SASL Authentication Problem
Paul Bronson
signaldeveloper at gmail.com
Tue Aug 25 21:02:20 CEST 2015
I fixed all that... see maillog:
Aug 25 14:52:55 gmx1 imap[985]: starttls: TLSv1 with cipher
ECDHE-RSA-AES256-SHA (256/256 bits new) no authentication
Aug 25 14:52:56 gmx1 imap[985]: login: localhost [::1] jdoe at example.com
PLAIN+TLS User logged in
SESSIONID=<gmx1.greysignal.com-985-1440528775-1-13364326380910206712>
Aug 25 14:52:58 gmx1 imap[985]: USAGE jdoe at example.com user: 0.014997 sys:
0.004999
Aug 25 14:52:58 gmx1 imap[986]: starttls: TLSv1 with cipher
ECDHE-RSA-AES256-SHA (256/256 bits new) no authentication
Aug 25 14:52:58 gmx1 imap[986]: login: localhost [::1] jdoe at example.com
PLAIN+TLS User logged in
SESSIONID=<gmx1.greysignal.com-986-1440528778-1-9894088363976393604>
Aug 25 14:52:59 gmx1 imap[986]: USAGE jdoe at example.com user: 0.014997 sys:
0.004999
Aug 25 14:53:00 gmx1 imap[987]: starttls: TLSv1 with cipher
ECDHE-RSA-AES256-SHA (256/256 bits new) no authentication
Aug 25 14:53:00 gmx1 imap[985]: starttls: TLSv1 with cipher
ECDHE-RSA-AES256-SHA (256/256 bits new) no authentication
Aug 25 14:53:00 gmx1 imap[987]: login: localhost [::1] jdoe at example.com
PLAIN+TLS User logged in
SESSIONID=<gmx1.greysignal.com-987-1440528780-1-11829521829204466177>
Aug 25 14:53:00 gmx1 imap[985]: login: localhost [::1] jdoe at example.com
PLAIN+TLS User logged in
SESSIONID=<gmx1.greysignal.com-985-1440528780-1-15467304160879486307>
Aug 25 14:53:00 gmx1 imap[987]: USAGE jdoe at example.com user: 0.012998 sys:
0.006998
Aug 25 14:53:00 gmx1 imap[985]: USAGE jdoe at example.com user: 0.004999 sys:
0.001999
Aug 25 14:54:01 gmx1 imap[988]: starttls: TLSv1 with cipher
ECDHE-RSA-AES256-SHA (256/256 bits new) no authentication
Aug 25 14:54:01 gmx1 imap[988]: login: localhost [::1] jdoe at example.com
PLAIN+TLS User logged in
SESSIONID=<gmx1.greysignal.com-988-1440528841-1-4310350822283964547>
Aug 25 14:54:01 gmx1 imap[986]: starttls: TLSv1 with cipher
ECDHE-RSA-AES256-SHA (256/256 bits new) no authentication
Aug 25 14:54:01 gmx1 imap[986]: login: localhost [::1] jdoe at example.com
PLAIN+TLS User logged in
SESSIONID=<gmx1.greysignal.com-986-1440528841-1-14907836852444514334>
Aug 25 14:54:02 gmx1 imap[986]: USAGE jdoe at example.com user: 0.005999 sys:
0.001000
Aug 25 14:54:02 gmx1 imap[988]: USAGE jdoe at example.com user: 0.012998 sys:
0.006998
Now my only problem is when the user logs in they get the mailbox not being
created message:
Server Error: STATUS: Mailbox does not exist
I am so close! The directions on the websites don't work at all...
On Tue, Aug 25, 2015 at 1:37 PM, Paul Bronson <signaldeveloper at gmail.com>
wrote:
> kolab.conf adjusted:
>
>
> [kolab]
> primary_domain = primarydomain.com
> auth_mechanism = ldap
> imap_backend = cyrus-imap
> default_locale = en_US
> sync_interval = 300
> domain_sync_interval = 600
> policy_uid = %(surname)s.lower()
> primary_mail ='%(givenname)s'[0:1]%(surname)s@%(domain)s
> secondary_mail = {
> 0: {
> "{0}.{1}@{2}": "format('%(givenname)s'[0:1].capitalize(), '%(surname)s',
> '%(domain)s')"
> },
> 1: {
> "{0}@{1}": "format('%(uid)s', '%(domain)s')"
> },
> 2: {
> "{0}@{1}": "format('%(givenname)s.%(surname)s', '%(domain)s')"
> }
> }
> autocreate_folders = {
> 'Archive': {
> 'quota': 0,
> 'partition': 'archive'
> },
> 'Calendar': {
> 'annotations': {
> '/private/vendor/kolab/folder-type': "event.default",
> '/shared/vendor/kolab/folder-type': "event",
> },
> },
> 'Calendar/Personal Calendar': {
> 'annotations': {
> '/shared/vendor/kolab/folder-type': "event",
> },
> },
> 'Configuration': {
> 'annotations': {
> '/private/vendor/kolab/folder-type': "configuration.default",
> '/shared/vendor/kolab/folder-type': "configuration.default",
> },
> },
> 'Contacts': {
> 'annotations': {
> '/private/vendor/kolab/folder-type': "contact.default",
> '/shared/vendor/kolab/folder-type': "contact",
> },
> },
> 'Contacts/Personal Contacts': {
> 'annotations': {
> '/shared/vendor/kolab/folder-type': "contact",
> },
> },
> 'Drafts': {
> 'annotations': {
> '/private/vendor/kolab/folder-type': "mail.drafts",
> },
> },
> 'Files': {
> 'annotations': {
> '/private/vendor/kolab/folder-type': "file.default",
> },
> },
> 'Journal': {
> 'annotations': {
> '/private/vendor/kolab/folder-type': "journal.default",
> '/shared/vendor/kolab/folder-type': "journal",
> },
> },
> 'Notes': {
> 'annotations': {
> '/private/vendor/kolab/folder-type': 'note.default',
> '/shared/vendor/kolab/folder-type': 'note',
> },
> },
> 'Sent': {
> 'annotations': {
> '/private/vendor/kolab/folder-type': "mail.sentitems",
> },
> },
> 'Spam': {
> 'annotations': {
> '/private/vendor/kolab/folder-type': "mail.junkemail",
> },
> },
> 'Tasks': {
> 'annotations': {
> '/private/vendor/kolab/folder-type': "task.default",
> '/shared/vendor/kolab/folder-type': "task",
> },
> },
> 'Trash': {
> 'annotations': {
> '/private/vendor/kolab/folder-type': "mail.wastebasket",
> },
> },
> }
>
> [imap]
> virtual_domains = userid
>
> [ldap]
> ldap_uri = ldap://localhost:389
> supported_controls = 0,2,3
> base_dn = dc=primarydomain,dc=com
> bind_dn = cn=Directory Manager
> bind_pw = JL1VsXSC55jkVH3
> service_bind_dn = uid=kolab-service,ou=Special
> Users,dc=primarydomain,dc=com
> service_bind_pw = WIY0DNbAYPc8uY5
> user_base_dn = ou=People,%(base_dn)s
> user_scope = sub
> user_filter = (objectclass=inetorgperson)
> kolab_user_base_dn = ou=People,%(base_dn)s
> kolab_user_filter = (objectclass=kolabinetorgperson)
> group_base_dn = ou=Groups,%(base_dn)s
> group_filter = (|(objectclass=groupofuniquenames)(objectclass=groupofurls))
> group_scope = sub
> kolab_group_filter =
> (|(objectclass=kolabgroupofuniquenames)(objectclass=kolabgroupofurls))
> sharedfolder_base_dn = ou=Shared Folders,%(base_dn)s
> sharedfolder_filter = (objectclass=kolabsharedfolder)
> sharedfolder_acl_entry_attribute = acl
> resource_base_dn = ou=Resources,%(base_dn)s
> resource_filter = (|%(group_filter)s(objectclass=kolabsharedfolder))
> domain_base_dn = cn=kolab,cn=config
> domain_filter = (&(associatedDomain=*))
> domain_name_attribute = associateddomain
> domain_rootdn_attribute = inetdomainbasedn
> quota_attribute = mailquota
> modifytimestamp_format = %Y%m%d%H%M%SZ
> unique_attribute = nsuniqueid
> mail_attributes = mail, alias
> mailserver_attribute = mailhost
> auth_attributes = mail, alias, uid
>
> [kolab_smtp_access_policy]
> cache_uri = mysql://kolab:HsVXlKTTwz7tuca@localhost/kolab
> cache_retention = 86400
> address_search_attrs = mail, alias
> delegate_sender_header = True
> alias_sender_header = True
> sender_header = True
> xsender_header = True
> empty_sender_hosts = 3.2.1.0/24, 6.6.6.0/24
>
> [kolab_wap]
> skin = default
> sql_uri = mysql://kolab:HsVXlKTTwz7tuca@localhost/kolab
> ssl_verify_peer = false
> ssl_verify_host = false
>
> [cyrus-imap]
> uri = imaps://localhost:993
> admin_login = cyrus-admin
> admin_password = Ony8Cweru6_l7uL
>
> [cyrus-sasl]
> result_attribute = mail
>
> [wallace]
> modules = resources, invitationpolicy, footer
> footer_text = /etc/kolab/footer.text
> footer_html = /etc/kolab/footer.html
> kolab_invitation_policy = ACT_ACCEPT_IF_NO_CONFLICT:example.org,
> ACT_MANUAL
> invitationpolicy_autoupdate_other_attendees_on_reply = false
> resource_calendar_expire_days = 100
>
>
> On Tue, Aug 25, 2015 at 1:14 PM, Paul Bronson <signaldeveloper at gmail.com>
> wrote:
>
>> Per the directions I thought you had to have a section for each domain?
>> Is that not true?
>>
>> On Tue, Aug 25, 2015 at 12:31 PM, Timotheus Pokorra <timotheus at kolab.org>
>> wrote:
>>
>>> what springs to my mind is this:
>>> > 2015-08-25 12:01:02,059 pykolab.auth DEBUG [1293]: Section example.com
>>> has
>>> > no option 'auth_mechanism'
>>> > 2015-08-25 12:01:02,060 pykolab.auth DEBUG [1293]: Starting LDAP...
>>> > 2015-08-25 12:01:02,060 pykolab.auth DEBUG [1293]: Connecting to
>>> LDAP...
>>> > 2015-08-25 12:01:02,061 pykolab.auth DEBUG [1293]: Attempting to use
>>> LDAP
>>>
>>> in my setup, I have:
>>> 2015-08-25 18:28:58,881 pykolab.auth DEBUG [5941]: Called for domain
>>> 'example.org'
>>> 2015-08-25 18:28:58,882 pykolab.auth DEBUG [5941]: Called for domain None
>>> 2015-08-25 18:28:58,882 pykolab.auth DEBUG [5941]: Using section
>>> example.org and domain example.org
>>> 2015-08-25 18:28:58,883 pykolab.auth DEBUG [5941]: Using section
>>> example.org and domain example.org
>>> 2015-08-25 18:28:58,883 pykolab.auth DEBUG [5941]: Connecting to
>>> Authentication backend for domain example.org
>>> 2015-08-25 18:28:58,883 pykolab.auth DEBUG [5941]: Section kolab has
>>> auth_mechanism: 'ldap'
>>> 2015-08-25 18:28:58,883 pykolab.auth DEBUG [5941]: Starting LDAP...
>>> 2015-08-25 18:28:58,883 pykolab.auth DEBUG [5941]: Connecting to LDAP...
>>>
>>> How does your kolab.conf look like?
>>> I don't have a section for each domain, and auth_mechanism = ldap from
>>> section [kolab] is used.
>>> You might need to add that line to your domain section, if you want to
>>> have a section for each domain.
>>>
>>> hope this helps,
>>> Timotheus
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kolab.org/pipermail/users/attachments/20150825/36ada303/attachment-0001.html>
More information about the users
mailing list