Re: cyrus-imap: 'realm' is missing when authenticate against LDAP with ldapdb plugin

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

>On 102/2/26 下午 10:30, Dan White wrote:
>>On 02/26/13 13:26 +0800, Lingfeng Xiong wrote:
>>>>sasl_pwcheck_method: auxprop
>>>>sasl_auxprop_plugin: ldapdb
>>>>sasl_ldapdb_uri: ldap://MY-LDAP-SERVER
>>>>sasl_ldapdb_id: CYRUS-PROXY-USER-NAME
>>>>sasl_ldapdb_pw: CYRUS-PROXY-USER-PASSWORD
>>>>sasl_ldapdb_mech: DIGEST-MD5
>>>>sasl_log_level: 7
>>>
>>>When I tried to login with a user like 'test@xxxxxxxxxxx', I desire it
>>>look for 'uid=test@xxxxxxxxxxx,cn=digest-md5,cn=auth' in OpenLDAP. But
>>>according to OpenLDAP's log, it passed 'uid=test,cn=digest-md5,cn=auth'
>>>to it.  Apparently, 'realm' has been ignored.  Is there anyway for me to
>>>make cyrus-imapd query the username with it's realm to OpenLDAP? Or my
>>>methodology is completely incorrect?
>>
>>Do you have virtdomains enabled (or set to userid)?
>>
>>Does this only happen with one domain (@example.net)? If so, then do you
>>have a defaultdomain option set?

On 02/27/13 20:54 +0800, Bear wrote:
>Hi Dan,
>Thanks for your reply. I found no matter I set the virtdomains and 
>default domains, I always got 'uid=test,cn=digest-md5,cn=auth'-like 
>dn in LDAP when running 'imtest'.
>I tried to set '-r' argument or just append the domain with username 
>in '-u', both are just the same...

You should be using a -a option here, such as:

imtest -m DIGEST-MD5 -a test@xxxxxxxxxxx imap_host

Compare the slapd logs to when running this command:

ldapwhoami -Y DIGEST-MD5 -H ldap://MY-LDAP-SERVER -U test@xxxxxxxxxxx

If you want to simulate the function of the ldapdb auxprop plugin, try:

ldapwhoami -Y DIGEST-MD5 -H ldap://MY-LDAP-SERVER -U CYRUS-PROXY-USER-NAME
-X u:test@xxxxxxxxxxx -w CYRUS-PROXY-USER-PASSWORD

Which should return the DN for test@xxxxxxxxxxx. Then do:

ldapsearch -Y DIGEST-MD5 -H ldap://MY-LDAP-SERVER -U CYRUS-PROXY-USER-NAME
-X u:test@xxxxxxxxxxx -w CYRUS-PROXY-USER-PASSWORD -b "$user_dn"
userPassword

Which should return the user's password. Add a '-d -1' option to
ldapwhoami/ldapsearch commands for detailed debugging information.



-- 
Dan White
----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux