it uses pam to store some stuff in a mysql 5.1 DB.
i can only login with imtest when i create the user I created with saslpasswd2 and "cm user.*" also create this user in the DB,
which was installed during the web-cyradmin installation.
Do I understand right that I have the db with the user accounts on the frontend and the mailboxes on the backend, so I dont need any DB and accounts in the sasldb1 on the backend?
Another point is that I cant delete any user with dm, it asks for a password, when i enter the correct one it asks again until i enter a wrong one..!
not an easy setup, but its making progress...
here are my config file:
frontend/mupdater
admins: cyrus cyrus-frontend cyrus-backend
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
#admins: cyrus
sievedir: /var/lib/imap/sieve
sendmail: /usr/sbin/sendmail
hashimapspool: true
##
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN LOGIN DIGEST-MD5
sasl_auxprop_plugin: sasldb
sasl_minimum_layer: 0
sasl_auto_transition: no
#sasl_pwcheck_method: auxprop
#sasl_auxprop_plugin: sasldb
#sasl_auxprop_plugin: sql
#sasl_sql_engine: mysql
#sasl_sql_hostnames: localhost
#sasl_sql_user: sqlpassword
#sasl_sql_database: cyrus
#sasl_sql_verbose: no
#sasl_sql_select: SELECT password FROM cyrus_mail WHERE username = '%u' AND active='1'
#sasl_sql_usessl: 0
#allowplaintext: yes
tls_cert_file: /etc/pki/cyrus-imapd/cyrus- imapd.pem
tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt
postmaster: postmaster
allowanonymouslogin: no
allowplaintext: yes
# servername: localhost
autocreatequota: 10000
reject8bit: no
quotawarn: 90
timeout: 30
poptimeout: 10
dracinterval: 0
drachost: localhost
sieve_maxscriptsize: 32
sieve_maxscripts: 5
#unixhierarchysep: yes
#tls_ca_file:/var/lib/imap/server.pem
#tls_cert_file:/var/lib/imap/server.pem
#tls_key_file:/var/lib/imap/server.pem
realm: mailfarm21.local
##################
# MUPDATE Master #
##################
servername: mail2.mailfarm21.local
# hier kommt der backend server
proxy_authname: cyrus-frontend
mail1_password: secret
proxy_password: secret
#proxyservers: mail1.mailfarm21.local
proxyd_disable_mailbox_referrals: 1
## mupdate client?
mupdate_server: mail2.mailfarm21.local
mupdate_port: 3905
mupdate_username: cyrus-frontend
mupdate_authname: cyrus-frontend
mupdate_password: secret
backend:
admins: cyrus cyrus-frontend cyrus-backend
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
sievedir: /var/lib/imap/sieve
sendmail: /usr/sbin/sendmail
hashimapspool: true
tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt
postmaster: postmaster
allowanonymouslogin: no
allowplaintext: yes
servername: localhost
autocreatequota: 10000
reject8bit: no
quotawarn: 90
timeout: 30
poptimeout: 10
dracinterval: 0
drachost: localhost
sieve_maxscriptsize: 32
sieve_maxscripts: 5
#unixhierarchysep: yes
#tls_ca_file:/var/lib/imap/server.pem
#tls_cert_file:/var/lib/imap/server.pem
#tls_key_file:/var/lib/imap/server.pem
## sasl kram
sasl_auxprop_plugin: sasldb
sasl_pwcheck_method: saslauthd
#sasl_pwcheck_method: auxprop
sasl_mech_list: plain login DIGEST-MD5
#################
# mupdate slave #
#################
mupdate_server: mail2.mailfarm21.local
mupdate_port: 3905
mupdate_username: cyrus-backend
mupdate_authname: cyrus-backend
mupdate_password: secret
#mupdate_config: unified
# frontendzugriff
proxyservers: mail2.mailfarm21.local
proxy_authname: cyrus-backend
# transfer between backends
allowusermoves: yes
allowsubscribes: yes
cyrus.conf
# standard standalone server implementation
START {
# do not delete this entry!
recover cmd="ctl_cyrusdb -r"
# this is only necessary if using idled for IMAP IDLE
idled cmd="idled"
#
# resync the mailbox with the master at startup
mupdatepush cmd="ctl_mboxlist -m"
}
# UNIX sockets start with a slash and are put into /var/lib/imap/sockets
SERVICES {
# add or remove based on preferences
imap cmd="imapd" listen="imap" prefork=5
imaps cmd="imapd -s" listen="imaps" prefork=1
pop3 cmd="pop3d" listen="pop3" prefork=3
pop3s cmd="pop3d -s" listen="pop3s" prefork=1
sieve cmd="timsieved" listen="sieve" prefork=0
# these are only necessary if receiving/exporting usenet via NNTP
# nntp cmd="nntpd" listen="nntp" prefork=3
# nntps cmd="nntpd -s" listen="nntps" prefork=1
# at least one LMTP is required for delivery
# lmtp cmd="lmtpd" listen="lmtp" prefork=0
lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1
# this is only necessary if using notifications
# notify cmd="notifyd" listen="/var/lib/imap/socket/notify" proto="udp" prefork=1
#
mupdate cmd="/usr/lib/cyrus-imapd/mupdate" listen="3905" prefork=1
fud cmd="fud" proto="udp" listen="4201" profork=0 maxchilds=10
}
EVENTS {
# this is required
checkpoint cmd="ctl_cyrusdb -c" period=30
# this is only necessary if using duplicate delivery suppression,
# Sieve or NNTP
delprune cmd="cyr_expire -E 3" at=0400
#delprune cmd="ctl_deliver -E 3" period=1440
# this is only necessary if caching TLS sessions
tlsprune cmd="tls_prune" at=0400
# Squat failed, helps
squatter cmd="squatter -r user" period=1440
}
On Jan 11, 2008 2:30 PM, Ken Murchison <murch@xxxxxxxxxxxxxx> wrote:
rupert wrote:What MySQL database? For authentication? All user credentials need to
> another questions is:
> does the mysql database have to be on both machines or does the frontend
> cyrus get its data from the backend and doesnt store anything inside its
> local DB?
be verified on the frontends. If you IMAP client(s) support referrals,
then they might also authenticate directly on the backends. Otherwise,
only the "murder" user authenticates on the backends.
> I created a new domain and user on the backend with web-cyradm and on
> the frontend/mupdate i can get the data with lm, but I cant connect with
> a mail client.
>
> On Jan 11, 2008 1:13 PM, Rupertt <rupertt@xxxxxxxxx> <mailto: rupertt@xxxxxxxxx>> wrote:
>
> Ken Murchison wrote:
>> rupert wrote:
>>
>>> Hello first,
>>> I was able to set up an murder cluster with one backend and a frontend
>>> which also acts as a mupdate server.
>>> i could get the mailbox accounts from the backend, which was a
>>> standalone before.
>>> I read that now the murder is running i should "only" create accounts on
>>> the frontend and dont do anything manually on the backend, right?
>>>
>>> When I now create a user with web-cyradm on the frontend it creates the
>>> entry in the DB, but the logfile says:
>>>
>>> Jan 11 12:34:02 mail2 mupdate[2166]: cmd_set(fd:18, user.ralf)
>>> Jan 11 12:34:02 mail2 imap[2183]: mupdate NO response: mailbox already
>>> exists
>>> Jan 11 12:34:02 mail2 imap[2183]: MUPDATE: can't reserve mailbox entry
>>> for 'user.ralf'
>>> Jan 11 12:34:02 mail2 imap[2183]: autocreateinbox: User ralf, INBOX
>>> failed. unable to reserve mailbox on mupdate server
>>>
>>>
>>> when i try to add the user with "cm ralf" i get a permission denied
>>> error in the cyradm console.
>>>
>>> i could add a new mailbox on the backend by hand and when I do a "lm" on
>>> the frontend the new account gets listed there.
>>>
>>> So how can I proceed?
>>>
>> Toplevel mailboxes MUST be created on the backend.
>>
>>
>>
> you mean like "ralf", well i tried "user.ralf" and it still does not
> work.
>
> this is my current list:
>
> sam (\HasNoChildren) user.sigi (\HasChildren)
> testuser (\HasNoChildren) user.sigi.Sent (\HasNoChildren)
> user.box1 (\HasNoChildren) user.sigi.Trash (\HasNoChildren)
> user.jon (\HasNoChildren) user.tb0001 (\HasNoChildren)
> user.roy (\HasChildren) user.test1 (\HasNoChildren)
> user.roy.Sent (\HasNoChildren) user.test2 (\HasNoChildren)
> user.roy.Trash (\HasNoChildren) user.testuser (\HasNoChildren)
>
>
>
>--
Kenneth Murchison
Systems Programmer
Project Cyrus Developer/Maintainer
Carnegie Mellon University
---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
