Next message: Howard Chu: "Re: Configuring ldapdb"
I have some problem configuring ldapdb.
I use the latest sasl distribution 2.1.21.
This are my configurations files
imapd.conf :
configdirectory: /var/lib/imap
partition-default: /varie/mail/var/spool/imap
servername: www.domain.com
admins: cyrus
allowanonymouslogin: no
autocreatequota: 10000
reject8bit: no
quotawarn: 90
timeout: 30
poptimeout: 10
defaultacl: cyrus lcda
dracinterval: 0
drachost: localhost
userprefix: user
sharedprefix: shared
unixhierarchysep: yes
sasl_pwcheck_method: auxprop
sasl_auxprop_plugin: ldapdb
sasl_ldapdb_starttls: try
sievedir: /var/lib/sieve
postmaster: postmaster
lmtp_admins: lmtpuser
defaultdomain: domain.com
unix_group_enable: 0
virtdomains: yes
allowusermoves: yes
tls_cert_file: /usr/lib/cyrus/certs/cert.pem
tls_key_file: /usr/lib/cyrus/certs/key.pem
tls_ca_file: /usr/lib/cyrus/certs/cacert.pem
sasl_ldapdb_uri: ldap://localhost
sasl_ldapdb_id: cyrus
sasl_ldapdb_pw: passwd
sasl_ldapdb_mech: DIGEST-MD5
slapd.conf (part) :
access to dn.children="dc=domain,c=com"
by users read
by anonymous auth
sasl-authz-policy to
sasl-regexp
uid=(.*),cn=DIGEST-MD5,cn=auth
ldap:///dc=domain,dc=com??sub?uid=$1
ldap.diff (data regarding admin user) :
dn: uid=cyrus,ou=People,dc=domain,dc=com
objectClass: top
objectClass: person
objectClass: inetOrgPerson
objectClass: MailObject
objectClass: PopAccount
uid: cyrus
cn: cyrus
sn: cyrus
imapServer: www.domain.com
smtpServer: www.domain.com
imapPort: 143
mailDomain: domain.com
sievePort: 2000
c: IT
preferredLanguage: IT
mailenabled: ko
saslAuthzTo:
ldap:///ou=People,dc=domain,dc=com??sub?(objectclass=inetOrgPerson)
structuralObjectClass: inetOrgPerson
userPassword:: encrypted password
pop.conf (/usr/lib/sasl2) :
pwcheck_method: auxprop
auxprop_plugin: ldapdb
ldapdb_uri: ldap://localhost
ldapdb_id: cyrus
ldapdb_pw: fosbugli
ldapdb_mech: DIGEST-MD5
This is the result of ldapwhoami :
www:/var/log # ldapwhoami -U cyrus -Y DIGEST-MD5 -X u:vittorio -D
"uid=cyrus,ou=People,dc=domain,dc=com" -H ldap://localhost
SASL/DIGEST-MD5 authentication started
Please enter your password:
SASL username: u:vittorio
SASL SSF: 128
SASL installing layers
dn:uid=vittorio,cn=www.domain.com,cn=digest-md5,cn=auth
But if I try to do this command :
telnet www.vitsoft.bz 110
Trying IP...
Connected to www.domain.com.
Escape character is '^]'.
+OK www.domain.com Cyrus POP3 v2.2.12 server ready
<>
user vittorio
+OK Name is a valid mailbox
pass urcojida
-ERR [AUTH] Invalid login
and in the log I have :
May 18 11:59:28 www pop3[21318]: executed
May 18 11:59:28 www pop3[21318]: accepted connection
May 18 11:59:37 www slapd[27020]: conn=17 fd=13 ACCEPT from
IP=127.0.0.1:36794 (IP=0.0.0.0:389)
May 18 11:59:37 www pop3[21318]: badlogin: www.domain.com
[192.168.2.11] plaintext vittorio SASL(-13): user not found: checkpass
failed
May 18 11:59:37 www slapd[27020]: conn=17 fd=13 closed
When ldap is starting I found this lines on the log :
May 18 12:05:27 www slapd[6273]: @(#) $OpenLDAP: slapd 2.2.15 (Jan 26
2005 16:34:33) $
abuild at fix:/usr/src/packages/BUILD/openldap-2.2.15/servers/slapd
May 18 12:05:27 www slapd[6273]: auxpropfunc error invalid parameter supplied
May 18 12:05:27 www slapd[6273]: _sasl_plugin_load failed on
sasl_auxprop_plug_init for plugin: ldapdb
May 18 12:05:27 www slapd[6273]: bdb_initialize: Sleepycat Software:
Berkeley DB 4.2.52: (October 5, 2004)
May 18 12:05:27 www slapd[6273]: bdb_db_init: Initializing bdb database
May 18 12:05:27 www slapd[6278]: slapd starting
What I did wrong ???
Thanks in advance for any help.
--
Vittorio Manfredini
Senior Technical Consultant
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
