[Date Prev][Date Next]
Re: saslauxprop and libldapdb, auxpropfunc error -7
On Sun, 9 Mar 2003, Joe Rhodes wrote:
> On Thursday, March 6, 2003, at 01:53 PM, Igor Brezac wrote:
> > On Thu, 6 Mar 2003, Joe Rhodes wrote:
> >> Howard, Igor, Rob, et. al.,
> >> I've tried applying the changes as Howard suggested below. It has
> >> succeeded in preventing the "auxpropfunc error -7" message from
> >> showing
> >> up when Cyrus IMAP invokes the SASL library to do a user/password
> >> verification. However, there is still no bind (or any activity for
> >> that matter) with slapd. It just reports an error "SASL(-13): user
> >> not
> >> found: checkpass failed" in the system log. I guess at this point
> >> I'm
> >> at least expecting it to query the ldap server, even if it isn't
> >> successful. My imap.conf file is as so (per previous
> >> recommendations):
> >> configdirectory: /var/imap
> >> partition-default: /var/spool/imap
> >> admins: cyrus root
> >> sasl_pwcheck_method: auxprop
> >> sasl_auxprop_plugin: ldapdb
> >> sasl_ldapdb_uri: ldap://127.0.0.1
> >> sasl_ ldapdb_id: admin
> >> sasl_ ldapdb_pw: password
> >> sasl_ ldapdb_mech: PLAIN
> > This should work, I assume extra spaces is just a typo.
> > Are you certain the plugin is contacting the ldap server
> > (ldap://127.0.0.1)? If this is the case, can 'ldapdb_id: admin' be
> > used
> > for proxy authorization privileges to every account that is allowed to
> > login?
> Actually, no, my plugin is NOT contacting the server, running on the
> same host. I've tried using both
> sasl_ldapdb_uri: ldapi://
> sasl_ldapdb_uri: ldap://127.0.0.1
> As of yet, I have not been able to get the Cyrus SASL plugin to query
> the server at all. I'm running slapd with debug of 256. This seems to
> splash plenty of info in the console window anytime an application
> queries it (say, Netscape Mail, for instance).
How are you testing the plugin?
You will need to fetch cyrus-sasl from the cmu cvs and try again.
(important Howard's patches are in there) Also, get the latest
libldapdb.c from the openldap cvs or download openldap 2.1.15.
> Which are the extra spaces you speak of?
sasl_ ldapdb_id: admin
> Is there some way to get more error messages out of the auxprop plugin?
> Perhaps if I could see what it thinks it has for arguments, what it's
> trying to do when it fails, etc. Right now all I have is that it
> doesn't contact OpenLDAP and can't find the user [SASL (-13)user not
> found: checkpass failed]
> Up to this point, I've applied the patches Howard Chu offered earlier
> to get rid of the "auxpropfunc error -7" messages. I no longer get
> that message when an SASL-enabled server tries to use the auxprop
> Have others gotten this to work? If they have, then I must be missing
I have it working.
> something here. Once I do (if I do) get this working, I intend to
> document the adventure. I'd guess that this would be pertinent to
> others that use similar software (sendmail and Cyrus IMAP) who want to
> use a more secure method of password exchange/authentication.