cyrus + Active directories authentication query

Clement Hermann (nodens) nodens2099 at gmail.com
Thu Jan 3 16:44:59 EST 2013 

Le 03/01/2013 10:07, jayesh shinde a écrit :
> Hi all ,
>
> I am trying to configure the cyrus + Active directories authentication.
> I have cyrus-imapd-2.4.6-5  and  Active Directory 2003 & 2010
>
> The  mailbox in cyrus  is in format of  firstname.lastname at domain.com
> But the problem is attributes  of Active directories like
> sAMAccountName:  userPrincipalName: & mail: are different ( not same )
>
> Example :-- 
>
> mail: jayesh.shinde at domain.com
> sAMAccountName: 10030
> userPrincipalName: jshinde at domain.com
>
> Cyrus mailbox :-- jayesh.shinde at domain.com
>
> Requirement is :--
> ------------------------
>  I want to do auth by "sAMAccountName" name , this  sAMAccountName is
> use for  Windows desktop login.
>  And I want to keep same login & password credential for both windows
> + email login
>
>  When I am trying do login with  pop3/ imap  with above
> "sAMAccountName" of active directory  , then I am not able to login.
> It gets fail.
>   
> Where as if  I use "mail:" attribute of Active directory then I am
> able to login with  pop3 / imap  and able to all normal activity.
>
> 1) Is any one come across such scenario or requirement , if yes how
> its getting manage ?
> 2) Is there any way or workaround by which I can do sucessfull login
> with "sAMAccountName" and get login in "Cyrus mailbox"  ? ( which is
> mention in above example)
Unless I missed something, Active Directory authentication would use
GSSAPI (that is, kerberos) and the username would be the kerberos
userprincipalname, not the samaccountname. So I suppose what you're
trying to do is LDAP authentication against Active Directory with saslauthd.

One way to make this work would be to disable virtual domains (or use a
default domain), and rename the mailboxes as the sAMAccountName (and
change mail routing accordingly).

I don't think there is a way to make mailbox aliases or username rewrite
in cyrus, so you'd have to use some kind of proxy to do that without
renaming the mailboxes.

Cheers,

-- 
Clement Hermann (nodens)
- "L'air pur ? c'est pas en RL, ça ? c'est pas hors charte ?"
Jean in L'Histoire des Pingouins, http://tnemeth.free.fr/fmbl/linuxsf/

Vous trouverez ma clef publique sur le serveur public pgp.mit.edu.
Please find my public key on the public keyserver pgp.mit.edu.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20130103/46998ad5/attachment.html

More information about the Info-cyrus mailing list