SASL Authentication Problem

signaldeveloper at gmail.com signaldeveloper at gmail.com
Tue Aug 25 04:31:57 CEST 2015 

I tried playing with that. Didn't help. Anyone else have some ideas on this? Brian (you are my man!!)



Sent from my iPhone

> On Aug 24, 2015, at 8:24 PM, Thomas Spuhler <thomas.spuhler at btspuhler.com> wrote:
> 
>> On Monday, August 24, 2015 08:21:09 PM Paul Bronson wrote:
>> So I am running into a whirlwind of issues with my cyrus install. I am
>> setting up a multi-domain kolab groupware solution. I am on centos 6.7
>> 
>> I am getting this flooding my error logs when I try to make a new user on a
>> fresh multi domain setup:
>> 
>>    Aug 24 19:01:19 gmx1 imaps[1911]: badlogin: localhost [::1] PLAIN
>> [SASL(-13): authentication failure: bad userid authenticated]
>>    Aug 24 19:01:23 gmx1 imaps[1916]: starttls: TLSv1.2 with cipher
>> ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits new) no authentication
>>    Aug 24 19:01:23 gmx1 imaps[1916]: SASL unable to open Berkeley db
>> /etc/sasldb2: No such file or directory
>>    Aug 24 19:01:23 gmx1 imaps[1916]: SASL unable to open Berkeley db
>> /etc/sasldb2: No such file or directory
>>    Aug 24 19:01:23 gmx1 imaps[1916]: ptload(): bad response from ptloader
>> server: ptsmodule_canonifyid() failed
>>    Aug 24 19:01:23 gmx1 imaps[1916]: ptload completely failed: unable to
>> canonify identifier: 'john'[0:1]doe at domain.com
>>    Aug 24 19:01:23 gmx1 imaps[1916]: SASL bad userid authenticated
>> 
>> 
>> The users do NOT show up on kolab webadmin... It keeps trying to add a test
>> user I made and won't stop trying.  I reboot the server and it goes away.
>> 
>> I tried playing with:
>> 
>> /etc/imapd.conf
>> 
>>    ldap_domain_base_dn: cn=kolab,cn=config
>>    ldap_domain_filter:
>> (&(objectclass=domainrelatedobject)(associateddomain=%s))
>>    ldap_domain_name_attribute: associatedDomain
>>    ldap_domain_scope: sub
>>    ldap_domain_result_attribute: inetdomainbasedn
>> 
>> 
>> I also noticed these at the top.. Should this be "PLAIN" ? see below..
>> 
>>    sasl_pwcheck_method: auxprop saslauthd
>>    sasl_mech_list: PLAIN LOGIN
>>    allowplaintext: no
> I have (Mageia5)
> pwcheck_method: saslauthd
> mech_list: plain login
> 
> 
>> 
>> 
>> My imapd config:
>> 
>>    configdirectory: /var/lib/imap
>>    partition-default: /var/spool/imap
>>    admins: cyrus-admin
>>    sievedir: /var/lib/imap/sieve
>>    sendmail: /usr/sbin/sendmail
>>    sasl_pwcheck_method: auxprop saslauthd
>>    sasl_mech_list: PLAIN LOGIN
>>    allowplaintext: no
>>    tls_server_cert: /etc/pki/cyrus-imapd/cyrus-imapd.pem
>>    tls_server_key: /etc/pki/cyrus-imapd/cyrus-imapd.pem
>>    # uncomment this if you're operating in a DSCP environment (RFC-4594)
>>    # qosmarking: af13
>>    auth_mech: pts
>>    pts_module: ldap
>>    ldap_servers: ldap://localhost:389
>>    ldap_sasl: 0
>>    ldap_base: dc=domain,dc=com
>>    ldap_bind_dn: uid=kolab-service,ou=Special Users,dc=domain,dc=com
>>    ldap_password: WIY0DNbAYPc8uY5
>>    ldap_filter:
>> (|(&(|(uid=cyrus-admin)(uid=cyrus-murder))(uid=%U))(&(|(uid=%U)(mail=%U@
>> %d)(mail=%U@%r))(objectclass=kolabinetorgperson)))
>>    ldap_user_attribute: mail
>>    ldap_group_base: dc=domain,dc=com
>>    ldap_group_filter:
>> (&(cn=%u)(objectclass=ldapsubentry)(objectclass=nsroledefinition))
>>    ldap_group_scope: one
>>    ldap_member_base: ou=People,dc=domain,dc=com
>>    ldap_member_method: attribute
>>    ldap_member_attribute: nsrole
>>    ldap_restart: 1
>>    ldap_timeout: 10
>>    ldap_time_limit: 10
>>    unixhierarchysep: 1
>>    virtdomains: userid
>>    annotation_definitions: /etc/imapd.annotations.conf
>>    sieve_extensions: fileinto reject envelope body vacation imapflags
>> notify include regex subaddress relational copy date index
>>    allowallsubscribe: 0
>>    allowusermoves: 1
>>    altnamespace: 1
>>    hashimapspool: 1
>>    anysievefolder: 1
>>    fulldirhash: 0
>>    sieveusehomedir: 0
>>    sieve_allowreferrals: 0
>>    lmtp_downcase_rcpt: 1
>>    lmtp_fuzzy_mailbox_match: 1
>>    username_tolower: 1
>>    deletedprefix: DELETED
>>    delete_mode: delayed
>>    expunge_mode: delayed
>>    postuser: shared
>> 
>>    ldap_domain_base_dn: cn=kolab,cn=config
>>    ldap_domain_filter:
>> (&(objectclass=domainrelatedobject)(associateddomain=%s))
>>    ldap_domain_name_attribute: associatedDomain
>>    ldap_domain_scope: sub
>>    ldap_domain_result_attribute: inetdomainbasedn
>> 
>> 
>> Cyrus version:
>> 
>>    name       : Cyrus IMAPD
>>    version    : git2.5+0-Kolab-2.5-108.1.el6.kolab_3.4
>>    vendor     : Project Cyrus
>>    support-url: http://www.cyrusimap.org
>>    os         : Linux
>>    os-version : 2.6.32-042stab108.7
>>    environment: Built w/Cyrus SASL 2.1.23
>>                 Running w/Cyrus SASL 2.1.23
>>                 Built w/OpenSSL 1.0.1e-fips 11 Feb 2013
>>                 Running w/OpenSSL 1.0.1e-fips 11 Feb 2013
>>                 Built w/zlib 1.2.3
>>                 Running w/zlib 1.2.3
>>                 CMU Sieve 2.4
>>                 TCP Wrappers
>>                 NET-SNMP
>>                 mmap = shared
>>                 lock = fcntl
>>                 nonblock = fcntl
>>                 idle = idled
>> 
>> 
>> 
>> Kolab web-admin is in turn unable to write the entry to Cyrus as the user
>> doesn't showing the roundcube DB.
>> 
>> 
>> I think my main problem is that this "ptloader" cannot canonify the user.
>> Should I turn on canonicalization?
>> 
>> This article states to use it:
>> https://docs.kolab.org/howtos/multi-domain.html#cyrus-imap-changes
>> 
>> This one does not:
>> http://bmts.us/wiki/doku.php?id=article:kolab:multidomain
> 
> -- 
> Best regards
> Thomas Spuhler
> 
> All of my e-mails have a valid digital signature
> ID 60114E63
> _______________________________________________
> users mailing list
> users at lists.kolab.org
> https://lists.kolab.org/mailman/listinfo/users

More information about the users mailing list