SASL Authentication Problem
Paul Bronson
signaldeveloper at gmail.com
Tue Aug 25 16:35:51 CEST 2015
Timotheus,
This script, is this something I can run on a fresh kolab 3.4 install to
get multi domain working? If so, that would really be awesome and I'd be
happy to contribute to it!
On Tue, Aug 25, 2015 at 10:25 AM, Timotheus Pokorra <timotheus at kolab.org>
wrote:
> Hello Paul,
>
> I have to admit I did not get the canonification to work for my
> multidomain setup.
> So I am removing it in my scripts:
>
> https://github.com/TBits/KolabScripts/blob/master/kolab/initMultiDomain.sh#L10
>
> Perhaps other parts of that script are useful to you as well.
>
> All the best,
> Timotheus
>
> On 25 August 2015 at 16:19, Paul Bronson <signaldeveloper at gmail.com>
> wrote:
> > Anybody else have any ideas on this? Again this is a fresh "follow the
> > direction" multi domain setup and I don't know exactly what went wrong.
> >
> > On Mon, Aug 24, 2015 at 10:31 PM, <signaldeveloper at gmail.com> wrote:
> >>
> >> I tried playing with that. Didn't help. Anyone else have some ideas on
> >> this? Brian (you are my man!!)
> >>
> >>
> >>
> >> Sent from my iPhone
> >>
> >> > On Aug 24, 2015, at 8:24 PM, Thomas Spuhler
> >> > <thomas.spuhler at btspuhler.com> wrote:
> >> >
> >> >> On Monday, August 24, 2015 08:21:09 PM Paul Bronson wrote:
> >> >> So I am running into a whirlwind of issues with my cyrus install. I
> am
> >> >> setting up a multi-domain kolab groupware solution. I am on centos
> 6.7
> >> >>
> >> >> I am getting this flooding my error logs when I try to make a new
> user
> >> >> on a
> >> >> fresh multi domain setup:
> >> >>
> >> >> Aug 24 19:01:19 gmx1 imaps[1911]: badlogin: localhost [::1] PLAIN
> >> >> [SASL(-13): authentication failure: bad userid authenticated]
> >> >> Aug 24 19:01:23 gmx1 imaps[1916]: starttls: TLSv1.2 with cipher
> >> >> ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits new) no authentication
> >> >> Aug 24 19:01:23 gmx1 imaps[1916]: SASL unable to open Berkeley db
> >> >> /etc/sasldb2: No such file or directory
> >> >> Aug 24 19:01:23 gmx1 imaps[1916]: SASL unable to open Berkeley db
> >> >> /etc/sasldb2: No such file or directory
> >> >> Aug 24 19:01:23 gmx1 imaps[1916]: ptload(): bad response from
> >> >> ptloader
> >> >> server: ptsmodule_canonifyid() failed
> >> >> Aug 24 19:01:23 gmx1 imaps[1916]: ptload completely failed: unable
> >> >> to
> >> >> canonify identifier: 'john'[0:1]doe at domain.com
> >> >> Aug 24 19:01:23 gmx1 imaps[1916]: SASL bad userid authenticated
> >> >>
> >> >>
> >> >> The users do NOT show up on kolab webadmin... It keeps trying to add
> a
> >> >> test
> >> >> user I made and won't stop trying. I reboot the server and it goes
> >> >> away.
> >> >>
> >> >> I tried playing with:
> >> >>
> >> >> /etc/imapd.conf
> >> >>
> >> >> ldap_domain_base_dn: cn=kolab,cn=config
> >> >> ldap_domain_filter:
> >> >> (&(objectclass=domainrelatedobject)(associateddomain=%s))
> >> >> ldap_domain_name_attribute: associatedDomain
> >> >> ldap_domain_scope: sub
> >> >> ldap_domain_result_attribute: inetdomainbasedn
> >> >>
> >> >>
> >> >> I also noticed these at the top.. Should this be "PLAIN" ? see
> below..
> >> >>
> >> >> sasl_pwcheck_method: auxprop saslauthd
> >> >> sasl_mech_list: PLAIN LOGIN
> >> >> allowplaintext: no
> >> > I have (Mageia5)
> >> > pwcheck_method: saslauthd
> >> > mech_list: plain login
> >> >
> >> >
> >> >>
> >> >>
> >> >> My imapd config:
> >> >>
> >> >> configdirectory: /var/lib/imap
> >> >> partition-default: /var/spool/imap
> >> >> admins: cyrus-admin
> >> >> sievedir: /var/lib/imap/sieve
> >> >> sendmail: /usr/sbin/sendmail
> >> >> sasl_pwcheck_method: auxprop saslauthd
> >> >> sasl_mech_list: PLAIN LOGIN
> >> >> allowplaintext: no
> >> >> tls_server_cert: /etc/pki/cyrus-imapd/cyrus-imapd.pem
> >> >> tls_server_key: /etc/pki/cyrus-imapd/cyrus-imapd.pem
> >> >> # uncomment this if you're operating in a DSCP environment
> >> >> (RFC-4594)
> >> >> # qosmarking: af13
> >> >> auth_mech: pts
> >> >> pts_module: ldap
> >> >> ldap_servers: ldap://localhost:389
> >> >> ldap_sasl: 0
> >> >> ldap_base: dc=domain,dc=com
> >> >> ldap_bind_dn: uid=kolab-service,ou=Special Users,dc=domain,dc=com
> >> >> ldap_password: WIY0DNbAYPc8uY5
> >> >> ldap_filter:
> >> >>
> >> >>
> (|(&(|(uid=cyrus-admin)(uid=cyrus-murder))(uid=%U))(&(|(uid=%U)(mail=%U@
> >> >> %d)(mail=%U@%r))(objectclass=kolabinetorgperson)))
> >> >> ldap_user_attribute: mail
> >> >> ldap_group_base: dc=domain,dc=com
> >> >> ldap_group_filter:
> >> >> (&(cn=%u)(objectclass=ldapsubentry)(objectclass=nsroledefinition))
> >> >> ldap_group_scope: one
> >> >> ldap_member_base: ou=People,dc=domain,dc=com
> >> >> ldap_member_method: attribute
> >> >> ldap_member_attribute: nsrole
> >> >> ldap_restart: 1
> >> >> ldap_timeout: 10
> >> >> ldap_time_limit: 10
> >> >> unixhierarchysep: 1
> >> >> virtdomains: userid
> >> >> annotation_definitions: /etc/imapd.annotations.conf
> >> >> sieve_extensions: fileinto reject envelope body vacation imapflags
> >> >> notify include regex subaddress relational copy date index
> >> >> allowallsubscribe: 0
> >> >> allowusermoves: 1
> >> >> altnamespace: 1
> >> >> hashimapspool: 1
> >> >> anysievefolder: 1
> >> >> fulldirhash: 0
> >> >> sieveusehomedir: 0
> >> >> sieve_allowreferrals: 0
> >> >> lmtp_downcase_rcpt: 1
> >> >> lmtp_fuzzy_mailbox_match: 1
> >> >> username_tolower: 1
> >> >> deletedprefix: DELETED
> >> >> delete_mode: delayed
> >> >> expunge_mode: delayed
> >> >> postuser: shared
> >> >>
> >> >> ldap_domain_base_dn: cn=kolab,cn=config
> >> >> ldap_domain_filter:
> >> >> (&(objectclass=domainrelatedobject)(associateddomain=%s))
> >> >> ldap_domain_name_attribute: associatedDomain
> >> >> ldap_domain_scope: sub
> >> >> ldap_domain_result_attribute: inetdomainbasedn
> >> >>
> >> >>
> >> >> Cyrus version:
> >> >>
> >> >> name : Cyrus IMAPD
> >> >> version : git2.5+0-Kolab-2.5-108.1.el6.kolab_3.4
> >> >> vendor : Project Cyrus
> >> >> support-url: http://www.cyrusimap.org
> >> >> os : Linux
> >> >> os-version : 2.6.32-042stab108.7
> >> >> environment: Built w/Cyrus SASL 2.1.23
> >> >> Running w/Cyrus SASL 2.1.23
> >> >> Built w/OpenSSL 1.0.1e-fips 11 Feb 2013
> >> >> Running w/OpenSSL 1.0.1e-fips 11 Feb 2013
> >> >> Built w/zlib 1.2.3
> >> >> Running w/zlib 1.2.3
> >> >> CMU Sieve 2.4
> >> >> TCP Wrappers
> >> >> NET-SNMP
> >> >> mmap = shared
> >> >> lock = fcntl
> >> >> nonblock = fcntl
> >> >> idle = idled
> >> >>
> >> >>
> >> >>
> >> >> Kolab web-admin is in turn unable to write the entry to Cyrus as the
> >> >> user
> >> >> doesn't showing the roundcube DB.
> >> >>
> >> >>
> >> >> I think my main problem is that this "ptloader" cannot canonify the
> >> >> user.
> >> >> Should I turn on canonicalization?
> >> >>
> >> >> This article states to use it:
> >> >> https://docs.kolab.org/howtos/multi-domain.html#cyrus-imap-changes
> >> >>
> >> >> This one does not:
> >> >> http://bmts.us/wiki/doku.php?id=article:kolab:multidomain
> >> >
> >> > --
> >> > Best regards
> >> > Thomas Spuhler
> >> >
> >> > All of my e-mails have a valid digital signature
> >> > ID 60114E63
> >> > _______________________________________________
> >> > users mailing list
> >> > users at lists.kolab.org
> >> > https://lists.kolab.org/mailman/listinfo/users
> >
> >
> >
> > _______________________________________________
> > users mailing list
> > users at lists.kolab.org
> > https://lists.kolab.org/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kolab.org/pipermail/users/attachments/20150825/d3c1fe3f/attachment.html>
More information about the users
mailing list