Lars Hanke wrote: > I'm trying set up cyrus-imap using the ldapdb auxprop. I guess I've the > LDAP part up and running, but somehow imap does not really request for > authentication. So probably I still have something messed in the > configuration, which apparently has changed with respect to my last > install a couple of years ago. > > Any ideas for systematic troubleshooting are welcome. > Regards, > - lars. > > This is the sasl related part of the imap configuration: > hermod:~# grep sasl /etc/imapd.conf | grep -v '^#' | grep -v '^\s*$' > sasl_mech_list: PLAIN DIGEST-MD5 CRAM-MD5 > sasl_pwcheck_method: auxprop > sasl_auxprop_plugin: ldapdb > sasl_ldapdb_uri: ldaps://hel.mgr > sasl_ldapdb_id: mailadmin > sasl_ldapdb_pw: ********* > sasl_ldapdb_mech: DIGEST-MD5 > sasl_auto_transition: no > > I don't see anything that sticks out. You may want to experiment with the ldapdb_starttls and ldapdb_rc options (see sasl's options.html doc). See 'man ldap.conf' for options that you can place in ldaprc. If you do choose to use starttls, you'll need to replace ldaps://hel.mgr with ldap://hel.mgr. To make sure that the ldapdb plugin is installed correctly: # cat > /usr/lib/sasl2/pluginview.conf mech_list: PLAIN DIGEST-MD5 CRAM-MD5 pwcheck_method: auxprop auxprop_plugin: ldapdb ldapdb_uri: ldaps://hel.mgr ldapdb_id: mailadmin ldapdb_pw: ********* ldapdb_mech: DIGEST-MD5 auto_transition: no # pluginviewer | grep ldapdb > The following is running as expected: > hermod:~# ldapwhoami -U mailadmin -X u:cyrus -W -Y DIGEST-MD5 -H > ldaps://hel.mgr > Enter LDAP Password: > SASL/DIGEST-MD5 authentication started > SASL username: u:cyrus > SASL SSF: 128 > SASL data security layer installed. > dn:uid=cyrus,ou=mailbox,dc=mgr > > and of course: > ldapsearch -U mailadmin -X u:cyrus -W -Y DIGEST-MD5 -b > "ou=mailbox,dc=mgr" "(uid=cyrus)" > returns the password of cyrus, which is kept as plaintext inside the > LDAP repositiory. ldapsearch returns the base64 encoded plain password. > > So apparently imapd-ldapdb connects and establishes SSL. For the rest > I'm unsure, but it seems like it does not talk to LDAP anymore and > terminates, i.e. there is no authentication happening. The result is the > same for trying telnet localhost imap2 and a login for cyrus. > Does your /var/log/auth.log or /var/log/syslog give you anything useful? - Dan ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
