I'm trying set up cyrus-imap using the ldapdb auxprop. I guess I've the LDAP part up and running, but somehow imap does not really request for authentication. So probably I still have something messed in the configuration, which apparently has changed with respect to my last install a couple of years ago. Any ideas for systematic troubleshooting are welcome. Regards, - lars. This is the sasl related part of the imap configuration: hermod:~# grep sasl /etc/imapd.conf | grep -v '^#' | grep -v '^\s*$' sasl_mech_list: PLAIN DIGEST-MD5 CRAM-MD5 sasl_pwcheck_method: auxprop sasl_auxprop_plugin: ldapdb sasl_ldapdb_uri: ldaps://hel.mgr sasl_ldapdb_id: mailadmin sasl_ldapdb_pw: ********* sasl_ldapdb_mech: DIGEST-MD5 sasl_auto_transition: no The following is running as expected: hermod:~# ldapwhoami -U mailadmin -X u:cyrus -W -Y DIGEST-MD5 -H ldaps://hel.mgr Enter LDAP Password: SASL/DIGEST-MD5 authentication started SASL username: u:cyrus SASL SSF: 128 SASL data security layer installed. dn:uid=cyrus,ou=mailbox,dc=mgr and of course: ldapsearch -U mailadmin -X u:cyrus -W -Y DIGEST-MD5 -b "ou=mailbox,dc=mgr" "(uid=cyrus)" returns the password of cyrus, which is kept as plaintext inside the LDAP repositiory. ldapsearch returns the base64 encoded plain password. However using this same password the following happens: hermod:~# imtest -v -u cyrus -a cyrus -p imap -m DIGEST-MD5 hermod.mgr S: * OK hermod.mgr Cyrus IMAP4 v2.2.13-Debian-2.2.13-14+b3 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE STARTTLS AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR S: C01 OK Completed C: A01 AUTHENTICATE DIGEST-MD5 S: + bm9uY2U9IlBMREhNY0JjbG1XOUt2dk5FQWQrb0R5cmZ3YjY3cHcyb1VIWHhacDE0dXc9IixyZWFsbT0iaGVybW9kLm1nciIscW9wPSJhdXRoLGF1dGgtaW50LGF1dGgtY29uZiIsY2lwaGVyPSJyYzQtNDAscmM0LTU2LHJjNCxkZXMsM2RlcyIsbWF4YnVmPTQwOTYsY2hhcnNldD11dGYtOCxhbGdvcml0aG09bWQ1LXNlc3M= Please enter your password: C: dXNlcm5hbWU9ImN5cnVzIixyZWFsbT0iaGVybW9kLm1nciIsbm9uY2U9IlBMREhNY0JjbG1XOUt2dk5FQWQrb0R5cmZ3YjY3cHcyb1VIWHhacDE0dXc9Iixjbm9uY2U9IkVZR2hkY1UvZy9vU0J5VkNsMkhSVWt3NWVuMTlOR3puWU9PQjZuSUpPams9IixuYz0wMDAwMDAwMSxxb3A9YXV0aC1jb25mLGNpcGhlcj1yYzQsbWF4YnVmPTEwMjQsZGlnZXN0LXVyaT0iaW1hcC9oZXJtb2QubWdyIixyZXNwb25zZT00Yjk3OWJhMTU0NWUzZDBkMTJiYWNlNjY4NTk4YjhjZA== failure: prot layer failure The detailed log of slapd has the following for this request: slap_listener_activate(10): >>> slap_listener(ldaps:///) conn=15 fd=24 ACCEPT from IP=172.16.6.5:53956 (IP=0.0.0.0:636) connection_get(24): got connid=15 connection_read(24): checking for input on id=15 connection_get(24): got connid=15 connection_read(24): checking for input on id=15 connection_get(24): got connid=15 connection_read(24): checking for input on id=15 connection_get(24): got connid=15 connection_read(24): checking for input on id=15 connection_read(24): unable to get TLS client DN, error=49 id=15 conn=15 fd=24 TLS established tls_ssf=128 ssf=128 connection_get(24): got connid=15 connection_read(24): checking for input on id=15 ber_get_next ber_get_next on fd 24 failed errno=0 (Success) connection_closing: readying conn=15 sd=24 for close connection_close: conn=15 sd=24 conn=15 fd=24 closed (connection lost) So apparently imapd-ldapdb connects and establishes SSL. For the rest I'm unsure, but it seems like it does not talk to LDAP anymore and terminates, i.e. there is no authentication happening. The result is the same for trying telnet localhost imap2 and a login for cyrus. ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
