Re: auxprop pwcheck with sasl ldapdb and openldap backend not working

[Дилян Палаузов <dilyan.palauzov@xxxxxxxxx>]

Hello Patrick,

see also https://bugs.openldap.org/show_bug.cgi?id=7419 .

You might have success using password_method: saslauthd, starting saslauthd in PAM mode and then configuring pam_ldap as one of the PAM mechanisms.  Long time ago this worked for me.

Gretings
  Дилян

На 6 ноември 2021 г. 23:38:40 GMT+02:00, PFiver via SASL <sasl@xxxxxxxxxxxxxxxxxx> написа:

... I've arrived here, it seems: https://github.com/cyrusimap/cyrus-sasl/issues/374

.... well no ... I have no clue, ... but anyway .... this seems completely borked .... :-) ... you see: imapd lets me in now without any checks .... it _is_ in fact, of course, not talking to the LDAP ! ... whoa.... scary! :-/ ... maybe I should just stick to dovecot :-\\ ... if only it had cal/carddav

ubuntu@nexus:~$ /usr/lib/cyrus/bin/imtest -m plain -a patricsk -w asdf localhost
S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS AUTH=DIGEST-MD5 AUTH=NTLM AUTH=CRAM-MD5 AUTH=PLAIN AUTH=LOGIN SASL-IR] nexus Cyrus IMAP 3.0.13-Debian-3.0.13-5 server ready
C: A01 AUTHENTICATE PLAIN AHBhdHJpY3NrAGFzZGY=
S: A01 OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxten QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SEARCH=FUZZY SORT SORT=MODSEQ SORT=DISPLAY SORT=UID THREAD=ORDEREDSUBJECT THREAD=REFERENCES THREAD=REFS ANNOTATEMORE ANNOTATE-EXPERIMENT-1 METADATA LIST-EXTENDED LIST-STATUS LIST-MYRIGHTS LIST-METADATA WITHIN QRESYNC SCAN XLIST XMOVE MOVE SPECIAL-USE CREATE-SPECIAL-USE DIGEST=SHA1 X-REPLICATION URLAUTH URLAUTH=BINARY LOGINDISABLED COMPRESS=DEFLATE X-QUOTA=STORAGE X-QUOTA=MESSAGE X-QUOTA=X-ANNOTATION-STORAGE X-QUOTA=X-NUM-FOLDERS IDLE] Success (no protection) SESSIONID=<cyrus-227142-1636234462-1-13065162235787530761>
Authenticated.
Security strength factor: 0
^CC: Q01 LOGOUT
Connection closed.

ubuntu@nexus:~$ /usr/lib/cyrus/bin/imtest -m plain -a foo -w bar localhost
S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS AUTH=DIGEST-MD5 AUTH=NTLM AUTH=CRAM-MD5 AUTH=PLAIN AUTH=LOGIN SASL-IR] nexus Cyrus IMAP 3.0.13-Debian-3.0.13-5 server ready
C: A01 AUTHENTICATE PLAIN AGZvbwBiYXI=
S: A01 OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxten QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SEARCH=FUZZY SORT SORT=MODSEQ SORT=DISPLAY SORT=UID THREAD=ORDEREDSUBJECT THREAD=REFERENCES THREAD=REFS ANNOTATEMORE ANNOTATE-EXPERIMENT-1 METADATA LIST-EXTENDED LIST-STATUS LIST-MYRIGHTS LIST-METADATA WITHIN QRESYNC SCAN XLIST XMOVE MOVE SPECIAL-USE CREATE-SPECIAL-USE DIGEST=SHA1 X-REPLICATION URLAUTH URLAUTH=BINARY LOGINDISABLED COMPRESS=DEFLATE X-QUOTA=STORAGE X-QUOTA=MESSAGE X-QUOTA=X-ANNOTATION-STORAGE X-QUOTA=X-NUM-FOLDERS IDLE] Success (no protection) SESSIONID=<cyrus-227142-1636234480-1-7399361506862257072>
Authenticated.

Nov 06 21:34:22 nexus cyrus/master[227109]: service imaplocal/ipv4 pid 227142: receiving messages from long dead children
Nov 06 21:34:22 nexus cyrus/imaplocal[227142]: login: localhost [127.0.0.1] patricsk PLAIN User logged in SESSIONID=<cyrus-227142-1636234462-1-13065162235787530761>
Nov 06 21:34:22 nexus cyrus/imaplocal[227142]: autocreateinbox: User patricsk, INBOX was successfully created
Nov 06 21:34:26 nexus cyrus/imaplocal[227142]: USAGE patricsk user: 0.008427 sys: 0.014046
Nov 06 21:34:26 nexus cyrus/master[227109]: service imaplocal/ipv4 pid 227142: receiving messages from long dead children

Nov 06 21:34:40 nexus imtest[227143]: ldapdb
Nov 06 21:34:40 nexus imtest[227143]: _sasl_plugin_load failed on sasl_canonuser_init
Nov 06 21:34:40 nexus cyrus/master[227109]: service imaplocal/ipv4 pid 227142: receiving messages from long dead children
Nov 06 21:34:40 nexus cyrus/imaplocal[227142]: login: localhost [127.0.0.1] foo PLAIN User logged in SESSIONID=<cyrus-227142-1636234480-1-7399361506862257072>
Nov 06 21:34:40 nexus cyrus/imaplocal[227142]: autocreateinbox: User foo, INBOX was successfully created

Cyrus / SASL / see discussions + participants + delivery options Permalink