sslug-teknik team mailing list archive
-
sslug-teknik team
-
Mailing list archive
-
Message #74602
Re: cyrus sasl/imap/mysql
From: "Jesper K. Pedersen" <jkp@xxxxxxxxxxxxxx>
Subject: Re: [TEKNIK] cyrus sasl/imap/mysql
> Undskyld jeg skriver direkte men jeg kan forestille mig der bliver lidt
> "ekstra" skriverier før der er en løsning vi kan poste hos sslug.
Det viste jeg jo godt, men det skulle jo lige proeves.
Ok, her kommer hele turen :)
> Hvilke software versioner bruger du?
---------------------
# openssl-0.9.7d
---------------------
./config \
shared \
--prefix=/usr/local \
--openssldir=/usr/local/openssl
--------------------
# mysql-4.0.20
--------------------
CFLAGS="-O2 -mcpu=pentiumpro" CXX=gcc
CXXFLAGS="-O2 -mcpu=pentiumpro -felide-constructors -fno-exceptions -fno-rtti" \
./configure \
--prefix=/usr/local/mysql \
--enable-assembler \
--enable-thread-safe-client \
--enable-local-infile \
--without-debug \
--with-extra-charsets=complex \
--with-vio \
--with-openssl
-----------------------
# cyrus-sasl-2.1.18
-----------------------
./configure \
--enable-login \
--enable-srp \
--enable-srp-setpass \
--enable-sql \
--with-openssl=/usr/local \
--with-mysql=/usr/local/mysql \
--with-pgsql=no \
--disable-gssapi \
--disable-anon
----------------------
# cyrus-imapd-2.2.6
----------------------
./configure \
--with-cyrus-user=cyrus \
--with-cyrus-group=mail \
--with-cyrus-prefix=/usr/local/cyrus \
--with-auth=unix \
-----------------------
# imapd.conf
-----------------------
configdirectory: /var/imap/config
partition-default: /var/imap/mail
lmtpsocket: /var/imap/socket/lmtp
sievedir: /var/imap/sieve
sieveusehomedir: false
duplicate_db: skiplist
hashimapspool: true
sendmail: /usr/sbin/sendmail
admins: cyrus
postmaster: mogens@xxxxxxxxxxxxx
sasl_pwcheck_method: auxprop
sasl_auxprop_plugin: sql
sasl_sql_engine: mysql
sasl_mech_list: PLAIN
sasl_mysql_hostname: localhost
sasl_mysql_user: cyrus
sasl_mysql_passwd: xxxxxxxx
sasl_mysql_database: cyrus
sasl_mysql_verbose: true
sasl_sql_select: select passwd from users where login='%u'
sasl_sql_insert: insert into users(realm, login, passwd) values('%r', '%u', '%v')
sasl_sql_update: update users set passwd='%v' where login='%u'
--------------------------
# cyrus.conf
--------------------------
# standard standalone server implementation
START {
# do not delete this entry!
recover cmd="ctl_cyrusdb -r"
# this is only necessary if using idled for IMAP IDLE
# idled cmd="idled"
}
# UNIX sockets start with a slash and are put into /var/imap/socket
SERVICES {
# add or remove based on preferences
imap cmd="imapd" listen="imap" prefork=0
# imaps cmd="imapd -s" listen="imaps" prefork=0
pop3 cmd="pop3d" listen="pop3" prefork=0
# pop3s cmd="pop3d -s" listen="pop3s" prefork=0
sieve cmd="timsieved" listen="sieve" prefork=0
# these are only necessary if receiving/exporting usenet via NNTP
# nntp cmd="nntpd" listen="nntp" prefork=0
# nntps cmd="nntpd -s" listen="nntps" prefork=0
# at least one LMTP is required for delivery
# lmtp cmd="lmtpd" listen="lmtp" prefork=0
lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0
# this is only necessary if using notifications
# notify cmd="notifyd" listen="/var/imap/socket/notify" proto="udp" prefork=1
}
EVENTS {
# this is required
checkpoint cmd="ctl_cyrusdb -c" period=30
# this is only necessary if using duplicate delivery suppression,
# Sieve or NNTP
delprune cmd="cyr_expire -E 3" at=0400
# this is only necessary if caching TLS sessions
tlsprune cmd="tls_prune" at=0400
}
------------------------------
# bruger tabellen
------------------------------
CREATE TABLE users (
id int NOT NULL auto_increment,
fname varchar(30) not null,
lname varchar(30) not null,
addr1 varchar(50) not null,
addr2 varchar(50) not null,
zip varchar(10) not null,
city varchar(50) not null,
country varchar(50) not null,
phone varchar(20) not null,
email varchar(50) not null,
realm varchar(50) not null,
login varchar(15) not null,
passwd varchar(40) not null,
level tinyint not null default 5 references userlevel.id, # Max
userlevel.id=Lowest level
lastlogin datetime not null,
logincnt int not null default 0,
PRIMARY KEY (id),
KEY (fname),
KEY (lname),
KEY (realm),
UNIQUE (fname,lname),
UNIQUE (email),
UNIQUE (login)
);
> Det hjælper hvis vi ved hvad der går galt?
syslog.conf har foelgende
# Cyrus imapd
local6.debug -/var/log/cyrus.log
auth.debug -/var/log/sasl.log
Jeg starter master (inetd.conf er editeret, pop3+imap er ude, inetd er sighup'ed )
$: master &
Hmm, loggen ser ikke ud som tidligere. Foer startede master uden brok. Foerst
ved `telnet localhost imap` fik jeg stoej i loggen
her er den tidligere syslog:
Jun 27 15:54:56 server master[2702]: service imap pid 10336 in READY state: terminated abnormally
Jun 27 15:54:56 server master[2702]: service imap pid 10337 in READY state: terminated abnormally
Jun 27 15:54:56 server master[2702]: service imap pid 10338 in READY state: terminated abnormally
Jun 27 15:54:56 server master[2702]: service imap pid 10339 in READY state: terminated abnormally
og her er den nuvaerende cyrus.log
/var/log/cyrus.log
Jul 3 12:56:35 server master[27070]: setrlimit:
Unable to set file descriptors limit to -1: Operation not permitted
Jul 3 12:56:35 server master[27070]: retrying with 1024 (current max)
Jul 3 12:56:35 server master[27070]: process started
Jul 3 12:56:35 server master[27071]: about to exec /usr/local/cyrus/bin/ctl_cyrusdb
Jul 3 12:56:35 server ctl_cyrusdb[27071]: recovering cyrus databases
Jul 3 12:56:35 server ctl_cyrusdb[27071]: skiplist:
recovered /var/imap/config/mailboxes.db (0 records, 144 bytes) in 0 seconds
Jul 3 12:56:35 server ctl_cyrusdb[27071]: done recovering cyrus databases
Jul 3 12:56:35 server master[27070]: ready for work
Jul 3 12:56:35 server master[27075]: about to exec /usr/local/cyrus/bin/ctl_cyrusdb
Jul 3 12:56:36 server ctl_cyrusdb[27075]: checkpointing cyrus databases
Jul 3 12:56:36 server ctl_cyrusdb[27075]: archiving database file: /var/imap/config/annotations.db
Jul 3 12:56:36 server ctl_cyrusdb[27075]: error opening /var/imap/config/annotations.db for reading
Jul 3 12:56:36 server ctl_cyrusdb[27075]: DBERROR:
error archiving database file: /var/imap/config/annotations.db
Jul 3 12:56:36 server ctl_cyrusdb[27075]: DBERROR: archive /var/imap/config/db: cyrusdb error
Jul 3 12:56:36 server ctl_cyrusdb[27075]: archiving database file: /var/imap/config/mailboxes.db
Jul 3 12:56:36 server ctl_cyrusdb[27075]: DBERROR:
error listing log files: DB_NOTFOUND: No matching key/data pair found
Jul 3 12:56:36 server ctl_cyrusdb[27075]: DBERROR: archive /var/imap/config/db: cyrusdb error
Jul 3 12:56:36 server ctl_cyrusdb[27075]: done checkpointing cyrus databases
Jul 3 12:56:36 server master[27070]: process 27075 exited, status 1
master[27070] koerer stadig.
# ls -lRa /var/imap/
/var/imap/:
total 20
drwxr-x--- 5 cyrus mail 4096 Jun 26 12:16 ./
drwxr-xr-x 14 root root 4096 Jun 26 12:10 ../
drwxr-xr-x 10 cyrus mail 4096 Jul 3 12:56 config/
drwxr-xr-x 3 cyrus mail 4096 Jun 26 12:15 mail/
drwxr-x--- 2 cyrus mail 4096 Jul 3 12:56 socket/
/var/imap/config:
total 44
drwxr-xr-x 10 cyrus mail 4096 Jul 3 12:56 ./
drwxr-x--- 5 cyrus mail 4096 Jun 26 12:16 ../
drwxr-xr-x 2 cyrus mail 4096 Jul 3 12:56 db/
drwx------ 2 cyrus mail 4096 Jul 3 12:56 db.backup1/
drwx------ 2 cyrus mail 4096 Jul 3 12:37 db.backup2/
drwxr-xr-x 2 cyrus mail 4096 Jun 26 12:15 log/
-rw------- 1 cyrus mail 144 Jul 3 12:56 mailboxes.db
drwxr-xr-x 2 cyrus mail 4096 Jun 26 12:15 msg/
drwxr-xr-x 2 cyrus mail 4096 Jun 26 12:15 proc/
drwxr-xr-x 2 cyrus mail 4096 Jun 26 12:15 ptclient/
drwxr-xr-x 2 cyrus mail 4096 Jun 26 12:15 socket/
/var/imap/config/db:
total 11276
drwxr-xr-x 2 cyrus mail 4096 Jul 3 12:56 ./
drwxr-xr-x 10 cyrus mail 4096 Jul 3 12:56 ../
-rw------- 1 cyrus mail 8192 Jul 3 12:56 __db.001
-rw------- 1 cyrus mail 655360 Jul 3 12:56 __db.002
-rw------- 1 cyrus mail 98304 Jul 3 12:56 __db.003
-rw------- 1 cyrus mail 17063936 Jul 3 12:56 __db.004
-rw------- 1 cyrus mail 32768 Jul 3 12:56 __db.005
-rw------- 1 cyrus mail 4 Jul 3 12:56 skipstamp
/var/imap/config/db.backup1:
total 12
drwx------ 2 cyrus mail 4096 Jul 3 12:56 ./
drwxr-xr-x 10 cyrus mail 4096 Jul 3 12:56 ../
-rw------- 1 cyrus mail 144 Jul 3 12:56 mailboxes.db
/var/imap/config/db.backup2:
total 12
drwx------ 2 cyrus mail 4096 Jul 3 12:37 ./
drwxr-xr-x 10 cyrus mail 4096 Jul 3 12:56 ../
-rw------- 1 cyrus mail 144 Jul 3 12:37 mailboxes.db
/var/imap/config/log:
total 8
drwxr-xr-x 2 cyrus mail 4096 Jun 26 12:15 ./
drwxr-xr-x 10 cyrus mail 4096 Jul 3 12:56 ../
/var/imap/config/msg:
total 8
drwxr-xr-x 2 cyrus mail 4096 Jun 26 12:15 ./
drwxr-xr-x 10 cyrus mail 4096 Jul 3 12:56 ../
/var/imap/config/proc:
total 8
drwxr-xr-x 2 cyrus mail 4096 Jun 26 12:15 ./
drwxr-xr-x 10 cyrus mail 4096 Jul 3 12:56 ../
/var/imap/config/ptclient:
total 8
drwxr-xr-x 2 cyrus mail 4096 Jun 26 12:15 ./
drwxr-xr-x 10 cyrus mail 4096 Jul 3 12:56 ../
/var/imap/config/socket:
total 8
drwxr-xr-x 2 cyrus mail 4096 Jun 26 12:15 ./
drwxr-xr-x 10 cyrus mail 4096 Jul 3 12:56 ../
/var/imap/mail:
total 12
drwxr-xr-x 3 cyrus mail 4096 Jun 26 12:15 ./
drwxr-x--- 5 cyrus mail 4096 Jun 26 12:16 ../
drwxr-xr-x 2 cyrus mail 4096 Jun 26 12:15 stage./
/var/imap/mail/stage.:
total 8
drwxr-xr-x 2 cyrus mail 4096 Jun 26 12:15 ./
drwxr-xr-x 3 cyrus mail 4096 Jun 26 12:15 ../
/var/imap/socket:
total 8
drwxr-x--- 2 cyrus mail 4096 Jul 3 12:56 ./
drwxr-x--- 5 cyrus mail 4096 Jun 26 12:16 ../
srwxrwxrwx 1 root root 0 Jul 3 12:56 lmtp=
> Kan sasldblistusers2 finde dine brugere?
Det tror jeg ikke, jeg faar foelgende output:
# sasldblistusers2
cyrus@server: cmusaslsecretSRP
cyrus@server: cmusaslsecretOTP
cyrus@server: userPassword
> Bruger du f.eks. PAM til at godkende via mysql eller bruger du
> sasl's sql motor?
Jeg havde taenkt mig at bruge auxprop/sql mysql, og lave et PHP
interface saa domain-admins selv kan tilfoeje/fjerne accounts.
Det var saa "lidt" skriv. Haaber det kaster lidt lys over sagen.
Later
Mogens
Follow ups
References
