cyrus-pop3 and saslauthd. username check in mailbox.db?

From: Thomas Vogt (no email)
Date: Thu Dec 16 2004 - 10:33:46 EST

  • Next message: Ken Murchison: "Re: Cyrus sasl authentication problem"

    Hello

    I've use cyrus-imapd 2.2.10 and saslauthd.

    saslauthd works fine:
    testsaslauthd -u pc322 -p testpw
    0: OK "Success."

    testsaslauthd -u test at lan -p testpw
    0: OK "Success."

    (same user in the ldap database. pc322 is uid, test at lan is
    mailacceptinggeneralid)

    Thats why I've defined ldap filter. The idea is to check mailboxes with
    uid as username or with the ldap entry in mailacceptinggeneralid as
    username.

    imapd.conf:
    configdirectory: /var/imap
    partition-default: /var/spool/imap
    servername: testserver.lan
    hashimapspool: true
    poptimeout: 10
    allowplaintext: yes
    sasl_pwcheck_method: saslauthd
    ldap_filter: (|(uid=%u)(mailacceptinggeneralid=%u))

    saslauthd.conf:
    ldap_servers: ldap://home.lan
    ldap_search_base: ou=people,ou=lan,dc=lan,dc=ch
    ldap_filter: (|(uid=%u)(mailacceptinggeneralid=%u))

    First of all. Do I've to definied the ldap_filter in imapd.conf and in
    saslauthd.conf? I thought sasl_pwcheck_method: saslauthd for imapd.conf
    is enough.

    Login with the uid/mailbox name in ldap (username: pc322) works fine.

    Escape character is '^]'.
    +OK mail.lan Cyrus POP3 v2.2.10 server ready
    <
    user pc322
    +OK Name is a valid mailbox
    pass testpw
    ...

    Now I tried to login with the username from mailacceptinggeneralid in
    ldap (username: thomas at lan).

    Escape character is '^]'.
    +OK mail.lan Cyrus POP3 v2.2.10 server ready
    <
    user thomas at lan
    -ERR [AUTH] Invalid user

    This error message returned immediately. There was no check from cyrus
    imapd to saslauthd => ldap.

    Is it not possible to authenticate a user in cyrus-imapd with other
    names than the default uid/mailbox name even if I've set ldap_filter? Is
    the username check limited to the mailbox.db?
    I mean cyrus can always get the uid if a user authenticate itself as
    with another entry in den ldap server.

    regards
    Thomas


    ---
    Cyrus Home Page: http://asg.web.cmu.edu/cyrus
    Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
    List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
    


  • Next message: Ken Murchison: "Re: Cyrus sasl authentication problem"





    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs



    Powered By FreeBSD   Powered By FreeBSD