<html><head><title>Re: Cyrus administration problem</title>
<META http-equiv=Content-Type content="text/html; charset=windows-1252">
</head>
<body>
<span style=" font-family:'Verdana'; font-size: 10pt;">I get it, I know what you are saying but, perhaps this was just a typo but I was responding to this as you wrote it:<br>
<br>
<i>virtdomains: 1 (don´t query DNS)<br>
virtdomains: userid (do DNS query)<br>
<br>
</i>In fact, if you read the manual, the way it works is:<br>
<br>
<i>virtdomains: 1 <br>
(do DNS query if no realm is specified in userid - see excerpt I included in previous email)<br>
<br>
virtdomains: userid <br>
(never do a DNS query, i.e.: only use userid - and the part that is not mentioned but I can see for myself in the queries - if no realm is specified in user id then use [the short] server name for the realm... and that gives me something consistent which is all I needed. As a bonus there is no chance of costly DNS lookups which there can be if I leave virtdomains set at 1.)<br>
<br>
</i>I have yet to find ldap_default_realm in the html manual but perhaps it is only in the man pages (or I just haven't seen it even though it is there). In any case, I will certainly look further with your information provided but at it stands, the solution of changing virtdomains to userid was a good one for my needs.<br>
<br>
Thank you for your kind help.<br>
Reggie.<br>
<br>
Thursday, August 6, 2009, 1:25:13 PM, you wrote:<br>
<br>
<span style=" font-family:'courier new'; font-size: 9pt; color: #800000;"><b>> On Thu, Aug 6, 2009 at 3:34 PM,<br>
> Nybbles2Byte<<a style=" font-weight: normal;" href="mailto:nybbles2byte@gmail.com">nybbles2byte@gmail.com</a>> wrote:<br>
<span style=" color: #800080;">>> Thanks but I am not sure how you are getting that conclusion from this<br>
>> wording in the manual. As far as I can see it almost (but not quite) the<br>
>> reverse of what you are saying.<br>
</span></b><span style=" font-family:'Verdana'; font-size: 10pt; color: #000000;"><br>
<br>
<span style=" font-family:'courier new'; font-size: 9pt; color: #800000;"><b>> # man imapd.conf<br>
</b><span style=" font-family:'Verdana'; font-size: 10pt; color: #000000;"><br>
<span style=" font-family:'courier new'; font-size: 9pt; color: #800000;"><b>> virtdomains: off<br>
> Enable virtual domain support. If enabled, the user’s domain<br>
> will be determined by splitting a fully qualified userid at the last<br>
> ’@’ or ’%’ symbol.<br>
</b><span style=" font-family:'Verdana'; font-size: 10pt; color: #000000;"><br>
<span style=" font-family:'courier new'; font-size: 9pt; color: #800000;"><b>> userid refer to "login" user not reverse DNS.<br>
</b><span style=" font-family:'Verdana'; font-size: 10pt; color: #000000;"><br>
<span style=" font-family:'courier new'; font-size: 9pt; color: #800000;"><b>> fully qualified userid => <a style=" font-weight: normal;" href="mailto:johndoe@example.org">johndoe@example.org</a> (no dns lookup)<br>
> unqualified userid => johndoe (no dns lookup if<br>
> sasl_ldap_default_domain* or sasl_ldap_default_realm* and<br>
> defaultdomain is set)<br>
</b><span style=" font-family:'Verdana'; font-size: 10pt; color: #000000;"><br>
<span style=" font-family:'courier new'; font-size: 9pt; color: #800000;"><b>> * without sasl_ prefix at saslauthd.conf .<br>
</b><span style=" font-family:'Verdana'; font-size: 10pt; color: #000000;"><br>
<span style=" font-family:'courier new'; font-size: 9pt; color: #800000;"><b>> With saslauthd.conf:<br>
</b><span style=" font-family:'Verdana'; font-size: 10pt; color: #000000;"><br>
<span style=" font-family:'courier new'; font-size: 9pt; color: #800000;"><b>> ldap_default_realm: default.example.org<br>
> ldap_filter: (&(objectClass=inetOrgPerson)(mail=%U@%d))<br>
</b><span style=" font-family:'Verdana'; font-size: 10pt; color: #000000;"><br>
<span style=" font-family:'courier new'; font-size: 9pt; color: #800000;"><b>> Login with unqualified userid root makes query to<br>
> (&(objectClass=inetOrgPerson)(mail=root@default.example.org))<br>
</b><span style=" font-family:'Verdana'; font-size: 10pt; color: #000000;"><br>
<span style=" font-family:'courier new'; font-size: 9pt; color: #800000;"><b>> With "admins: root" root become global admin.<br>
</b><span style=" font-family:'Verdana'; font-size: 10pt; color: #000000;"><br>
<span style=" font-family:'courier new'; font-size: 9pt; color: #800000;"><b>> This example is to salsauthd with LDAP backhend.<br>
</b><span style=" font-family:'Verdana'; font-size: 10pt; color: #000000;"><br>
<span style=" font-family:'courier new'; font-size: 9pt; color: #800080;"><b>>> ----------------------------------------------------------------------------------<br>
>> Configuring Virtual Domains<br>
>> Introduction<br>
</b><span style=" font-family:'Verdana'; font-size: 10pt; color: #000000;"><br>
<span style=" font-family:'courier new'; font-size: 9pt; color: #800080;"><b>>> Virtual domains is the practice of hosting a service for more than one<br>
>> domain on one server. Cyrus IMAP has the ability to host IMAP/POP mailboxes<br>
>> for multiple domains (e.g. <a style=" font-weight: normal;" href="mailto:test@example.com">test@example.com</a> and <a style=" font-weight: normal;" href="mailto:test@example.net">test@example.net</a>) on a<br>
>> single server or Murder.<br>
</b><span style=" font-family:'Verdana'; font-size: 10pt; color: #000000;"><br>
<span style=" font-family:'courier new'; font-size: 9pt; color: #800080;"><b>>> In order to accomplish this, Cyrus needs to know which domain to look in<br>
>> when a mailbox is accessed. There are two ways in which Cyrus can determine<br>
>> the domain:<br>
</b><span style=" font-family:'Verdana'; font-size: 10pt; color: #000000;"><br>
<span style=" font-family:'courier new'; font-size: 9pt; color: #800080;"><b>>> * Fully qualified userid - the client logs in with a userid containing<br>
>> the domain in which the user belongs (e.g <a style=" font-weight: normal;" href="mailto:test@example.com">test@example.com</a> or<br>
>> test%example.net)<br>
>> * IP address - the server looks up the domain based on the IP address of<br>
>> the receiving interface (useful for servers with multiple NICs or using IP<br>
>> aliasing)<br>
</b><span style=" font-family:'Verdana'; font-size: 10pt; color: #000000;"><br>
<span style=" font-family:'courier new'; font-size: 9pt; color: #800080;"><b>>> Both of these methods are active if the virtdomains option is set to on (or<br>
>> yes, 1, true) and can be used in conjunction with one another. If the<br>
>> virtdomains option is set to userid, then only the first method is used.<br>
>> Note that a fully qualified userid takes precedence over a domain obtained<br>
>> from the IP address.<br>
>> ----------------------------------------------------------------------------------<br>
</b><span style=" font-family:'Verdana'; font-size: 10pt; color: #000000;"><br>
<br>
<br>
<br>
<br>
<span style=" font-family:'arial'; font-size: 8pt; color: #c0c0c0;"><i>-- <br>
Nybbles2Byte <a style=" font-style: normal;" href="mailto:nybbles2byte@gmail.com">mailto:nybbles2byte@gmail.com</a></body>