I've been pulling my hair out with this for nearly 4 days now. I have cyrus 2.1.5, sasl 2.1.7 on a RH7.3 box compiled as follows:
SASL: ./configure --enable-plain --disable-krb4 --with-saslauthd=/var/run/saslauthd --with-ldap=/usr/local/lib IMAP: ./configure --with-sasl=/usr/local/lib --with-perl --with-auth=unix --with-ssl --with-dbdir=/usr/local/BerkeleyDB.4.0 --with-ucdsnmp=no Basically I CYRUS->SASLAUTHD->LDAP For some reason users intermittently will be prompted for their password over and over. The sasl debug log show the following lines when that happens: Sep 20 16:53:46 servername saslauthd[341]: Entry not found or more than one entries found (uid=superman). Sep 20 16:53:46 servername saslauthd[341]: AUTHFAIL: user=superman service=imap realm= (ldap logs show nothing) The user always exists in the ldap directory. In fact 75% of the time they can login and use mail without problems. It seems like when I restart the ldap directory the AUTHFAILS stop happening for a while. I have the ldap directory restarting ldap every 5 minutes now, which seems to be keeping the AUTHFAILS to a minimum (but they are still happening). I immediately figured it was an LDAP problem. However, I've now tried openldap 2.0.25, 2.1.5, 2.0.23 as the ldap server. I've even tried each of these three versions on two different servers (one with redhat, one with debian). Both servers were completely different hardware. I also tried different versions of the ldap client library (and of course recompiled cyrus and sasl after trying each) on the cyrus server. Nothing stops these intermittent AUTHFAILS. Does anyone have any idea whats going on? I'm desperate. Any ideas would be appreciated. Thanks, Lee SASLAUTHD.CONF: ldap_servers: ldaps://server1.com # (tried ldap and ldaps here) ldap_bind_dn: cn=postfixAdmin,ou=software,dc=location,dc=com ldap_bind_pw: password ldap_auth_method: bind ldap_search_base: ou=users,dc=location,dc=com ldap_debug: 5000 ldap_timeout: 15 # tried multiple values here too ldap_time_limit: 15 # tried multiple values here too IMAPD.CONF configdirectory: /export/cyrus/imap partition-default: /export/cyrus/spool/imap admins: admin #sasl_pwcheck_method: pam tls_cert_file: /export/cyrus/server.pem tls_key_file: /export/cyrus/server.pem allowanonymouslogin: no allowplaintext: yes sasl_mech_list: PLAIN servername: localhost autocreatequota: 10000 reject8bit: no quotawarn: 90 timeout: 30 poptimeout: 10 dracinterval: 0 drachost: localhost sasl_pwcheck_method: saslauthd #sievedir: /usr/sieve #sendmail: /usr/sbin/sendmail #sieve_maxscriptsize: 32 #sieve_maxscripts: 5 # Get rid of folders as subfolders of INBOX altnamespace: yes unixhierarchysep: yes
