(14)= 0 (0x0)
gettimeofday({1161868266.721774},0x0)= 0 (0x0)
getpid() = 88131 (0x15843)
sendto(8,"<179>Oct 26 13:11:06 sync_client"...,108,0x0,NULL,0x0) = 108 (0x6c)
gettimeofday({1161868266.723592},0x0)= 0 (0x0)
getpid() = 88131 (0x15843)
sendto(8,"<37>Oct 26 13:11:06 sync_client["...,64,0x0,NULL,0x0) = 64 (0x40)
gettimeofday({1161868266.725660},0x0)= 0 (0x0)
getpid() = 88131 (0x15843)
sendto(8,"<179>Oct 26 13:11:06 sync_client"...,104,0x0,NULL,0x0) = 104 (0x68)
close(7) = 0 (0x0)
write(2,"Can not connect to server 'imapn"...,75) = 75 (0x4b)
My configs from second node (first have same configs, exclude
sync_host and sync_machid, of course):
imapd.conf:
auth_mech: pts
hashimapspool: 1
sasl_mech_list: login plain
ldap_filter: (uid=%u)
allowallsubscribe: yes
ldap_scope: one
ldap_base: ou=users,o=firm
sievedir: /var/imap/sieve
sasl_pwcheck_method: saslauthd
configdirectory: /var/imap
sievenotifier: log
defaultdomain: firm.com
defaultacl: anyone lrswip
debug_command: /usr/bin/truss /usr/local/cyrus/bin/%s %d >
/var/tmp/truss.cyrus.%s.%d 2>&1
tls_key_file: /usr/local/etc/cyrus/ssl/imap.firm.com.key
flushseenstate: yes
ldap_tls_cacert_file: /etc/ssl/cacert.pem
ldap_sasl: no
mailnotifier: log
expunge_mode: delayed
partition-default: /usr/home
LMTP timeout?
Hello, right now I'm receiving a lot of lines like this in my exim log: 2006-10-26 20:08:09 1Gd9YI-0004rv-FN == [EMAIL PROTECTED] R=mailbox_cyrus T=mailbox_lmtpunix defer (-1): LMTP timeout after end of data (20671 bytes written) 2006-10-26 20:08:09 1Gd9Xx-0004lb-1g == [EMAIL PROTECTED] R=mailbox_cyrus T=mailbox_lmtpunix defer (-1): LMTP timeout after end of data (20561 bytes written) 2006-10-26 20:08:09 1Gd9Xx-0004lk-Cf == [EMAIL PROTECTED] R=mailbox_cyrus T=mailbox_lmtpunix defer (-1): LMTP timeout after end of data (20804 bytes written) 2006-10-26 20:08:09 1Gd9YO-0004v8-GM == [EMAIL PROTECTED] R=mailbox_cyrus T=mailbox_lmtpunix defer (-1): LMTP timeout after end of data (20884 bytes written) Why does LMTP time out? Is it after a certain load? Or after a certain time? Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: sync_(client|server) problem
Looks like the syslog messages probably cover why sync_client is having problems. However, I think common wisdom is that sync_client should be started separately from cyrus master, because the sync_client process dies. Since it dies, you should plan on restarting it, monitoring whether it's still running, etc. If you're experiencing an ordering problem with ptloader, sync_client after cyrus master will probably solve this problem for you. :wes On 26 Oct 2006, at 09:42, Dmitriy Kirhlarov wrote: I'm trying to make master-master rolling replication with sync_(client|server) on two cyrus imapd servers. It's working, but only when I run sync_client process manually, after cyrus is starting. When I run it from cyrus.conf START section (as recommended http://cyrusimap.web.cmu.edu/imapd/install-replication.html) only two processes start -- idled and sync_client. Both servers are using ldap database for user accounts and possibly the problem is in ptloader -- it might not be started before sync_client. Option -w, for sync_client also, doesn't resolve this problem. Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: LMTP timeout?
On 2006-10-26 at 20:12 +0200, Marten Lehmann wrote: > 2006-10-26 20:08:09 1Gd9YO-0004v8-GM == [EMAIL PROTECTED] R=mailbox_cyrus > T=mailbox_lmtpunix defer (-1): LMTP timeout after end of data (20884 > bytes written) > > Why does LMTP time out? Is it after a certain load? Or after a certain time? That's an Exim complaint. The receiver didn't respond within Exim's time limit. The default is 5 minutes, you can change it with the "timeout" option on the transport (the one you've called mailbox_lmtpunix). So the question is why the lmtp service isn't returning soon enough. For that, you'll need to look at your system as a whole. _Perhaps_ upping prefork on the service entry in cyrus.conf will let things flow better by reducing the spike loads, perhaps it'll make things worse. Regards, -Phil Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: LMTP timeout?
Hello, That's an Exim complaint. The receiver didn't respond within Exim's time limit. The default is 5 minutes, you can change it with the "timeout" option on the transport (the one you've called mailbox_lmtpunix). is there a timeout at lmtpd or will it deliver a message no matter how much time it takes? Does lmtpd have an upper limit of concurrent connections besides the limits from the operation system or maxchild-options in cyrus.conf? Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Message contains invalid header
Hello, If it's mails from the broken Lotus Notes client that's the problem (and they're the only ones we saw here), it's caused by a null Message-ID header; just have your SMTP server remove those. no, it is not just at mails from Notes clients. I also get this error on messages with correct Message-ID. We cannot simply refuse mails because some clients don't implement the standards 100% correctly. Our users still need the mails and every mailclient can handle it even with errors. And even Cyrus does handle it if I'm putting such a message in the mailbox and do a reconstruct! So why is it refused at lmtp time? How can I disable this? It is really important for me! Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Message contains invalid header
On Thu, 26 Oct 2006, Marten Lehmann wrote: Hello, If it's mails from the broken Lotus Notes client that's the problem (and they're the only ones we saw here), it's caused by a null Message-ID header; just have your SMTP server remove those. no, it is not just at mails from Notes clients. I also get this error on messages with correct Message-ID. We cannot simply refuse mails because some clients don't implement the standards 100% correctly. Our users still need the mails and every mailclient can handle it even with errors. And even Cyrus does handle it if I'm putting such a message in the mailbox and do a reconstruct! So why is it refused at lmtp time? How can I disable this? It is really important for me! Find the code in the source of Cyrus and modify it. There is no runtime option to disable this. Andy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Message contains invalid header
Hello, What MTA do you use? exim. It can handle even emails with NUL characters and 8bit headers, but I guess all up2date MTAs (like postfix or sendmail) are capable of this. Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Sieve Vacation not working (filter does work)
Hello Georg Did you use umlauts or other non 8 bit characters in the vacation text (that was my problem at the beginning)? Regards, Martin 2006/10/24, Georg Glas <[EMAIL PROTECTED]>: Hi list, i have a cyrus 2.2.12 installation (debians kolab-cyrus-imapd package with AutoCreate Inbox patch). It seems that every filter works but the vacation action is simply ignored. When email is delivered i see an stat/open syscall for the script, and the precompiled script seems to be parsed, but no execve call/stat call for sendmail binary or such. the script itself is really simple: require "vacation"; vacation :days 7 :addresses [ "[EMAIL PROTECTED]", "[EMAIL PROTECTED]"] "Out of office ..."; Any hints ? regards. Georg Glas Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html -- Martin Schweizer [EMAIL PROTECTED] Fax: +1 619 3300587 Tel.: +1 619 3300597 (VoIP) Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
(no subject)
Hi there. What does it mean? I use virtuals domains,. Create the user [EMAIL PROTECTED] # saslpasswd2 -c [EMAIL PROTECTED] Password: Again (for verification): Good. # ./sasldblistusers2 [EMAIL PROTECTED]: cmusaslsecretOTP [EMAIL PROTECTED]: cmusaslsecretOTP [EMAIL PROTECTED]: cmusaslsecretOTP [EMAIL PROTECTED]: cmusaslsecretOTP [EMAIL PROTECTED]: userPassword [EMAIL PROTECTED]: userPassword [EMAIL PROTECTED]: userPassword [EMAIL PROTECTED]: userPassword Good. But! # telnet localhost 110 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. +OK mow.strs.ru Cyrus POP3 v2.2.12 server ready <[EMAIL PROTECTED]> user [EMAIL PROTECTED] -ERR [AUTH] Invalid user user test +OK Name is a valid mailbox What do I incorrect? Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: (no subject)
Hi!
I'm new to all this, but don't you need to create the actual mailbox
using cyradm too?
cyradm -user localhost
createmailbox [EMAIL PROTECTED]
saslpasswd2 only adds passwords if I understand this correctly.
Your successful check ("user test") tells you that your localhost
(mow.strs.ru) has a mailbox by the name "test", so "user
[EMAIL PROTECTED]" would probably be successful too.
Kind regards,
Ted Lyngmo
A Clockwork Orange wrote:
Hi there.
What does it mean?
I use virtuals domains,.
Create the user [EMAIL PROTECTED]
# saslpasswd2 -c [EMAIL PROTECTED]
Password:
Again (for verification):
Good.
# ./sasldblistusers2
[EMAIL PROTECTED]: cmusaslsecretOTP
[EMAIL PROTECTED]: cmusaslsecretOTP
[EMAIL PROTECTED]: cmusaslsecretOTP
[EMAIL PROTECTED]: cmusaslsecretOTP
[EMAIL PROTECTED]: userPassword
[EMAIL PROTECTED]: userPassword
[EMAIL PROTECTED]: userPassword
[EMAIL PROTECTED]: userPassword
Good.
But!
# telnet localhost 110
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
+OK mow.strs.ru Cyrus POP3 v2.2.12 server ready <[EMAIL PROTECTED]>
user [EMAIL PROTECTED]
-ERR [AUTH] Invalid user
user test
+OK Name is a valid mailbox
What do I incorrect?
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
virtual domains
Cyradm can not create virtual mailbox! Why? localhost.strs.ru> cm [EMAIL PROTECTED] createmailbox: Permission denied localhost.strs.ru> Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Cyrus started
Oct 27 10:08:58 mow master[17342]: process started Oct 27 10:08:58 mow master[4984]: about to exec /usr/local/libexec/cyrus-imapd/ctl_cyrusdb Oct 27 10:08:59 mow ctl_cyrusdb[4984]: recovering cyrus databases Oct 27 10:09:03 mow ctl_cyrusdb[4984]: done recovering cyrus databases Oct 27 10:09:04 mow master[17342]: service not supported for ai_socktype, disabling sieve Oct 27 10:09:04 mow master[17342]: ready for work Oct 27 10:09:04 mow master[13214]: about to exec /usr/local/libexec/cyrus-imapd/ctl_cyrusdb Oct 27 10:09:04 mow ctl_cyrusdb[13214]: checkpointing cyrus databases Oct 27 10:09:04 mow ctl_cyrusdb[13214]: archiving database file: /var/imap/annotations.db Oct 27 10:09:04 mow ctl_cyrusdb[13214]: DBERROR: error listing log files: Permission denied Oct 27 10:09:04 mow ctl_cyrusdb[13214]: DBERROR: archive /var/imap/db: cyrusdb error Oct 27 10:09:04 mow ctl_cyrusdb[13214]: archiving database file: /var/imap/mailboxes.db Oct 27 10:09:04 mow ctl_cyrusdb[13214]: DBERROR: error listing log files: Permission denied Oct 27 10:09:04 mow ctl_cyrusdb[13214]: DBERROR: archive /var/imap/db: cyrusdb error Oct 27 10:09:04 mow ctl_cyrusdb[13214]: done checkpointing cyrus databases Oct 27 10:09:04 mow master[17342]: process 13214 exited, status 1 Where are these error from? I tried to set 777 for /var/imap. It did not help. Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: (no subject)
Hi Quoting A Clockwork Orange <[EMAIL PROTECTED]>: Hi there. What does it mean? I use virtuals domains,. Create the user [EMAIL PROTECTED] # saslpasswd2 -c [EMAIL PROTECTED] Password: Again (for verification): Good. # ./sasldblistusers2 [EMAIL PROTECTED]: cmusaslsecretOTP [EMAIL PROTECTED]: cmusaslsecretOTP [EMAIL PROTECTED]: cmusaslsecretOTP [EMAIL PROTECTED]: cmusaslsecretOTP [EMAIL PROTECTED]: userPassword [EMAIL PROTECTED]: userPassword [EMAIL PROTECTED]: userPassword [EMAIL PROTECTED]: userPassword Good. But! # telnet localhost 110 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. +OK mow.strs.ru Cyrus POP3 v2.2.12 server ready <[EMAIL PROTECTED]> user [EMAIL PROTECTED] -ERR [AUTH] Invalid user user test +OK Name is a valid mailbox What do I incorrect? Did you create the INBOX for [EMAIL PROTECTED] What does Cyradm return wenn you call "lm" Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html M.Menge Tel.: (49) 7071/29-70316 Universitaet Tuebingen Fax.: (49) 7071/29-5912 Zentrum fuer Datenverarbeitung mail: [EMAIL PROTECTED] Waechterstrasse 76 72074 Tuebingen smime.p7s Description: S/MIME krytographische Unterschrift Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
