Architectural mistake in cyrus ?
Andrew Morgan
morgan at orst.edu
Thu Jul 16 15:41:01 EDT 2009
On Thu, 16 Jul 2009, Denis BUCHER wrote:
> servername: <hostname>.<MY MAIN DOMAIN> (replaced with real values)
> admins: cyrus cyrus@<MY MAIN DOMAIN>
> sasl_pwcheck_method: saslauthd
> sasl_mech_list: PLAIN
> virtdomains: on
> hashimapspool: true
>
> => I don't have any defaultdomain: but I already tried with main domain,
> or with alternative domain, it never solved the problem...
>
> => authentification is based on LDAP
You must define defaultdomain. As the docs say:
* Everyone is in a domain - It's best to think of every user as
existing inside a domain. Unqualified users are technically inside the
defaultdomain.
* Global and Domain admins - The Cyrus virtual domains implementation
supports per-domain administrators as well as global (inter-domain)
administrators. Domain-specific administrators are specified with a fully
qualified userid in the admins option (e.g., admin at example.net) and only
have access to mailboxes in the associated domain. Global administrators
are specified with unqualified userids.
* Global administrators are specified with an unqualified userid in
the admins option and have access to any mailbox on the server. Because
global admins use unqualified userids, they belong to the defaultdomain.
As a result, you CANNOT have a global admin without specifying a
defaultdomain. Note that when trying to login as a global admin to a
multi-homed server from a remote machine, it might be necessary to fully
qualify the userid with the defaultdomain.
Personally, I have only test virtual domains using the sasldb auxprop
plugin. I don't know how saslauthd with ldap will interact with
unqualified userid authentication. Perhaps the solution is to login as
cyrus@<defaultdomain>.
Andy
More information about the Info-cyrus
mailing list