saslauthd with openldap
Hello, I am trying to get saslauthd working to authenticate on openLDAP with passwords stored with a MD5 hash (base64 encoded) in the field UserPassword. The passwords are created with smb-ldap so I think it's normal that they are base64 encoded. testsaslauthd -u mailtest -p secret gives always authentication failed. In auth.log I see always: Bind failed. I've tried many options in saslauthd.conf, at the moment it's this: ldap_servers: ldap://192.168.28.240/ ldap_auth_method: custom ldap_bind_dn: uid=admin,dc=domain,dc=local ldap_bind_pw: secret ldap_search_base: ou=Users,dc=domain,dc=local ldap_filter: cn=%u I am using cyrus-sasl2 version 2.1.25.dfsg1-6 from Debian Wheezy. LDAP is on an old machine (Ubuntu 8.04, slapd version 2.4.7). With regards, Paul van der Vlis. -- Paul van der Vlis Linux systeembeheer, Groningen http://www.vandervlis.nl Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: saslauthd with openldap
Paul, Paul van der Vlis schrieb (19.04.2013 11:58 Uhr): I am trying to get saslauthd working While this is not IMAPd related, why don't your try a SASL list? to authenticate on openLDAP with passwords stored with a MD5 hash (base64 encoded) in the field UserPassword. The passwords are created with smb-ldap so I think it's normal that they are base64 encoded. Is SASL auxprop ldapdb not an option for you? testsaslauthd -u mailtest -p secret gives always authentication failed. In auth.log I see always: Bind failed. I've tried many options in saslauthd.conf, at the moment it's this: ldap_servers: ldap://192.168.28.240/ ldap_auth_method: custom ldap_bind_dn: uid=admin,dc=domain,dc=local ldap_bind_pw: secret ldap_search_base: ou=Users,dc=domain,dc=local ldap_filter: cn=%u what does # ldapsearch -H ldap://192.168.28.240/ -x -D uid=admin,dc=domain,dc=local -w secret -B ou=Users,dc=domain,dc=local cn=oneOfYourUsernames for you? I am using cyrus-sasl2 version 2.1.25.dfsg1-6 from Debian Wheezy. LDAP is on an old machine (Ubuntu 8.04, slapd version 2.4.7). FYI: For a production use LDAP server it is best advice from the openldap developers to use the lastest version, which is 2.4.35. Marc Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: saslauthd with openldap
On 19-04-13 14:06, Marc Patermann wrote: Paul, Paul van der Vlis schrieb (19.04.2013 11:58 Uhr): I am trying to get saslauthd working While this is not IMAPd related, why don't your try a SASL list? I am not a member of it. I have tried to post to it via Gmane but my mail was refused... to authenticate on openLDAP with passwords stored with a MD5 hash (base64 encoded) in the field UserPassword. The passwords are created with smb-ldap so I think it's normal that they are base64 encoded. Is SASL auxprop ldapdb not an option for you? I am a Cyrus user for about 10 years, and I have always used saslauthd. Most of the time using PAM, but sometimes LDAP to Microsoft AD and to Novell. But I have never authenticated to OpenLDAP before. testsaslauthd -u mailtest -p secret gives always authentication failed. In auth.log I see always: Bind failed. I've tried many options in saslauthd.conf, at the moment it's this: ldap_servers: ldap://192.168.28.240/ ldap_auth_method: custom ldap_bind_dn: uid=admin,dc=domain,dc=local ldap_bind_pw: secret ldap_search_base: ou=Users,dc=domain,dc=local ldap_filter: cn=%u what does # ldapsearch -H ldap://192.168.28.240/ -x -D uid=admin,dc=domain,dc=local -w secret -B ou=Users,dc=domain,dc=local cn=oneOfYourUsernames for you? It first gave an error because -B has to be -b, after the changing it, it says ldap_bind: Invalid credentials (49). H. But because I had another working ldapsearch string, I looked at the differences and I found the solution! This was wrong: ldap_bind_dn: uid=admin,dc=domain,dc=local This is right: ldap_bind_dn: cn=admin,dc=domain,dc=local Many thanks for your help! I am using cyrus-sasl2 version 2.1.25.dfsg1-6 from Debian Wheezy. LDAP is on an old machine (Ubuntu 8.04, slapd version 2.4.7). FYI: For a production use LDAP server it is best advice from the openldap developers to use the lastest version, which is 2.4.35. This is an environment what should be replaced but what is in production for many years and for many people. I am only hired for the mailserver.. With regards, Paul van der Vlis. -- Paul van der Vlis Linux systeembeheer, Groningen http://www.vandervlis.nl Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
FW: Global Sieve script
Good morning,
So..
in trying to figure this out this morning I did the following and was able to
get mail filtered into techsupports SPAM folder, but I don't understand why the
global sieve script does not do the same things
Created the following sieve script file (sorry I just realized i have two
requires with the same info at top :S):
require [fileinto];
require fileinto;
if exists X-Spam-Flag {
if header :contains X-Spam-Flag NO {
} else {
fileinto user.techsupport.SPAM;
stop;
}
}
if header :contains From MAILER-DAEMON
{
fileinto INBOX.MAILER-DAEMON;
}
if header :contains From logwatch
{
fileinto INBOX.Server Logs;
}
if header :contains From root
{
fileinto INBOX.Server Logs;
}
then:
prompt sieveshell -u techsupport localhost
connecting to localhost
Please enter your password:
put techsupport.txt phpscript
quit
Now... the test emails are going into the right folder.
Questions, should I not be able to add global sieve rules like such?
prompt sieveshell localhost
connecting to localhost
Please enter your password:
put techsupport.txt phpscript
quit
In my global sieve directory: /var/lib/imap/sieve/global
I have the following three files
lrwxrwxrwx 1 cyrus mail 12 2013-04-19 08:27 defaultbc - phpscript.bc
-rw--- 1 cyrus mail 184 2013-04-19 08:26 phpscript.bc
-rw--- 1 cyrus mail 194 2013-04-19 08:26 phpscript.script
and the content of phpscript.script is:
require fileinto;
if exists X-Spam-Flag {
if header :contains X-Spam-Flag NO {
} else {
fileinto user.techsupport.SPAM;
stop;
}
}
which is the one I created yesterday, and loaded using sieveshell.
any help would be greatly appreciated.
From: shashan...@hotmail.com
To: info-cyrus@lists.andrew.cmu.edu
Subject: Global Sieve script
Date: Wed, 17 Apr 2013 16:56:07 -0400
Good afternoon all,
I am trying to configure a global sieve script to move all incoming emails to a
particular folder. According to the following link this should be a slam dunk:
http://cyrusimap.web.cmu.edu/mediawiki/index.php/Cyrus_Sieve
http://oregonstate.edu/helpdocs/e-mail/onid-e-mail/modifying-your-email-filters-using-sieveshell
So here is what I did:
[shawn@postoffice ~]$ sieveshell -u shawn localhost
connecting to localhost
Please enter your password:
list
phpscript - active script
get phpscript phpscript.txt
exit
[shawn@postoffice ~]$ more phpscript.txt
# This script has been automatically generated by avelsieve
# (Sieve Mail Filters Plugin for Squirrelmail)
# Warning: If you edit this manually, then the changes will not
# be reflected in the users' front-end!
#AVELSIEVE_VERSIONYTo0OntzOjU6Im1ham9yIjtpOjE7czo1OiJtaW5vciI7aTo5O3M6NzoicmVsZWFzZSI7aTo5O3M6Njoic3
RyaW5nIjtzOjU6IjEuOS45Ijt9
#AVELSIEVE_CREATED1342104019
#AVELSIEVE_MODIFIED1351180357
require
[fileinto,envelope,reject,vacation,imapflags,relational,comparator-i;ascii-nume
ric,regex,notify];
#START_SIEVE_RULEYTo1OntzOjQ6ImNvbmQiO2E6MTp7aTowO2E6NTp7czo0OiJraW5kIjtzOjc6Im1lc3NhZ2UiO3M6NDoidHl
wZSI7czo2OiJoZWFkZXIiO3M6NjoiaGVhZGVyIjtzOjExOiJYLVNwYW0tRmxhZyI7czo5OiJtYXRjaHR5cGUiO3M6MjoiaXMiO3M
6MTE6ImhlYWRlcm1hdGNoIjtzOjM6IllFUyI7fX1zOjQ6InR5cGUiO3M6MToiMSI7czo5OiJjb25kaXRpb24iO3M6MzoiYW5kIjt
zOjY6ImFjdGlvbiI7czoxOiI1IjtzOjY6ImZvbGRlciI7czoxMDoiSU5CT1guU1BBTSI7fQ%3D%3DEND_SIEVE_RULE
if header :is X-Spam-Flag YES
{
fileinto INBOX.SPAM;
}
At this point I am a little baffled, since this should be moving all
X-Spam-Flag that are YES into a folder INBOX.SPAM which does not exists at the
top level (although I assume this means it should be filtered into each users
individual SPAM folder). I am using Squirrelmail as a web based from end for my
remote users and imagine the package manager must have installed this at some
point. To simplify my life I re-wrote the script as:
require
[fileinto,envelope,reject,vacation,imapflags,relational,comparator-i;ascii-nume
ric,regex,notify];
if exists X-Spam-Flag {
if header :contains X-Spam-Flag YES
{
fileinto user.techsupport.SPAM;
stop;
}
}
then
[shawn@postoffice ~]$ sieveshell -u shawn localhost
connecting to localhost
Please enter your password:
put phpscript.txt phpscript
list
phpscript - active script
quit
However, users are still receiving emails marked as SPAM in their inbox. What I
am trying to do is make it so that any and all emails marked as SPAM are
redirected to a single folder called SPAM in the techsupport users mail store.
Any help is greatly appreciated,
Shawn
require fileinto;
if exists X-Spam-Flag {
if header :contains X-Spam-Flag NO {
} else {
fileinto user.techsupport.SPAM;
stop;
}
}
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To
