SASL对抗LDAP

Question

因此，我遇到了旋风的问题，我的赛勒斯安装。我正在建立一个多域kolab群件解决方案。我现在是6.7英里

当我试图在一个新的多域设置上创建一个新用户时，我的错误日志就会被淹没：

Aug 24 19:01:19 gmx1 imaps[1911]: badlogin: localhost [::1] PLAIN [SASL(-13): authentication failure: bad userid authenticated]
Aug 24 19:01:23 gmx1 imaps[1916]: starttls: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits new) no authentication
Aug 24 19:01:23 gmx1 imaps[1916]: SASL unable to open Berkeley db /etc/sasldb2: No such file or directory
Aug 24 19:01:23 gmx1 imaps[1916]: SASL unable to open Berkeley db /etc/sasldb2: No such file or directory
Aug 24 19:01:23 gmx1 imaps[1916]: ptload(): bad response from ptloader server: ptsmodule_canonifyid() failed
Aug 24 19:01:23 gmx1 imaps[1916]: ptload completely failed: unable to canonify identifier: 'john'[0:1]doe@domain.com
Aug 24 19:01:23 gmx1 imaps[1916]: SASL bad userid authenticated

用户不会出现在kolab网络管理员..。它一直在尝试添加我创建的测试用户，并且不会停止尝试。我重新启动服务器，服务器就会消失。

我试着玩：

/etc/imapd.conf

ldap_domain_base_dn: cn=kolab,cn=config
ldap_domain_filter: (&(objectclass=domainrelatedobject)(associateddomain=%s))
ldap_domain_name_attribute: associatedDomain
ldap_domain_scope: sub
ldap_domain_result_attribute: inetdomainbasedn

(这应该被定义吗？)

ldap_domain_base_dn: cn=kolab,cn=config

我也注意到这些在顶部..。这应该是“普通”吗？见下文..。

sasl_pwcheck_method: auxprop saslauthd
sasl_mech_list: PLAIN LOGIN
allowplaintext: no

我的imapd配置：

configdirectory: /var/lib/imap
partition-default: /var/spool/imap
admins: cyrus-admin
sievedir: /var/lib/imap/sieve
sendmail: /usr/sbin/sendmail
sasl_pwcheck_method: auxprop saslauthd
sasl_mech_list: PLAIN LOGIN
allowplaintext: no
tls_server_cert: /etc/pki/cyrus-imapd/cyrus-imapd.pem
tls_server_key: /etc/pki/cyrus-imapd/cyrus-imapd.pem
# uncomment this if you're operating in a DSCP environment (RFC-4594)
# qosmarking: af13
auth_mech: pts
pts_module: ldap
ldap_servers: ldap://localhost:389
ldap_sasl: 0
ldap_base: dc=domain,dc=com
ldap_bind_dn: uid=kolab-service,ou=Special Users,dc=domain,dc=com
ldap_password: WIY0DNbAYPc8uY5
ldap_filter: (|(&(|(uid=cyrus-admin)(uid=cyrus-murder))(uid=%U))(&(|(uid=%U)(mail=%U@%d)(mail=%U@%r))(objectclass=kolabinetorgperson)))
ldap_user_attribute: mail
ldap_group_base: dc=domain,dc=com
ldap_group_filter: (&(cn=%u)(objectclass=ldapsubentry)(objectclass=nsroledefinition))
ldap_group_scope: one
ldap_member_base: ou=People,dc=domain,dc=com
ldap_member_method: attribute
ldap_member_attribute: nsrole
ldap_restart: 1
ldap_timeout: 10
ldap_time_limit: 10
unixhierarchysep: 1
virtdomains: userid
annotation_definitions: /etc/imapd.annotations.conf
sieve_extensions: fileinto reject envelope body vacation imapflags notify include regex subaddress relational copy date index
allowallsubscribe: 0
allowusermoves: 1
altnamespace: 1
hashimapspool: 1
anysievefolder: 1
fulldirhash: 0
sieveusehomedir: 0
sieve_allowreferrals: 0
lmtp_downcase_rcpt: 1
lmtp_fuzzy_mailbox_match: 1
username_tolower: 1
deletedprefix: DELETED
delete_mode: delayed
expunge_mode: delayed
postuser: shared

ldap_domain_base_dn: cn=kolab,cn=config
ldap_domain_filter: (&(objectclass=domainrelatedobject)(associateddomain=%s))
ldap_domain_name_attribute: associatedDomain
ldap_domain_scope: sub
ldap_domain_result_attribute: inetdomainbasedn

Cyrus版本：

name       : Cyrus IMAPD
version    : git2.5+0-Kolab-2.5-108.1.el6.kolab_3.4 
vendor     : Project Cyrus
support-url: http://www.cyrusimap.org
os         : Linux
os-version : 2.6.32-042stab108.7
environment: Built w/Cyrus SASL 2.1.23
             Running w/Cyrus SASL 2.1.23
             Built w/OpenSSL 1.0.1e-fips 11 Feb 2013
             Running w/OpenSSL 1.0.1e-fips 11 Feb 2013
             Built w/zlib 1.2.3
             Running w/zlib 1.2.3
             CMU Sieve 2.4
             TCP Wrappers
             NET-SNMP
             mmap = shared
             lock = fcntl
             nonblock = fcntl
             idle = idled

又无法将条目写入Cyrus，因为用户没有显示在圆立方体DB中。

我认为我的主要问题是，这个"ptloader“不能规范用户。我应该打开规范化吗？

该条规定使用它：

https://docs.kolab.org/howtos/multi-domain.html#cyrus-imap-changes

这一条没有：

http://bmts.us/wiki/doku.php?id=article:kolab:multidomain

跑步：

testsaslauthd -u cyrus-admin -p mypassword

工作也很好：

0: OK "Success."

Answer 1

我对Cyrus、SASL和LDAP auth也有类似的错误。我需要禁用辅助设备/etc/saslauth.conf：

sasl_pwcheck_method: saslauthd