SASL Authentication Problem

Paul Bronson signaldeveloper at gmail.com
Tue Aug 25 16:19:56 CEST 2015 

Anybody else have any ideas on this? Again this is a fresh "follow the
direction" multi domain setup and I don't know exactly what went wrong.

On Mon, Aug 24, 2015 at 10:31 PM, <signaldeveloper at gmail.com> wrote:

> I tried playing with that. Didn't help. Anyone else have some ideas on
> this? Brian (you are my man!!)
>
>
>
> Sent from my iPhone
>
> > On Aug 24, 2015, at 8:24 PM, Thomas Spuhler <
> thomas.spuhler at btspuhler.com> wrote:
> >
> >> On Monday, August 24, 2015 08:21:09 PM Paul Bronson wrote:
> >> So I am running into a whirlwind of issues with my cyrus install. I am
> >> setting up a multi-domain kolab groupware solution. I am on centos 6.7
> >>
> >> I am getting this flooding my error logs when I try to make a new user
> on a
> >> fresh multi domain setup:
> >>
> >>    Aug 24 19:01:19 gmx1 imaps[1911]: badlogin: localhost [::1] PLAIN
> >> [SASL(-13): authentication failure: bad userid authenticated]
> >>    Aug 24 19:01:23 gmx1 imaps[1916]: starttls: TLSv1.2 with cipher
> >> ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits new) no authentication
> >>    Aug 24 19:01:23 gmx1 imaps[1916]: SASL unable to open Berkeley db
> >> /etc/sasldb2: No such file or directory
> >>    Aug 24 19:01:23 gmx1 imaps[1916]: SASL unable to open Berkeley db
> >> /etc/sasldb2: No such file or directory
> >>    Aug 24 19:01:23 gmx1 imaps[1916]: ptload(): bad response from
> ptloader
> >> server: ptsmodule_canonifyid() failed
> >>    Aug 24 19:01:23 gmx1 imaps[1916]: ptload completely failed: unable to
> >> canonify identifier: 'john'[0:1]doe at domain.com
> >>    Aug 24 19:01:23 gmx1 imaps[1916]: SASL bad userid authenticated
> >>
> >>
> >> The users do NOT show up on kolab webadmin... It keeps trying to add a
> test
> >> user I made and won't stop trying.  I reboot the server and it goes
> away.
> >>
> >> I tried playing with:
> >>
> >> /etc/imapd.conf
> >>
> >>    ldap_domain_base_dn: cn=kolab,cn=config
> >>    ldap_domain_filter:
> >> (&(objectclass=domainrelatedobject)(associateddomain=%s))
> >>    ldap_domain_name_attribute: associatedDomain
> >>    ldap_domain_scope: sub
> >>    ldap_domain_result_attribute: inetdomainbasedn
> >>
> >>
> >> I also noticed these at the top.. Should this be "PLAIN" ? see below..
> >>
> >>    sasl_pwcheck_method: auxprop saslauthd
> >>    sasl_mech_list: PLAIN LOGIN
> >>    allowplaintext: no
> > I have (Mageia5)
> > pwcheck_method: saslauthd
> > mech_list: plain login
> >
> >
> >>
> >>
> >> My imapd config:
> >>
> >>    configdirectory: /var/lib/imap
> >>    partition-default: /var/spool/imap
> >>    admins: cyrus-admin
> >>    sievedir: /var/lib/imap/sieve
> >>    sendmail: /usr/sbin/sendmail
> >>    sasl_pwcheck_method: auxprop saslauthd
> >>    sasl_mech_list: PLAIN LOGIN
> >>    allowplaintext: no
> >>    tls_server_cert: /etc/pki/cyrus-imapd/cyrus-imapd.pem
> >>    tls_server_key: /etc/pki/cyrus-imapd/cyrus-imapd.pem
> >>    # uncomment this if you're operating in a DSCP environment (RFC-4594)
> >>    # qosmarking: af13
> >>    auth_mech: pts
> >>    pts_module: ldap
> >>    ldap_servers: ldap://localhost:389
> >>    ldap_sasl: 0
> >>    ldap_base: dc=domain,dc=com
> >>    ldap_bind_dn: uid=kolab-service,ou=Special Users,dc=domain,dc=com
> >>    ldap_password: WIY0DNbAYPc8uY5
> >>    ldap_filter:
> >> (|(&(|(uid=cyrus-admin)(uid=cyrus-murder))(uid=%U))(&(|(uid=%U)(mail=%U@
> >> %d)(mail=%U@%r))(objectclass=kolabinetorgperson)))
> >>    ldap_user_attribute: mail
> >>    ldap_group_base: dc=domain,dc=com
> >>    ldap_group_filter:
> >> (&(cn=%u)(objectclass=ldapsubentry)(objectclass=nsroledefinition))
> >>    ldap_group_scope: one
> >>    ldap_member_base: ou=People,dc=domain,dc=com
> >>    ldap_member_method: attribute
> >>    ldap_member_attribute: nsrole
> >>    ldap_restart: 1
> >>    ldap_timeout: 10
> >>    ldap_time_limit: 10
> >>    unixhierarchysep: 1
> >>    virtdomains: userid
> >>    annotation_definitions: /etc/imapd.annotations.conf
> >>    sieve_extensions: fileinto reject envelope body vacation imapflags
> >> notify include regex subaddress relational copy date index
> >>    allowallsubscribe: 0
> >>    allowusermoves: 1
> >>    altnamespace: 1
> >>    hashimapspool: 1
> >>    anysievefolder: 1
> >>    fulldirhash: 0
> >>    sieveusehomedir: 0
> >>    sieve_allowreferrals: 0
> >>    lmtp_downcase_rcpt: 1
> >>    lmtp_fuzzy_mailbox_match: 1
> >>    username_tolower: 1
> >>    deletedprefix: DELETED
> >>    delete_mode: delayed
> >>    expunge_mode: delayed
> >>    postuser: shared
> >>
> >>    ldap_domain_base_dn: cn=kolab,cn=config
> >>    ldap_domain_filter:
> >> (&(objectclass=domainrelatedobject)(associateddomain=%s))
> >>    ldap_domain_name_attribute: associatedDomain
> >>    ldap_domain_scope: sub
> >>    ldap_domain_result_attribute: inetdomainbasedn
> >>
> >>
> >> Cyrus version:
> >>
> >>    name       : Cyrus IMAPD
> >>    version    : git2.5+0-Kolab-2.5-108.1.el6.kolab_3.4
> >>    vendor     : Project Cyrus
> >>    support-url: http://www.cyrusimap.org
> >>    os         : Linux
> >>    os-version : 2.6.32-042stab108.7
> >>    environment: Built w/Cyrus SASL 2.1.23
> >>                 Running w/Cyrus SASL 2.1.23
> >>                 Built w/OpenSSL 1.0.1e-fips 11 Feb 2013
> >>                 Running w/OpenSSL 1.0.1e-fips 11 Feb 2013
> >>                 Built w/zlib 1.2.3
> >>                 Running w/zlib 1.2.3
> >>                 CMU Sieve 2.4
> >>                 TCP Wrappers
> >>                 NET-SNMP
> >>                 mmap = shared
> >>                 lock = fcntl
> >>                 nonblock = fcntl
> >>                 idle = idled
> >>
> >>
> >>
> >> Kolab web-admin is in turn unable to write the entry to Cyrus as the
> user
> >> doesn't showing the roundcube DB.
> >>
> >>
> >> I think my main problem is that this "ptloader" cannot canonify the
> user.
> >> Should I turn on canonicalization?
> >>
> >> This article states to use it:
> >> https://docs.kolab.org/howtos/multi-domain.html#cyrus-imap-changes
> >>
> >> This one does not:
> >> http://bmts.us/wiki/doku.php?id=article:kolab:multidomain
> >
> > --
> > Best regards
> > Thomas Spuhler
> >
> > All of my e-mails have a valid digital signature
> > ID 60114E63
> > _______________________________________________
> > users mailing list
> > users at lists.kolab.org
> > https://lists.kolab.org/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kolab.org/pipermail/users/attachments/20150825/2203cbfc/attachment.html>

More information about the users mailing list