Re: Problem setup Cyrus Aggregation ( Murder )

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


Cyrus IMAPD version: 2.3.16 ( using a compiled source version )


My problem seems to be with the sasl authentication

frontend  auth with mupdate - Ok
mupdate auth with frontend   - Ok
frontend auth with backend -  ???

------------------------------------------------------------------
My /etc/saslauthd.conf

ldap_servers: ldap://ldap.intranet
ldap_auth_method: bind
ldap_referrals: no
ldap_search_base: dc=domain1,dc=com
ldap_verbose: on
ldap_debug: 6

Tested with testsaslauthd  and postfix.

--------------------------------------------------------------------
In Frontend:

# Mupdate
mupdate_server:  mupdate.intranet
mupdate_username: cyrmaster
mupdate_authname: cyrmaster
mupdate_password: data

# Backend User
proxy_authname: cyrmaster
proxy_password: data

# Administrator
admins: cyrmaster

# SASL
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN LOGIN
allowplaintext: yes
sasl_minimum_layer: 0
sasl_auto_transition: no
-----------------------------------------------------

In Backend:

# Mupdate
mupdate_server: mupdate.intranet
mupdate_username: cyrmaster
mupdate_authname: cyrmaster
mupdate_password: data


# Backend User
proxyservers: cyrmaster

# Administrator
admins: cyrmaster

#  SASL
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN LOGIN
allowplaintext: yes
sasl_minimum_layer: 0
sasl_auto_transition: no

----------------------------------------------------------------------------------------

When i connect in frontend and create a mailbox:

cyradm --user cyrmaster frontend
frontend> cm user/bob backend1


in backend log:

Jul 14 23:48:34 backend1 saslauthd[6837]: ldap_simple_bind() failed -1 (Can't contact LDAP server).
Jul 14 23:48:34 backend1 saslauthd[6837]: Retrying authentication
Jul 14 23:48:34 backend1 imap[7042]: auxpropfunc error invalid parameter supplied
Jul 14 23:48:34 backend1 imap[7042]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: ldapdb

But mailbox is created.

When setacl is used:

frontend> sam user/bob cyrmaster all

In backend log:

ul 14 23:52:45 backend1 imap[7050]: auxpropfunc error invalid parameter supplied
Jul 14 23:52:45 backend1 imap[7050]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: ldapdb
Jul 14 23:52:45 backend1 imap[7042]: No worthy mechs found
Jul 14 23:52:45 backend1 imap[7051]: auxpropfunc error invalid parameter supplied
Jul 14 23:52:45 backend1 imap[7051]: _sasl_plugin_load 1ailed on sasl_auxprop_plug_init for plugin: ldapdb

---------------------------------------------------------------------------------------------------------------------------------------------------------------------

when try to reconstruct a mailbox:

frontend> reconstruct  user/bob

Jul 15 00:09:53 uxrjo700 saslauthd[6841]: Authentication failed for cyrmaster: Bind to ldap server failed (invalid user/password or insufficient access) (-7)
Jul 15 00:09:53 uxrjo700 saslauthd[6841]: do_auth         : auth failure: [user=cyrmaster] [service=imap] [realm=] [mech=ldap] [reason=Unknown]
Jul 15 00:09:59 uxrjo700 imap[7116]: auxpropfunc error invalid parameter supplied
Jul 15 00:09:59 uxrjo700 imap[7116]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: ldapdb


I don' configure  sasl plugin: ldapdb in imapd.conf , why this plugin is called ?
.sasl_pwcheck_method: saslauthd is not sufficient for all operations ?
I need to configure some ldapdb parameter ??

I don'  configure any TLS certificate is necessary to configure a TLS certificate ?
Even when PLAIN password is used ?

With means "No worthy mechs found"  ?

I thank in advance for any help

Regards
Zinato






On Tue, Jul 13, 2010 at 8:24 PM, Lucas Zinato Carraro <lucaszc@xxxxxxxxx> wrote:


cyradm --user cyrmaster@xxxxxxxxxxx  frontend.domain.com
Password:
frontend.domain.com>                                                                      
frontend.domain.com>                                                                      
frontend.domain.com> cm user/test  backend1.intranet               --- OK                       
frontend.domain.com> lm user/test                                     
user/testepermissao (\HasNoChildren)
 
frontend.domain.com> info user/testepermissao                                             
{user/test}:
  server: backend1.intranet
correio.dataprev.gov.br> sam user/test  cyrmaster@xxxxxxxxxxx all
setaclmailbox: cyrmaster@xxxxxxxxxxx: lrswipkxtea: Server(s) unavailable to complete operation

---------------------------------------------------------------------------------------------------------------

Problem when set ACLs and QUOTA, but CREATE is OK

Using SASLAUTH with LDAP Server.

--------------------------------------------------------------------------------------------------
Configuration in frontend.domain.com

............................................
# Administrator
admins:  cyrmaster@xxxxxxxxxxx  cyrmaster@xxxxxxxxxxx

# Mupdate
mupdate_server: mupdate.intranet
mupdate_authname: mupdateuser
mupdate_password: password

# Backend User
proxy_authname: backenduser
proxy_password: password1
backend1_password: password1

------------------------------------------------------------------------------------------------------
Configuration in backend1.intranet

............................
# Mupdate
mupdate_server: mupdate.intranet
mupdate_authname: mupdateuser
mupdate_password: password

# Backend User
proxyservers: backenduser@intranet backenduser@xxxxxxxxxxx backenduser@xxxxxxxxxxx 

# Administrador
admins:  cyrmaster@xxxxxxxxxxx cyrmaster@xxxxxxxxxxx


------------------------------------------------------------------------------------------------------
Configuration in mupdate.intranet

..............


# Backend User
proxy_authname: backenduser
proxy_password: password1

# Administrator
admins:  mupdateuser mupdateuser@intranet backenduser backenduser@xxxxxxxxxxx backenduser@xxxxxxxxxxx


----------------------------------------------------------------------------------------------------------

When i use this command i see in backend :

Jul 13 19:52:34 backend1 imap[30484]: login: frontend.domain.com [192.168.136.151] cyrmaster@xxxxxxxxxxx PLAIN User logged in
Jul 13 19:52:34 backend1 imap[30484]: fetching user_deny.db entry for 'cyrmaster@xxxxxxxxxxx'
Jul 13 19:52:34 backend1 imap[30478]: accepted connection
Jul 13 19:52:34 backend1 imap[30484]: couldn't authenticate to backend server: no mechanism available


Any help ?


Another question is:   When i transfer a mailbox from backend1 to backend2 , backend1 auth in backend2 with
the user that request action ( in my example  cyrmaster@xxxxxxxxxxx  ) or with proxy_authname( backenduser@xxxxxxxxxxx ) ?



Thanks for any help

Regards

Zinato






----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux