Hy all, I'm still trying to manage and configure authorization using ldap groups without success on cyrus 2.3.7 ... :( sasl authentication works fine with ldap and saslauthd. I've changed my groups on ldap to be easily configurated : dn: cn=mongroupe,ou=groups,o=mydomain,dc=fr objectClass: top objectClass: groupOfNames description: Test cn: mongroupe member: uid=toto1 member: uid=toto2 in my imapd.conf : If i use only it : sasl_pwcheck_method: saslauthd Authentication works. If I add it for authorization : auth_mech: pts pts_module: ldap ldap_sasl: 1 ldap_uri: ldap.mydomain.com ldap_mech: PLAIN DIGEST-MD5 CRAM-MD5 LOGIN ldap_base: o=mydomain,dc=fr ldap_group_base: ou=groups,o=mydomain,dc=fr ldap_group_filter: cn=%U ldap_member_filter: uid=%U ldap_group_scope: sub ldap_member_method: filter I get problem to open cyradm : Feb 16 11:48:48 imaptest perl: GSSAPI Error: Miscellaneous failure (see text) (No such file or directory) Feb 16 11:48:50 imaptest imap[11070]: DBERROR db4: /var/imap/ptclient/ptscache.db: unexpected file type or format Feb 16 11:48:50 imaptest imap[11070]: DBERROR: opening /var/imap/ptclient/ptscache.db: Invalid argument Feb 16 11:48:50 imaptest imap[11070]: DBERROR: opening /var/imap/ptclient/ptscache.db: cyrusdb error Feb 16 11:48:50 imaptest imap[11070]: ptload completely failed: unable to canonify identifier: cyrus Feb 16 11:48:50 imaptest imap[11070]: badlogin: localhost.mydomain.com [::1] DIGEST-MD5 [SASL(-13): authentication failure: unable canonify user and get auxprops] Feb 16 11:48:53 imaptest perl: No worthy mechs found I don't get exactly what i need to be able to configure groups...!! Can someone help me, please? ---------- Debut du message initial ----------- De : info-cyrus-bounces@xxxxxxxxxxxxxxxxxxxx A : "hans.moser" hans.moser@xxxxxxxxxxxxxxxxxxxxxxxx Copies : "info-cyrus" info-cyrus@xxxxxxxxxxxxxxxxxxxx Date : Fri, 2 Feb 2007 09:56:14 +0100 Objet : Re: Cyrus Imapd shared folders question [auf Viren überprüft] > > Thanks! > > I will try with your configuration! > > ldapsearch -x -h ldap.mydomain.com -b > ou=groups,o=mydomain,dc=fr cn=mongroupe > > Give me that result : > # extended LDIF > # > # LDAPv3 > # base <ou=groups,o=mydomain,dc=fr> with scope subtree > # filter: cn=mongroupe > # requesting: ALL > # > > # mongroupe, groups, mydomain, fr > dn: cn=mongroupe,ou=groups,o=mydomain,dc=fr > objectClass: top > objectClass: groupOfNames > description: Test > cn: mongroupe > member: cn=toto,ou=users,o=mydomain,dc=FR > member: cn=toto2,ou=users,o=mydomain,dc=fr > > # search result > search: 2 > result: 0 Success > > # numResponses: 2 > # numEntries: 1 > > > > And ldapsearch -x -h ldap.mydomain.com -b > ou=users,o=mydomain,dc=fr cn=toto2 > > > # extended LDIF > # > # LDAPv3 > # base <ou=users,o=mydomain,dc=fr> with scope subtree > # filter: cn=toto2 > # requesting: ALL > # > > # toto2, users, mydomain, fr > dn: cn=toto2,ou=users,o=mydomain,dc=fr > o: mydomain > initials: toto > givenName: toto2 > street: my street > sn: TEST2 > ou: mydomain > l: there > mail: toto2@xxxxxxxxxxxx > facsimileTelephoneNumber: 333 > objectClass: top > objectClass: person > objectClass: organizationalPerson > objectClass: inetOrgPerson > objectClass: Person > uid: toto2 > postalCode: 555658 > cn: toto2 > st: Nord > > # search result > search: 2 > result: 0 Success > > # numResponses: 2 > # numEntries: 1 > > > Here is the Ldif structure for my groups : > dn: cn=mongroupe, ou=groups, o=mydomain,dc=fr > description: Test > objectClass: top > objectClass: groupOfNames > member: cn=toto,ou=users,o=mydomain,dc=FR > member: cn=toto2,ou=users,o=mydomain,dc=fr > cn: mongroupe > > > > So how can i make my filter on group and member? > > > > > ---------- Debut du message initial ----------- > > De : "Hans Moser" hans.moser@xxxxxxxxxxxxxxxxxxxxxxxx > A : "jc.duss59@xxxxxxxxxxx" jc.duss59@xxxxxxxxxxx > Copies : "info-cyrus" info-cyrus@xxxxxxxxxxxxxxxxxxxx > Date : Thu, 01 Feb 2007 18:30:53 +0100 > Objet : Re: Cyrus Imapd shared folders question [auf Viren > überprüft] > > > jc.duss59@xxxxxxxxxxx schrieb: > > > > > Jan 31 17:59:37 imaptest ptloader[726]: > > > ldap_sasl_interactive_bind() failed 16 (No such attribute). > > > Jan 31 17:59:37 imaptest imap[727]: ptload(): bad response > > > from ptloader server: ptsmodule_connect() failed > > > Jan 31 17:59:37 imaptest imap[727]: ptload completely failed: > > > unable to canonify identifier: toto2 > > > Jan 31 17:59:37 imaptest imap[727]: badlogin: [10.1.45.1] > > > plaintext toto2 invalid user > > Please show the toto2 entry from your ldap server. > > > > # ldapsearch -x -h ldap.mydomain.com -b > ou=users,o=myorg,dc=fr uid=toto2 > > > > you must have anonymous read access to uid. > > > > I use this in imapd 2.2.12 (ldapdb and pts): > > > > sasl_log_level: 5 > > sasl_pwcheck_method: auxprob > > sasl_auxprob_plugin: ldapdb > > sasl_ldapdb_uri: ldap://foo > > sasl_ldapdb_id: human > > sasl_ldapdb_pw: pw > > sasl_ldapdb_mech: PLAIN DIGEST-MD5 CRAM-MD5 LOGIN > > allowplaintext: yes > > sasl_minimum_layer: 0 > > sasl_ldapdb_starttls: Demand > > sasl_ldap_search_base: ou=humans,ou=bar > > sasl_ldap_search_filter: maildrop=%U > > tls_cert_file: foo.pem > > tls_key_file: foo6.pem > > tls_ca_file: foo06.pem > > tls_ca_path: ssl/ca > > # > > # ptloader ldap: > > ldap_id: human > > ldap_sasl: 1 > > ldap_password: pw > > ldap_uri: ldap://foo > > ldap_mech: PLAIN DIGEST-MD5 CRAM-MD5 LOGIN > > ldap_start_tls: 1 > > ldap_tls_cacert_file: foo.pem > > ldap_tls_cert: foo6.pem > > ldap_tls_key: foo06.pem > > ldap_base: ou=humans,ou=bar > > ldap_group_base: ou=gruppen,ou=humans,ou=bar > > ldap_group_filter: ou=%U > > ldap_member_attribute: member > > ldap_group_scope: sub > > ldap_member_method: attribute > > > > > > Hans > > > > Envoyez vos cartes de voeux depuis www.laposte.net > Elles seront ensuite distribuées par le facteur : pratique et malin ! > > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > Envoyez vos cartes de voeux depuis www.laposte.net Elles seront ensuite distribuées par le facteur : pratique et malin ! ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
