multiple domains not working in cyrus
Jan Kowalsky
jankow at datenkollektiv.net
Thu Mar 20 22:35:10 CET 2014
Am Tuesday, 11. March 2014 schrieb Hügel, Christian:
> Am 10-03-2014 11:55, schrieb Jan Hofmann:
> > Hi all,
> >
> > I added a second domain in the kolab-webadmin and afterwards I
> > modified all configs like described in
> > http://docs.kolab.org/howtos/multi-domain.html
> > Postfix is working fine, all mails for the second domain are delivered
> > in the right mailboxes.
> >
> > But I can’t login with a user from the second domain. Cyrus gives me
> > the following errormessage (external mailclient and Roundcube):
> >
> > Mar 10 11:44:17 mail ptloader[18251]: starting: ptloader.c,v git2.5+0
> > Mar 10 11:44:17 mail imap[18231]: ptload(): bad response from ptloader
> > server: identifier not found
> > Mar 10 11:44:17 mail imap[18231]: ptload completely failed: unable to
> > canonify identifier: max.mustermann at example.de
> > Mar 10 11:44:17 mail imap[18231]: SASL bad userid authenticated
> > Mar 10 11:44:17 mail imap[18231]: badlogin: localhost [127.0.0.1]
> > PLAIN [SASL(-13): authentication failure: bad userid authenticated]
> >
> > in /etc/imapd.conf I added all the ldap_domain_* parts as described in
> > the “Cyrus 2.5 section” from the above tutorial, here is my
> > imapd.conf:
> >
> > ### imapd.conf - begin ###
> >
> > configdirectory: /var/lib/imap
> > partition-default: /var/spool/imap
> > admins: cyrus-admin
> > sievedir: /var/lib/imap/sieve
> > sendmail: /usr/sbin/sendmail
> > sasl_pwcheck_method: auxprop saslauthd
> > sasl_mech_list: PLAIN LOGIN
> > allowplaintext: no
> > tls_cert_file: /etc/pki/tls/certs/example.de.crt
> > tls_key_file: /etc/pki/tls/private/example.de.key
> > tls_ca_file: /etc/pki/tls/certs/sub.class1.server.ca.pem
> > # uncomment this if you're operating in a DSCP environment (RFC-4594)
> > # qosmarking: af13
> > auth_mech: pts
> > pts_module: ldap
> > ldap_servers: ldap://localhost:389
> > ldap_sasl: 0
> > ldap_base: dc=example,dc=de
> > ldap_bind_dn: uid=kolab-service,ou=Special Users,dc=example,dc=de
> > ldap_password: vlTMR1QJZ9SCe99
> > ldap_filter:
> > (|(&(|(uid=cyrus-admin)(uid=cyrus-murder))(uid=%U))(&(|(uid=%U)(mail=%U@%
> > d)(mail=%U@%r))(objectclass=kolabinetorgperson))) ldap_user_attribute:
> > mail
> > ldap_group_base: dc=example,dc=de
> > ldap_group_filter:
> > (&(cn=%u)(objectclass=ldapsubentry)(objectclass=nsroledefinition))
> > ldap_group_scope: one
> > ldap_member_base: ou=People,dc=example,dc=de
> > ldap_member_method: attribute
> > ldap_member_attribute: nsrole
> > ldap_restart: 1
> > ldap_timeout: 10
> > ldap_time_limit: 10
> > unixhierarchysep: 1
> > virtdomains: userid
> > annotation_definitions: /etc/imapd.annotations.conf
> > sieve_extensions: fileinto reject envelope body vacation imapflags
> > notify include regex subaddress relational copy
> > allowallsubscribe: 0
> > allowusermoves: 1
> > altnamespace: 1
> > hashimapspool: 1
> > anysievefolder: 1
> > fulldirhash: 0
> > sieveusehomedir: 0
> > sieve_allowreferrals: 0
> > lmtp_downcase_rcpt: 1
> > lmtp_fuzzy_mailbox_match: 1
> > username_tolower: 1
> > deletedprefix: DELETED
> > delete_mode: delayed
> > expunge_mode: delayed
> > flushseenstate: 1
> > postuser: shared
> >
> > #changes for multidomain
> > ldap_domain_base_dn: cn=kolab,cn=config
> > ldap_domain_filter:
> > (&(objectclass=domainrelatedobject)(associateddomain=%s))
> > ldap_domain_name_attribute: associatedDomain
> > ldap_domain_scope: sub
> > ldap_domain_result_attribute: inetdomainbasedn
> >
> > ### imapd.conf - end ###
> >
> > Any Ideas?
> >
> > Best regards,
> > Jan
>
> There´s a open bug [1] for this issue.
>
> Regards,
>
> Christian
>
> [1] https://issues.kolab.org/show_bug.cgi?id=2495
Hi Jan,
hi Christian,
I just wrote another post for propably the same problem. Now I found this
thread. The difference may be that Jan and me setted up the multi-domain
options in kolab 3.2 as suggested for the cyrus 2.5 in the multi-domain howto
- which changed from 3.1.
For me using the "old" procedure login works - but I've got also the logs
about ptload completely failed.
Regards
Jan
More information about the users
mailing list