(no email)
Date: Fri Feb 16 2007 - 05:51:36 EST
Hy all,
I'm still trying to manage and configure authorization using
ldap groups without success on cyrus 2.3.7 ... :(
sasl authentication works fine with ldap and saslauthd.
I've changed my groups on ldap to be easily configurated :
dn: cn=mongroupe,ou=groups,o=mydomain,dc=fr
objectClass: top
objectClass: groupOfNames
description: Test
cn: mongroupe
member: uid=toto1
member: uid=toto2
in my imapd.conf :
If i use only it :
sasl_pwcheck_method: saslauthd
Authentication works.
If I add it for authorization :
auth_mech: pts
pts_module: ldap
ldap_sasl: 1
ldap_uri: ldap.mydomain.com
ldap_mech: PLAIN DIGEST-MD5 CRAM-MD5 LOGIN
ldap_base: o=mydomain,dc=fr
ldap_group_base: ou=groups,o=mydomain,dc=fr
ldap_group_filter: cn=%U
ldap_member_filter: uid=%U
ldap_group_scope: sub
ldap_member_method: filter
I get problem to open cyradm :
Feb 16 11:48:48 imaptest perl: GSSAPI Error: Miscellaneous
failure (see text) (No such file or directory)
Feb 16 11:48:50 imaptest imap[11070]: DBERROR db4:
/var/imap/ptclient/ptscache.db: unexpected file type or format
Feb 16 11:48:50 imaptest imap[11070]: DBERROR: opening
/var/imap/ptclient/ptscache.db: Invalid argument
Feb 16 11:48:50 imaptest imap[11070]: DBERROR: opening
/var/imap/ptclient/ptscache.db: cyrusdb error
Feb 16 11:48:50 imaptest imap[11070]: ptload completely
failed: unable to canonify identifier: cyrus
Feb 16 11:48:50 imaptest imap[11070]: badlogin:
localhost.mydomain.com [::1] DIGEST-MD5 [SASL(-13):
authentication failure: unable canonify user and get auxprops]
Feb 16 11:48:53 imaptest perl: No worthy mechs found
I don't get exactly what i need to be able to configure
groups...!!
Can someone help me, please?
---------- Debut du message initial -----------
De :
A : "hans.moser"
Copies : "info-cyrus"
Date : Fri, 2 Feb 2007 09:56:14 +0100
Objet : Re: Cyrus Imapd shared folders question [auf Viren
überprüft]
>
> Thanks!
>
> I will try with your configuration!
>
> ldapsearch -x -h ldap.mydomain.com -b
> ou=groups,o=mydomain,dc=fr cn=mongroupe
>
> Give me that result :
> # extended LDIF
> #
> # LDAPv3
> # base <ou=groups,o=mydomain,dc=fr> with scope subtree
> # filter: cn=mongroupe
> # requesting: ALL
> #
>
> # mongroupe, groups, mydomain, fr
> dn: cn=mongroupe,ou=groups,o=mydomain,dc=fr
> objectClass: top
> objectClass: groupOfNames
> description: Test
> cn: mongroupe
> member: cn=toto,ou=users,o=mydomain,dc=FR
> member: cn=toto2,ou=users,o=mydomain,dc=fr
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 2
> # numEntries: 1
>
>
>
> And ldapsearch -x -h ldap.mydomain.com -b
> ou=users,o=mydomain,dc=fr cn=toto2
>
>
> # extended LDIF
> #
> # LDAPv3
> # base <ou=users,o=mydomain,dc=fr> with scope subtree
> # filter: cn=toto2
> # requesting: ALL
> #
>
> # toto2, users, mydomain, fr
> dn: cn=toto2,ou=users,o=mydomain,dc=fr
> o: mydomain
> initials: toto
> givenName: toto2
> street: my street
> sn: TEST2
> ou: mydomain
> l: there
> mail:
> facsimileTelephoneNumber: 333
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> objectClass: Person
> uid: toto2
> postalCode: 555658
> cn: toto2
> st: Nord
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 2
> # numEntries: 1
>
>
> Here is the Ldif structure for my groups :
> dn: cn=mongroupe, ou=groups, o=mydomain,dc=fr
> description: Test
> objectClass: top
> objectClass: groupOfNames
> member: cn=toto,ou=users,o=mydomain,dc=FR
> member: cn=toto2,ou=users,o=mydomain,dc=fr
> cn: mongroupe
>
>
>
> So how can i make my filter on group and member?
>
>
>
>
> ---------- Debut du message initial -----------
>
> De : "Hans Moser"
> A : ""
> Copies : "info-cyrus"
> Date : Thu, 01 Feb 2007 18:30:53 +0100
> Objet : Re: Cyrus Imapd shared folders question [auf Viren
> überprüft]
>
> > schrieb:
> >
> > > Jan 31 17:59:37 imaptest ptloader[726]:
> > > ldap_sasl_interactive_bind() failed 16 (No such attribute).
> > > Jan 31 17:59:37 imaptest imap[727]: ptload(): bad response
> > > from ptloader server: ptsmodule_connect() failed
> > > Jan 31 17:59:37 imaptest imap[727]: ptload completely
failed:
> > > unable to canonify identifier: toto2
> > > Jan 31 17:59:37 imaptest imap[727]: badlogin: [10.1.45.1]
> > > plaintext toto2 invalid user
> > Please show the toto2 entry from your ldap server.
> >
> > # ldapsearch -x -h ldap.mydomain.com -b
> ou=users,o=myorg,dc=fr uid=toto2
> >
> > you must have anonymous read access to uid.
> >
> > I use this in imapd 2.2.12 (ldapdb and pts):
> >
> > sasl_log_level: 5
> > sasl_pwcheck_method: auxprob
> > sasl_auxprob_plugin: ldapdb
> > sasl_ldapdb_uri: ldap://foo
> > sasl_ldapdb_id: human
> > sasl_ldapdb_pw: pw
> > sasl_ldapdb_mech: PLAIN DIGEST-MD5 CRAM-MD5 LOGIN
> > allowplaintext: yes
> > sasl_minimum_layer: 0
> > sasl_ldapdb_starttls: Demand
> > sasl_ldap_search_base: ou=humans,ou=bar
> > sasl_ldap_search_filter: maildrop=%U
> > tls_cert_file: foo.pem
> > tls_key_file: foo6.pem
> > tls_ca_file: foo06.pem
> > tls_ca_path: ssl/ca
> > #
> > # ptloader ldap:
> > ldap_id: human
> > ldap_sasl: 1
> > ldap_password: pw
> > ldap_uri: ldap://foo
> > ldap_mech: PLAIN DIGEST-MD5 CRAM-MD5 LOGIN
> > ldap_start_tls: 1
> > ldap_tls_cacert_file: foo.pem
> > ldap_tls_cert: foo6.pem
> > ldap_tls_key: foo06.pem
> > ldap_base: ou=humans,ou=bar
> > ldap_group_base: ou=gruppen,ou=humans,ou=bar
> > ldap_group_filter: ou=%U
> > ldap_member_attribute: member
> > ldap_group_scope: sub
> > ldap_member_method: attribute
> >
> >
> > Hans
> >
>
> Envoyez vos cartes de voeux depuis www.laposte.net
> Elles seront ensuite distribuées par le facteur : pratique
et malin !
>
> ----
> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
> List Archives/Info:
http://asg.web.cmu.edu/cyrus/mailing-list.html
>
Envoyez vos cartes de voeux depuis www.laposte.net
Elles seront ensuite distribuées par le facteur : pratique et malin !
---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
|
|
|