From owner-freebsd-ports Mon Aug 19 13: 0:46 2002 Delivered-To: freebsd-ports@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 67A5437B400 for ; Mon, 19 Aug 2002 13:00:29 -0700 (PDT) Received: from mail.gactr.uga.edu (mail.gactr.uga.edu [128.192.37.25]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7EF9D43E4A for ; Mon, 19 Aug 2002 13:00:28 -0700 (PDT) (envelope-from robin.blanchard@georgiacenter.org) Received: (qmail 41703 invoked from network); 19 Aug 2002 20:00:25 -0000 Received: from unknown (HELO georgiacenter.org) ([10.10.25.125]) (envelope-sender ) by mail.servers.gactr.gc.nat (qmail-ldap-1.03) with SMTP for ; 19 Aug 2002 20:00:24 -0000 Message-ID: <3D614E58.70409@georgiacenter.org> Date: Mon, 19 Aug 2002 16:00:24 -0400 From: "Robin P. Blanchard" Organization: Georgia Center for Continuing Education User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.0.0) Gecko/20020819 X-Accept-Language: en-us, en MIME-Version: 1.0 To: "Scot W. Hetzel" Cc: ports@freebsd.org Subject: Re: cyrus / sasl / ldap woes References: <3D611B4F.2050605@georgiacenter.org> <009b01c247a9$040189d0$11fd2fd8@ADMIN00> Content-Type: text/plain; charset=iso-8859-15; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Scot W. Hetzel wrote: > From: "Robin P. Blanchard" > >>freshly installed -STABLE with freshly installed ports: >> >>cyrus-imapd-2.0.16_3 >>cyrus-sasl-1.5.27_6 >>db3-3.2.9_3,1 >>makedepend-2000.12.28 >>openldap-2.0.25 >> > > >>This test box has the same config as the following, working (production) >>box; but imapd doesn't talk to LDAP (tcpdump verifies this), it just >>checks the sasldb file and gives up. >> >>now, our production mail server is 4.6-STABLE (Sun Jun 16 23:39:27 EDT >>2002) with the following ports: >> >>cyrus-imapd-2.0.16_2 >>cyrus-sasl-1.5.27_1 >>db3-3.2.9_3,1 >>makedepend-2000.12.28 >>openldap-2.0.21 >> > > >>is still chugging along just great, authenticating against LDAP. >> >>anyone else using the combo of ports? any success with the current revs? >> >>ideas? >> > > Does OpenLDAP 2.0.25 have SASL compiled into it, as there is a known problem > with OpenLDAP v2 when it has SASL linked with it, (i.e SASL -> > LDAP ->SASL -> LDAP ..... loop). > > 0 - Update to 1.5.27 > (sasl-1.5.27-ldap-ssl-filter-mysql-patch3) > 1 - Fix OpenLDAP v1, PAM pwcheck daemon, JavaSASL > (sasl-1.5.27-ldap-ssl-filter-mysql-patch3) > 2 - KRB5 Fix > 3 - Update to sasl-1.5.27-ldap-ssl-filter-mysql-patch4 > 4 - Update to fixed sasl-1.5.27-ldap-ssl-filter-mysql-patch4 > 5 - Move include files to sasl1 > 6 - Enable saslauthd, and make it default pwcheck method > > Try changing the ports Makefile to use *patch3 instead of *patch4, then run > a make makesum, and make build/install. Then test if you can use LDAP. > > Let me know the results. > > Another option you have is to switch to using saslauthd (w -a pam), then > configuring PAM for LDAP lookups (pop3, imap, ..). Ok...took the new/broken box and removed cyrus-imapd-2.0.16_3 and cyrus-sasl-1.5.27_6. pkg_tarup'ed older versions from working/production server. Force pkg_added them (to use new openldap-2.0.25 libs -- so, problem is not related to ldap rev). SASL is again talking to LDAP. So...when things got broken? Not sure. But it's (sasl and/or cyrus-imap) certainly currently broken. And now back to the real problem...Hopefully getting cyrus/sasl to auth against AD as opposed to openldap. -- ---------------------------------------- Robin P. Blanchard Systems Integration Specialist Georgia Center for Continuing Education fon: 706.542.2404 <|> fax: 706.542.6546 ---------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message