How about backing up the ldap directory, resetting the passwords to a
known (to you) password, do the transition, and restore the directory?
If thats not possible, how about setting up a new temporary directory
with your user accounts and the known password, temporarily point cyrus
to it until
William K. Hardeman wrote:
No, you have to give your MTA the rights to post into it, which is
what the 'anyone p' right does. Giving yourself full rights just
allows you to do anything with the box, but doesn't allow any other
access.
More specifically, you aren't giving your MTA access, you ar
Sava,
Thanks, I had a quick look at what you had there. Looks good. Perhaps I
won't have to reinvent the wheel.
Thanks again,
Tim
Sava Chankov wrote:
Tim Pushor wrote:
No, ldap.c doesn't work for me at all. If there are no memberOf
attributes, it dies and user authentication fa
Rob Siemborski wrote:
On Thu, 22 Jan 2004, Tim Pushor wrote:
So nobody knows how to do this? I have looked through the list archives
and this has come up several times, with no solutions.
I am trying to figure out how to use the new experimental ldap pts code
in 2.2.3 but I first of all can&#
have tried group:xxx syntax, @group (from an old possible recollection
of days of old), nothing seems to work.
Tim Pushor wrote:
This may sound stupid, but what is the syntax assigning a group to an
ACL in cyradm?
I saw the group:xxx syntax in the docs for 2.2.3, but I think that I
interpreted
This may sound stupid, but what is the syntax assigning a group to an
ACL in cyradm?
I saw the group:xxx syntax in the docs for 2.2.3, but I think that I
interpreted that wrong.
Thanks,
Tim
Igor Brezac wrote:
You could use ldap_whoami() instead of the first query.
Where does that come from?
You do not need to do anything with this. The identifier is passed to pts
for canonicalization, the group is not validated.
I don't see this in ldap.c. The identifier group
Igor Brezac wrote:
I see. I did not realize you were going to retrieve groups with another
search filter. This should work.
Yeah, I'm sure it will. I wish I could do it in one query though.. How
often does the ptloader get called on? Will the pts cache here help at
all? What exactly does
Igor Brezac wrote:
I do not see how this is going to work within cyrus context. You will
need to change a lot more than just ptloader/ldap code for this to work.
Perhaps I don't understand everything involved, but ptloader now just
finds the user record via user defineable filter, and only c
I have determined that the way its currently setup (the ldap ptloader)
won't do what I want, so I am in the process of rewriting it for my needs.
Interesting. Why is that? (Not using it myself right now, but would
like to at some point.)
Because it relies on a user having multiple member
I am assuming by the lack of response that no-one really cares (at least
at this point) about LDAP group based authorization.
I have determined that the way its currently setup (the ldap ptloader)
won't do what I want, so I am in the process of rewriting it for my needs.
I am wondring if there
Ok, after doing some hunting, I found out that my imapd was not being
built with the experimental ldap pts module because:
1) For some reason my openldap wasn't installing the liblutil & related
header files, and
2) the --with-ldap=/usr/local configure option wasn't enough for
configure to see
I am trying to build the new release of cyrus-imapd, and the compile is
failing trying to enable the ldap authorization.
I am trying to link it against OpenLDAP 2.1.23.
My configure command line:
./configure \
--with-bdb-libdir=/usr/local/BerkeleyDB.4.1/lib\
--with-bdb-incdir=/usr/local/Berkele
I'm not sure, but I'd give it a try.
Norman Zhang wrote:
I would also make sure that master is running - telnet localhost 143
should give you a banner similar to:
* OK host.domain.com Cyrus IMAP4 v2.1.15 server ready
Oh okay. I disable port 143 (imap) in favor of 993 (imaps). Does
cyradm onl
I would also make sure that master is running - telnet localhost 143
should give you a banner similar to:
* OK host.domain.com Cyrus IMAP4 v2.1.15 server ready
Jason Williams wrote:
I'm pretty sure you need to specify a user that you are going to be
connecting with.
You also need to make sure
I too have had this problem in the past. I have had to migrate cyrus ->
cyrus, and Groupwise -> cyrus (at least that was the right direction ;-).
I cound imapcopy indespensable and the only thing that did the right
thing with groupwise.
http://home.arcor.de/armin.diehl/imapcopy/imapcopy.html
T
, whose
'subfolders' (Drafts, Sent, Sent Items (yes, redundant), and Trash) work
fine...
URL: http://www.starchefs.com/sm/src/loginframeset.php(same as above)
User: jessietest
Pass: foobarbaz
Help! :(
On Mon, 29 Dec 2003, Ken Murchison wrote:
JLB wrote:
On Mon, 29 Dec 20
What mail client are you using? Is the user perhaps not subscribed to
those folders? Try checking their subscriptions.
To be perfect honest (even though it is rather embarrasing) I don't
really understand subscriptions, even though I've been using Cyrus for
years ;-)
I just had a little stint
Now that I have sufficiently embarrassed myself by admitting that I
really don't know what IMAP subscriptions are for:
What exactly are IMAP subscriptions for? ;-)
Thanks,
Tim
I am currently writing a backup script that selectively backs up
portions of the cyrus imap system, and was wondering what exactly the
stage. directory is for? Mine has nothing in it. Will it ever have? Will
it get created automatically if I don't back it up?
I am running 2.1.15.
Thanks,
Tim
I'm no expert, but I would check the file permissions on both
/var/spool/imap and /var/imap
Tim
Jay Drake wrote:
It now seems as though things are running and I am trying to create
mailbox for my initial users. My current imapd.conf is:
configdirectory: /var/imap
partition-default: /var/spool
Patrick,
What version of Berkeley (Sleepycat) DB were you using? What OS?
Thanks,
Tim
Patrick Boutilier wrote:
duplicate? mboxlist? seen? subs? tls?
db3_nosync, skiplist, skiplist, flat, db3_nosync
I had nothing but trouble using db3_nosync for duplicate so I would
suggest using skiplis
Rob Siemborski wrote:
On Mon, 18 Nov 2002, Tim Pushor wrote:
I have done some research on the skiplist algorithm, but am wondering
about the cyrus implementation. Is it stable?
I didn't know anyone else was implementing a persistant skiplist. Our
implementation is stable (
All,
Hello, and I must first apologize because I know that what I am asking
has been covered before, but I am having a difficult time finding
information in the archives.
I am still running the 1.6 branch on all of my production servers, and
want to bring everything up to 2.1. I have resisted
Good point :)
-Original Message-
From: Lawrence Greenfield [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 21, 2002 7:01 PM
To: 'David Wright'; 'Cyrus-Info'; Tim Pushor
Subject: Re: imapd timeout
From: "Tim Pushor" <[EMAIL PROTECTED]>
Date: T
I wonder how many IMAP processes are short lived enough to make a
difference? I know at least on my servers they are fairly long running.
POP servers are another story..
Tim
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Lawrence
Greenfield
Sent: Tues
try sasl_pwcheck_method: sasldb
- Original Message -
From: "Phil Dibowitz" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, May 21, 2002 4:18 PM
Subject: Re: Secure Imap Problems
> Alright, brand-spankin' new Cyrus-imap 2.0.16 installed from source.
>
> I want to get regular i
-
From: "Gary Mills" <[EMAIL PROTECTED]>
To: "Tim Pushor" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Tuesday, May 14, 2002 7:20 AM
Subject: Re: 2.1.4 + sendmail + lmtp
> On Tue, May 14, 2002 at 06:59:22AM -0600, Tim Pushor wrote:
> >
> >
Hi all,
I have been playing with 2.1 and have gotten to where I have to configure
sendmail for local delivery. I am still running 1.6 in production, and have
never used lmtp.
I am running sendmail 8.12.3, and looking through cf/README I see that the
only mention of lmtp is in the feature local_l
What OS are you running? I am running FreeBSD, and it doesn't support
O_DSYNC. It seems that this flag ensures that writes to this fd ensure
filesystem metadata is written out to disk with every write.
I added a #define O_DSYNC O_FSYNC to config.h. I don't think this will hurt
anything but perhap
cyrusdb_skiplist.c: In function `getsyncfd':
cyrusdb_skiplist.c:190: `O_DSYNC' undeclared (first use in this
function)
FreeBSD doesn't support O_DSYNC - is there any risk in redefining it to
O_FSYNC?
Would it stand to reason that platforms that don't support fdatasync
would also not support O_D
I have resisted getting involved in this discussion thus far, but now feel
that I must thow in my .135 $CDN.
IMO Neither approach is flat out wrong, but I must concede, I cannot find
many reasons to condone running external utilities from sieve.
AFAIC this opens a can of worms best left closed.
SASL2 will authenticate via pam if you use saslauthd
(from memory, might not be entirely correct)
./configure --with-saslauthd --with-pam
Then run saslauthd with the -a pam arg (check saslauthd.8)
And use pwcheck_method=saslauthd
Tim
- Original Message -
From: "Luc de Louw" <[EMAIL P
Is there any way to trace what SASL is doing?
I am trying to get simon's ldap auxprop patch working, and it isn't. All I
am seeing in syslog is
badlogin: localhost[127.0.0.1] plaintext timp SASL(-13): user not found:
checkpass failed
If I new what SASL was trying to do, I could probably figure
While we're on the subject of SASL and authorization/authentication, if
Cyrus IMAP has abstracted authentication through SASL, why is the group ACL
still handled locally (in Cyrus) via UNIX groups or Kerberos?
I would really like to base group ACL's on the same scheme that
authentication is using
List,
This is mostly a LDAP question, but it does pertain to Cyrus IMAP and SASL.
I am trying to get Cyrus + Simon's auxprop LDAP patch + OpenLDAP working
together. I have never used LDAP. I understand its concept.
What I really want to know, is how do you get the users password into the
LDAP d
Stupid question alert:
This is my first foray into LDAP. I am starting by building LDAP (which
is required by SASL, with Simon's auxprop patch), but the docs for
building LDAP say that LDAP won't be V3 compliant 'unless OpenLDAP's
configure detects a usable Cyrus SASL installation'? Chicken and
While we are talking about taking cyrus and SASL to the next level, is there
any plan to remove the dependance that Cyrus has on UNIX groups for group
based ACL's?
- Original Message -
From: "Jeremy Howard" <[EMAIL PROTECTED]>
To: "Christopher D. Audley" <[EMAIL PROTECTED]>; "Cyrus Mailing
I would think that virus scanning and attachment blocking should be part of
the MTA. Failing that, it could be sandwitched between MTA and local
delivery agent.
A user could have contracted the virus before the being scanned using a poll
type method.
FWIW, I am currently working on getting Virge
The cert is bound to a DNS name. If from the inside you can make the box
respond to the same name as from the ouside, your problem will go away.
Tim
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of chirs charter
Sent: Monday, September 17, 2001 10:32 AM
T
You may also want to check /usr/local/lib/sasl/Cyrus.conf, and if you plan
on using SMTP Auth: /usr/local/lib/sasl/Sendmail.conf
Tim
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Andrew Barnes
Sent: Tuesday, June 12, 2001 11:33 PM
To: [EMAIL PROTECTED]
I for one would vote for adding functionality into the SASL API.
When I took my users out of my system accounts database and moved them into
sasldb, all of a sudden I lost the ability to grant ACL's to groups -
because SASL doesn't have any notion of anything but password secrets (and
cyrus still
I routinely download large messages from a cyrus mailstore (currently cyrus
1.6.22)
I would check your operating system(s) for network errors.
Tim
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Olaf
Zaplinski
Sent: Thursday, March 22, 2001 3:41 PM
To:
I just did this with sendmail 8.11.1:
You need to compile sendmail with _FFR_UNSAFE_SASL defined to enable a new
DontBlameSendmail option to relax the permission check on the sasldb.
For example, in the sendmail source distribution
Create a site.config.m4 in the devtools/Site directory that con
I asked this question once before and got no answer, so I am going to pose
it again:
Now that Cyrus has moved to SASL, how do group rights on ACL's work? I now
have a sasldb full of users and I want to use group based rights to grant
access to shared folders..
Is it just me or does it seem like
Hello,
I just upgraded Cyrus IMAP 1.5.x to 1.6.22 on a small server with only a few
dozen users. The only problem I am currently having is that folder
subscriptions are kept inside a directory named the first letter of the
username. This directory is not automatically created with cyradm. IMAP
su
46 matches
Mail list logo
