SASL Authentication Problem

Timotheus Pokorra timotheus at kolab.org
Tue Aug 25 16:25:35 CEST 2015 

Hello Paul,

I have to admit I did not get the canonification to work for my
multidomain setup.
So I am removing it in my scripts:
https://github.com/TBits/KolabScripts/blob/master/kolab/initMultiDomain.sh#L10

Perhaps other parts of that script are useful to you as well.

All the best,
  Timotheus

On 25 August 2015 at 16:19, Paul Bronson <signaldeveloper at gmail.com> wrote:
> Anybody else have any ideas on this? Again this is a fresh "follow the
> direction" multi domain setup and I don't know exactly what went wrong.
>
> On Mon, Aug 24, 2015 at 10:31 PM, <signaldeveloper at gmail.com> wrote:
>>
>> I tried playing with that. Didn't help. Anyone else have some ideas on
>> this? Brian (you are my man!!)
>>
>>
>>
>> Sent from my iPhone
>>
>> > On Aug 24, 2015, at 8:24 PM, Thomas Spuhler
>> > <thomas.spuhler at btspuhler.com> wrote:
>> >
>> >> On Monday, August 24, 2015 08:21:09 PM Paul Bronson wrote:
>> >> So I am running into a whirlwind of issues with my cyrus install. I am
>> >> setting up a multi-domain kolab groupware solution. I am on centos 6.7
>> >>
>> >> I am getting this flooding my error logs when I try to make a new user
>> >> on a
>> >> fresh multi domain setup:
>> >>
>> >>    Aug 24 19:01:19 gmx1 imaps[1911]: badlogin: localhost [::1] PLAIN
>> >> [SASL(-13): authentication failure: bad userid authenticated]
>> >>    Aug 24 19:01:23 gmx1 imaps[1916]: starttls: TLSv1.2 with cipher
>> >> ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits new) no authentication
>> >>    Aug 24 19:01:23 gmx1 imaps[1916]: SASL unable to open Berkeley db
>> >> /etc/sasldb2: No such file or directory
>> >>    Aug 24 19:01:23 gmx1 imaps[1916]: SASL unable to open Berkeley db
>> >> /etc/sasldb2: No such file or directory
>> >>    Aug 24 19:01:23 gmx1 imaps[1916]: ptload(): bad response from
>> >> ptloader
>> >> server: ptsmodule_canonifyid() failed
>> >>    Aug 24 19:01:23 gmx1 imaps[1916]: ptload completely failed: unable
>> >> to
>> >> canonify identifier: 'john'[0:1]doe at domain.com
>> >>    Aug 24 19:01:23 gmx1 imaps[1916]: SASL bad userid authenticated
>> >>
>> >>
>> >> The users do NOT show up on kolab webadmin... It keeps trying to add a
>> >> test
>> >> user I made and won't stop trying.  I reboot the server and it goes
>> >> away.
>> >>
>> >> I tried playing with:
>> >>
>> >> /etc/imapd.conf
>> >>
>> >>    ldap_domain_base_dn: cn=kolab,cn=config
>> >>    ldap_domain_filter:
>> >> (&(objectclass=domainrelatedobject)(associateddomain=%s))
>> >>    ldap_domain_name_attribute: associatedDomain
>> >>    ldap_domain_scope: sub
>> >>    ldap_domain_result_attribute: inetdomainbasedn
>> >>
>> >>
>> >> I also noticed these at the top.. Should this be "PLAIN" ? see below..
>> >>
>> >>    sasl_pwcheck_method: auxprop saslauthd
>> >>    sasl_mech_list: PLAIN LOGIN
>> >>    allowplaintext: no
>> > I have (Mageia5)
>> > pwcheck_method: saslauthd
>> > mech_list: plain login
>> >
>> >
>> >>
>> >>
>> >> My imapd config:
>> >>
>> >>    configdirectory: /var/lib/imap
>> >>    partition-default: /var/spool/imap
>> >>    admins: cyrus-admin
>> >>    sievedir: /var/lib/imap/sieve
>> >>    sendmail: /usr/sbin/sendmail
>> >>    sasl_pwcheck_method: auxprop saslauthd
>> >>    sasl_mech_list: PLAIN LOGIN
>> >>    allowplaintext: no
>> >>    tls_server_cert: /etc/pki/cyrus-imapd/cyrus-imapd.pem
>> >>    tls_server_key: /etc/pki/cyrus-imapd/cyrus-imapd.pem
>> >>    # uncomment this if you're operating in a DSCP environment
>> >> (RFC-4594)
>> >>    # qosmarking: af13
>> >>    auth_mech: pts
>> >>    pts_module: ldap
>> >>    ldap_servers: ldap://localhost:389
>> >>    ldap_sasl: 0
>> >>    ldap_base: dc=domain,dc=com
>> >>    ldap_bind_dn: uid=kolab-service,ou=Special Users,dc=domain,dc=com
>> >>    ldap_password: WIY0DNbAYPc8uY5
>> >>    ldap_filter:
>> >>
>> >> (|(&(|(uid=cyrus-admin)(uid=cyrus-murder))(uid=%U))(&(|(uid=%U)(mail=%U@
>> >> %d)(mail=%U@%r))(objectclass=kolabinetorgperson)))
>> >>    ldap_user_attribute: mail
>> >>    ldap_group_base: dc=domain,dc=com
>> >>    ldap_group_filter:
>> >> (&(cn=%u)(objectclass=ldapsubentry)(objectclass=nsroledefinition))
>> >>    ldap_group_scope: one
>> >>    ldap_member_base: ou=People,dc=domain,dc=com
>> >>    ldap_member_method: attribute
>> >>    ldap_member_attribute: nsrole
>> >>    ldap_restart: 1
>> >>    ldap_timeout: 10
>> >>    ldap_time_limit: 10
>> >>    unixhierarchysep: 1
>> >>    virtdomains: userid
>> >>    annotation_definitions: /etc/imapd.annotations.conf
>> >>    sieve_extensions: fileinto reject envelope body vacation imapflags
>> >> notify include regex subaddress relational copy date index
>> >>    allowallsubscribe: 0
>> >>    allowusermoves: 1
>> >>    altnamespace: 1
>> >>    hashimapspool: 1
>> >>    anysievefolder: 1
>> >>    fulldirhash: 0
>> >>    sieveusehomedir: 0
>> >>    sieve_allowreferrals: 0
>> >>    lmtp_downcase_rcpt: 1
>> >>    lmtp_fuzzy_mailbox_match: 1
>> >>    username_tolower: 1
>> >>    deletedprefix: DELETED
>> >>    delete_mode: delayed
>> >>    expunge_mode: delayed
>> >>    postuser: shared
>> >>
>> >>    ldap_domain_base_dn: cn=kolab,cn=config
>> >>    ldap_domain_filter:
>> >> (&(objectclass=domainrelatedobject)(associateddomain=%s))
>> >>    ldap_domain_name_attribute: associatedDomain
>> >>    ldap_domain_scope: sub
>> >>    ldap_domain_result_attribute: inetdomainbasedn
>> >>
>> >>
>> >> Cyrus version:
>> >>
>> >>    name       : Cyrus IMAPD
>> >>    version    : git2.5+0-Kolab-2.5-108.1.el6.kolab_3.4
>> >>    vendor     : Project Cyrus
>> >>    support-url: http://www.cyrusimap.org
>> >>    os         : Linux
>> >>    os-version : 2.6.32-042stab108.7
>> >>    environment: Built w/Cyrus SASL 2.1.23
>> >>                 Running w/Cyrus SASL 2.1.23
>> >>                 Built w/OpenSSL 1.0.1e-fips 11 Feb 2013
>> >>                 Running w/OpenSSL 1.0.1e-fips 11 Feb 2013
>> >>                 Built w/zlib 1.2.3
>> >>                 Running w/zlib 1.2.3
>> >>                 CMU Sieve 2.4
>> >>                 TCP Wrappers
>> >>                 NET-SNMP
>> >>                 mmap = shared
>> >>                 lock = fcntl
>> >>                 nonblock = fcntl
>> >>                 idle = idled
>> >>
>> >>
>> >>
>> >> Kolab web-admin is in turn unable to write the entry to Cyrus as the
>> >> user
>> >> doesn't showing the roundcube DB.
>> >>
>> >>
>> >> I think my main problem is that this "ptloader" cannot canonify the
>> >> user.
>> >> Should I turn on canonicalization?
>> >>
>> >> This article states to use it:
>> >> https://docs.kolab.org/howtos/multi-domain.html#cyrus-imap-changes
>> >>
>> >> This one does not:
>> >> http://bmts.us/wiki/doku.php?id=article:kolab:multidomain
>> >
>> > --
>> > Best regards
>> > Thomas Spuhler
>> >
>> > All of my e-mails have a valid digital signature
>> > ID 60114E63
>> > _______________________________________________
>> > users mailing list
>> > users at lists.kolab.org
>> > https://lists.kolab.org/mailman/listinfo/users
>
>
>
> _______________________________________________
> users mailing list
> users at lists.kolab.org
> https://lists.kolab.org/mailman/listinfo/users

More information about the users mailing list