Configuring ldapdb

From: Vittorio Manfredini (no email)
Date: Wed May 18 2005 - 06:08:00 EDT

  • Next message: Howard Chu: "Re: Configuring ldapdb"

    I have some problem configuring ldapdb.

    I use the latest sasl distribution 2.1.21.

    This are my configurations files

    imapd.conf :
    configdirectory: /var/lib/imap
    partition-default: /varie/mail/var/spool/imap
    servername: www.domain.com
    admins: cyrus
    allowanonymouslogin: no
    autocreatequota: 10000
    reject8bit: no
    quotawarn: 90
    timeout: 30
    poptimeout: 10
    defaultacl: cyrus lcda
    dracinterval: 0
    drachost: localhost
    userprefix: user
    sharedprefix: shared
    unixhierarchysep: yes
    sasl_pwcheck_method: auxprop
    sasl_auxprop_plugin: ldapdb
    sasl_ldapdb_starttls: try
    sievedir: /var/lib/sieve
    postmaster: postmaster
    lmtp_admins: lmtpuser
    defaultdomain: domain.com
    unix_group_enable: 0
    virtdomains: yes
    allowusermoves: yes
    tls_cert_file: /usr/lib/cyrus/certs/cert.pem
    tls_key_file: /usr/lib/cyrus/certs/key.pem
    tls_ca_file: /usr/lib/cyrus/certs/cacert.pem
    sasl_ldapdb_uri: ldap://localhost
    sasl_ldapdb_id: cyrus
    sasl_ldapdb_pw: passwd
    sasl_ldapdb_mech: DIGEST-MD5

    slapd.conf (part) :
    access to dn.children="dc=domain,c=com"
                   by users read
                   by anonymous auth
    sasl-authz-policy to
    sasl-regexp
                   uid=(.*),cn=DIGEST-MD5,cn=auth
                   ldap:///dc=domain,dc=com??sub?uid=$1

    ldap.diff (data regarding admin user) :
    dn: uid=cyrus,ou=People,dc=domain,dc=com
    objectClass: top
    objectClass: person
    objectClass: inetOrgPerson
    objectClass: MailObject
    objectClass: PopAccount
    uid: cyrus
    cn: cyrus
    sn: cyrus
    imapServer: www.domain.com
    smtpServer: www.domain.com
    imapPort: 143
    mailDomain: domain.com
    sievePort: 2000
    c: IT
    preferredLanguage: IT
    mailenabled: ko
    saslAuthzTo:
    ldap:///ou=People,dc=domain,dc=com??sub?(objectclass=inetOrgPerson)
    structuralObjectClass: inetOrgPerson
    userPassword:: encrypted password

    pop.conf (/usr/lib/sasl2) :
    pwcheck_method: auxprop
    auxprop_plugin: ldapdb
    ldapdb_uri: ldap://localhost
    ldapdb_id: cyrus
    ldapdb_pw: fosbugli
    ldapdb_mech: DIGEST-MD5

    This is the result of ldapwhoami :
    www:/var/log # ldapwhoami -U cyrus -Y DIGEST-MD5 -X u:vittorio -D
    "uid=cyrus,ou=People,dc=domain,dc=com" -H ldap://localhost
    SASL/DIGEST-MD5 authentication started
    Please enter your password:
    SASL username: u:vittorio
    SASL SSF: 128
    SASL installing layers
    dn:uid=vittorio,cn=www.domain.com,cn=digest-md5,cn=auth

    But if I try to do this command :
    telnet www.vitsoft.bz 110
    Trying IP...
    Connected to www.domain.com.
    Escape character is '^]'.
    +OK www.domain.com Cyrus POP3 v2.2.12 server ready
    <>
    user vittorio
    +OK Name is a valid mailbox
    pass urcojida
    -ERR [AUTH] Invalid login

    and in the log I have :
    May 18 11:59:28 www pop3[21318]: executed
    May 18 11:59:28 www pop3[21318]: accepted connection
    May 18 11:59:37 www slapd[27020]: conn=17 fd=13 ACCEPT from
    IP=127.0.0.1:36794 (IP=0.0.0.0:389)
    May 18 11:59:37 www pop3[21318]: badlogin: www.domain.com
    [192.168.2.11] plaintext vittorio SASL(-13): user not found: checkpass
    failed
    May 18 11:59:37 www slapd[27020]: conn=17 fd=13 closed

    When ldap is starting I found this lines on the log :
    May 18 12:05:27 www slapd[6273]: @(#) $OpenLDAP: slapd 2.2.15 (Jan 26
    2005 16:34:33) $
    abuild at fix:/usr/src/packages/BUILD/openldap-2.2.15/servers/slapd
    May 18 12:05:27 www slapd[6273]: auxpropfunc error invalid parameter supplied
    May 18 12:05:27 www slapd[6273]: _sasl_plugin_load failed on
    sasl_auxprop_plug_init for plugin: ldapdb
    May 18 12:05:27 www slapd[6273]: bdb_initialize: Sleepycat Software:
    Berkeley DB 4.2.52: (October 5, 2004)
    May 18 12:05:27 www slapd[6273]: bdb_db_init: Initializing bdb database
    May 18 12:05:27 www slapd[6278]: slapd starting

    What I did wrong ???

    Thanks in advance for any help.

    -- 
    Vittorio Manfredini
    Senior Technical Consultant
    ----------------------------------------------------------------
    This message was sent using IMP, the Internet Messaging Program.
    

  • Next message: Howard Chu: "Re: Configuring ldapdb"





    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs



    Powered By FreeBSD   Powered By FreeBSD