SASL Authentication Problem

Paul Bronson signaldeveloper at gmail.com
Tue Aug 25 16:55:33 CEST 2015 

That seems to eliminate my errors, but when I log in with a user on a
secondary domain I get:

Server Error: STATUS: Mailbox does not exist



On Tue, Aug 25, 2015 at 10:41 AM, Timotheus Pokorra <timotheus at kolab.org>
wrote:

> Hello Paul,
>
> that script is working for me quite ok, but it is just an example how
> it could work.
> You need to be able to understand what it does. There is no guarantuee
> on it that it is useful to you.
> I cannot guarantuee an upgrade path to future versions of Kolab either.
>
> You are free to use it, and contribute as well, of course :)
>
> All the best,
>   Timotheus
>
> On 25 August 2015 at 16:35, Paul Bronson <signaldeveloper at gmail.com>
> wrote:
> > Timotheus,
> >
> > This script, is this something I can run on a fresh kolab 3.4 install to
> get
> > multi domain working? If so, that would really be awesome and I'd be
> happy
> > to contribute to it!
> >
> > On Tue, Aug 25, 2015 at 10:25 AM, Timotheus Pokorra <timotheus at kolab.org
> >
> > wrote:
> >>
> >> Hello Paul,
> >>
> >> I have to admit I did not get the canonification to work for my
> >> multidomain setup.
> >> So I am removing it in my scripts:
> >>
> >>
> https://github.com/TBits/KolabScripts/blob/master/kolab/initMultiDomain.sh#L10
> >>
> >> Perhaps other parts of that script are useful to you as well.
> >>
> >> All the best,
> >>   Timotheus
> >>
> >> On 25 August 2015 at 16:19, Paul Bronson <signaldeveloper at gmail.com>
> >> wrote:
> >> > Anybody else have any ideas on this? Again this is a fresh "follow the
> >> > direction" multi domain setup and I don't know exactly what went
> wrong.
> >> >
> >> > On Mon, Aug 24, 2015 at 10:31 PM, <signaldeveloper at gmail.com> wrote:
> >> >>
> >> >> I tried playing with that. Didn't help. Anyone else have some ideas
> on
> >> >> this? Brian (you are my man!!)
> >> >>
> >> >>
> >> >>
> >> >> Sent from my iPhone
> >> >>
> >> >> > On Aug 24, 2015, at 8:24 PM, Thomas Spuhler
> >> >> > <thomas.spuhler at btspuhler.com> wrote:
> >> >> >
> >> >> >> On Monday, August 24, 2015 08:21:09 PM Paul Bronson wrote:
> >> >> >> So I am running into a whirlwind of issues with my cyrus install.
> I
> >> >> >> am
> >> >> >> setting up a multi-domain kolab groupware solution. I am on centos
> >> >> >> 6.7
> >> >> >>
> >> >> >> I am getting this flooding my error logs when I try to make a new
> >> >> >> user
> >> >> >> on a
> >> >> >> fresh multi domain setup:
> >> >> >>
> >> >> >>    Aug 24 19:01:19 gmx1 imaps[1911]: badlogin: localhost [::1]
> PLAIN
> >> >> >> [SASL(-13): authentication failure: bad userid authenticated]
> >> >> >>    Aug 24 19:01:23 gmx1 imaps[1916]: starttls: TLSv1.2 with cipher
> >> >> >> ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits new) no authentication
> >> >> >>    Aug 24 19:01:23 gmx1 imaps[1916]: SASL unable to open Berkeley
> db
> >> >> >> /etc/sasldb2: No such file or directory
> >> >> >>    Aug 24 19:01:23 gmx1 imaps[1916]: SASL unable to open Berkeley
> db
> >> >> >> /etc/sasldb2: No such file or directory
> >> >> >>    Aug 24 19:01:23 gmx1 imaps[1916]: ptload(): bad response from
> >> >> >> ptloader
> >> >> >> server: ptsmodule_canonifyid() failed
> >> >> >>    Aug 24 19:01:23 gmx1 imaps[1916]: ptload completely failed:
> >> >> >> unable
> >> >> >> to
> >> >> >> canonify identifier: 'john'[0:1]doe at domain.com
> >> >> >>    Aug 24 19:01:23 gmx1 imaps[1916]: SASL bad userid authenticated
> >> >> >>
> >> >> >>
> >> >> >> The users do NOT show up on kolab webadmin... It keeps trying to
> add
> >> >> >> a
> >> >> >> test
> >> >> >> user I made and won't stop trying.  I reboot the server and it
> goes
> >> >> >> away.
> >> >> >>
> >> >> >> I tried playing with:
> >> >> >>
> >> >> >> /etc/imapd.conf
> >> >> >>
> >> >> >>    ldap_domain_base_dn: cn=kolab,cn=config
> >> >> >>    ldap_domain_filter:
> >> >> >> (&(objectclass=domainrelatedobject)(associateddomain=%s))
> >> >> >>    ldap_domain_name_attribute: associatedDomain
> >> >> >>    ldap_domain_scope: sub
> >> >> >>    ldap_domain_result_attribute: inetdomainbasedn
> >> >> >>
> >> >> >>
> >> >> >> I also noticed these at the top.. Should this be "PLAIN" ? see
> >> >> >> below..
> >> >> >>
> >> >> >>    sasl_pwcheck_method: auxprop saslauthd
> >> >> >>    sasl_mech_list: PLAIN LOGIN
> >> >> >>    allowplaintext: no
> >> >> > I have (Mageia5)
> >> >> > pwcheck_method: saslauthd
> >> >> > mech_list: plain login
> >> >> >
> >> >> >
> >> >> >>
> >> >> >>
> >> >> >> My imapd config:
> >> >> >>
> >> >> >>    configdirectory: /var/lib/imap
> >> >> >>    partition-default: /var/spool/imap
> >> >> >>    admins: cyrus-admin
> >> >> >>    sievedir: /var/lib/imap/sieve
> >> >> >>    sendmail: /usr/sbin/sendmail
> >> >> >>    sasl_pwcheck_method: auxprop saslauthd
> >> >> >>    sasl_mech_list: PLAIN LOGIN
> >> >> >>    allowplaintext: no
> >> >> >>    tls_server_cert: /etc/pki/cyrus-imapd/cyrus-imapd.pem
> >> >> >>    tls_server_key: /etc/pki/cyrus-imapd/cyrus-imapd.pem
> >> >> >>    # uncomment this if you're operating in a DSCP environment
> >> >> >> (RFC-4594)
> >> >> >>    # qosmarking: af13
> >> >> >>    auth_mech: pts
> >> >> >>    pts_module: ldap
> >> >> >>    ldap_servers: ldap://localhost:389
> >> >> >>    ldap_sasl: 0
> >> >> >>    ldap_base: dc=domain,dc=com
> >> >> >>    ldap_bind_dn: uid=kolab-service,ou=Special
> Users,dc=domain,dc=com
> >> >> >>    ldap_password: WIY0DNbAYPc8uY5
> >> >> >>    ldap_filter:
> >> >> >>
> >> >> >>
> >> >> >>
> (|(&(|(uid=cyrus-admin)(uid=cyrus-murder))(uid=%U))(&(|(uid=%U)(mail=%U@
> >> >> >> %d)(mail=%U@%r))(objectclass=kolabinetorgperson)))
> >> >> >>    ldap_user_attribute: mail
> >> >> >>    ldap_group_base: dc=domain,dc=com
> >> >> >>    ldap_group_filter:
> >> >> >> (&(cn=%u)(objectclass=ldapsubentry)(objectclass=nsroledefinition))
> >> >> >>    ldap_group_scope: one
> >> >> >>    ldap_member_base: ou=People,dc=domain,dc=com
> >> >> >>    ldap_member_method: attribute
> >> >> >>    ldap_member_attribute: nsrole
> >> >> >>    ldap_restart: 1
> >> >> >>    ldap_timeout: 10
> >> >> >>    ldap_time_limit: 10
> >> >> >>    unixhierarchysep: 1
> >> >> >>    virtdomains: userid
> >> >> >>    annotation_definitions: /etc/imapd.annotations.conf
> >> >> >>    sieve_extensions: fileinto reject envelope body vacation
> >> >> >> imapflags
> >> >> >> notify include regex subaddress relational copy date index
> >> >> >>    allowallsubscribe: 0
> >> >> >>    allowusermoves: 1
> >> >> >>    altnamespace: 1
> >> >> >>    hashimapspool: 1
> >> >> >>    anysievefolder: 1
> >> >> >>    fulldirhash: 0
> >> >> >>    sieveusehomedir: 0
> >> >> >>    sieve_allowreferrals: 0
> >> >> >>    lmtp_downcase_rcpt: 1
> >> >> >>    lmtp_fuzzy_mailbox_match: 1
> >> >> >>    username_tolower: 1
> >> >> >>    deletedprefix: DELETED
> >> >> >>    delete_mode: delayed
> >> >> >>    expunge_mode: delayed
> >> >> >>    postuser: shared
> >> >> >>
> >> >> >>    ldap_domain_base_dn: cn=kolab,cn=config
> >> >> >>    ldap_domain_filter:
> >> >> >> (&(objectclass=domainrelatedobject)(associateddomain=%s))
> >> >> >>    ldap_domain_name_attribute: associatedDomain
> >> >> >>    ldap_domain_scope: sub
> >> >> >>    ldap_domain_result_attribute: inetdomainbasedn
> >> >> >>
> >> >> >>
> >> >> >> Cyrus version:
> >> >> >>
> >> >> >>    name       : Cyrus IMAPD
> >> >> >>    version    : git2.5+0-Kolab-2.5-108.1.el6.kolab_3.4
> >> >> >>    vendor     : Project Cyrus
> >> >> >>    support-url: http://www.cyrusimap.org
> >> >> >>    os         : Linux
> >> >> >>    os-version : 2.6.32-042stab108.7
> >> >> >>    environment: Built w/Cyrus SASL 2.1.23
> >> >> >>                 Running w/Cyrus SASL 2.1.23
> >> >> >>                 Built w/OpenSSL 1.0.1e-fips 11 Feb 2013
> >> >> >>                 Running w/OpenSSL 1.0.1e-fips 11 Feb 2013
> >> >> >>                 Built w/zlib 1.2.3
> >> >> >>                 Running w/zlib 1.2.3
> >> >> >>                 CMU Sieve 2.4
> >> >> >>                 TCP Wrappers
> >> >> >>                 NET-SNMP
> >> >> >>                 mmap = shared
> >> >> >>                 lock = fcntl
> >> >> >>                 nonblock = fcntl
> >> >> >>                 idle = idled
> >> >> >>
> >> >> >>
> >> >> >>
> >> >> >> Kolab web-admin is in turn unable to write the entry to Cyrus as
> the
> >> >> >> user
> >> >> >> doesn't showing the roundcube DB.
> >> >> >>
> >> >> >>
> >> >> >> I think my main problem is that this "ptloader" cannot canonify
> the
> >> >> >> user.
> >> >> >> Should I turn on canonicalization?
> >> >> >>
> >> >> >> This article states to use it:
> >> >> >>
> https://docs.kolab.org/howtos/multi-domain.html#cyrus-imap-changes
> >> >> >>
> >> >> >> This one does not:
> >> >> >> http://bmts.us/wiki/doku.php?id=article:kolab:multidomain
> >> >> >
> >> >> > --
> >> >> > Best regards
> >> >> > Thomas Spuhler
> >> >> >
> >> >> > All of my e-mails have a valid digital signature
> >> >> > ID 60114E63
> >> >> > _______________________________________________
> >> >> > users mailing list
> >> >> > users at lists.kolab.org
> >> >> > https://lists.kolab.org/mailman/listinfo/users
> >> >
> >> >
> >> >
> >> > _______________________________________________
> >> > users mailing list
> >> > users at lists.kolab.org
> >> > https://lists.kolab.org/mailman/listinfo/users
> >
> >
> >
> > _______________________________________________
> > users mailing list
> > users at lists.kolab.org
> > https://lists.kolab.org/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kolab.org/pipermail/users/attachments/20150825/dd6d049b/attachment.html>

More information about the users mailing list