Architectural mistake in cyrus ?

Denis BUCHER dbucherml at hsolutions.ch
Fri Jul 31 16:03:12 EDT 2009 

Hello,

Dan White a écrit :
>>>> I already asked this question as an help request here some time ago,
>>>> but
>>>> noone was able to solve this "bug" in cyrus, and I think this issue
>>>> should be addressed :
>>>>
>>>> 1] Problem :
>>>> How to set quota for a user being in another domain than the "main"
>>>> domain ??
>>>>
>>>> 2] More precisely :
>>>> How to access "other" (virtual) domains in cyradm :
>>>>
>>>>      
>>>>>   su - cyrus
>>>>>   cyradm --user cyrus localhost
>>>>>   lm
>>>>>         
>>>> Here I see all mailboxes from our main domain, for example :
>>>>
>>>>      
>>>>> user.dbucherml.ML (\HasChildren)
>>>>> user.dbucherml.ML.Fournisseurs (\HasChildren)
>>>>> user.dbucherml.ML.Fournisseurs.Acer (\HasNoChildren)
>>>>> user.dbucherml.ML.Fournisseurs.Microsoft (\HasChildren)
>>>>> user.dbucherml.ML.Fournisseurs.Microsoft.MSPRP (\HasNoChildren)
>>>>>         
>>>> But as you can see I don't have any "@hsolutions.ch" or
>>>> "@anything.else"
>>>>
>>>> 3] Global admin :
>>>> Some people said my cyrus user is maybe not a global admin, but noone
>>>> was able to help me make it global.
>>>> I mean, some people and some web page gave me some techniques to
>>>> make it
>>>> global, but none worked.
>>>>       
>>> What are your current settings in imapd.conf for:
>>>
>>> servername:
>>> admins:
>>> defaultdomain:
>>> sasl_pwcheck_method:
>>> virtdomains:
>>>     
>>
>> servername: <hostname>.<MY MAIN DOMAIN> (replaced with real values)
>> admins: cyrus cyrus@<MY MAIN DOMAIN>
>> sasl_pwcheck_method: saslauthd
>> sasl_mech_list: PLAIN
>> virtdomains: on
>> hashimapspool: true
>>
>> => I don't have any defaultdomain: but I already tried with main domain,
>> or with alternative domain, it never solved the problem...
>>
>> => authentification is based on LDAP
>>
> See:
> http://cyrusimap.web.cmu.edu/imapd/install-virtdomains.html
> In particular, the 'Administration' section.

Ok I did everything you suggested but there are some PROBLEMS !

To follow what both of you suggested and to follow the instructions, I
only need to add this line :
defaultdomain: <MY MAIN DOMAIN>

But when I do it, many problems appear :

1. First problem I cannot login anymore to cyradm !
=> In the LDAP logs I see that even if I log with "cyrus@<MY MAIN
DOMAIN>", in fact cyrus REMOVES the default domain from the login !

2. I solved this by creating a second cyrus admin in LDAP, instead of
"cyrus@<MY MAIN DOMAIN>" this one is simply "cyrus".
This made possible to access cyradm again, AND surprise :
lm <MY OTHER DPMAIN>!user.dbucherml.*
It works ! :-)

3. BUT THE BIGGEST PROBLEM is :

Now the system is completely screw up, no user can login, no mail can
come in anymore (IMAP/webmail)

4. The explanation of the problem is simple, but I don't see the solution :

In LDAP logs it is clear that cyrus removes the main/default domain when
"defaultdomain: <MY MAIN DOMAIN>" is present in the config.

Without default domain :
> slapd[1868]: conn=2 op=3962 SRCH
base="ou=mailservices,dc=hsolutions,dc=ch" scope=2 deref=0
filter="(|(&(objectClass=CourierMailAccount)(mail=dbucherml@<main
domain>)(accountStatus=active))(&(cn=mailadmin)(description=dbucherml@<main
domain>)))"

With default domain : (You see that cyrus has removed domain)
> slapd[1868]: conn=1 op=4130 SRCH
base="ou=mailservices,dc=hsolutions,dc=ch" scope=2 deref=0
filter="(|(&(objectClass=CourierMailAccount)(mail=dbucherml)(accountStatus=active))(&(cn=mailadmin)(description=dbucherml)))"


This is not possible, we need the domain !

5. WOAW !!! I think I was able to do what I want but it's 100% kludgy !

How to do it :

a) Define a FAKE domain as default domain ! I used "aaa.ch"
b) Create your mail admin as "cyrus" (without domain !)
c) Login into cyradm with cyrus at aaa.ch (NOT with cyrus !)

And it works... Not really elegant but it seems to be the only solution
(???)

What do you think ?

Denis

More information about the Info-cyrus mailing list