<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Le 03/01/2013 10:07, jayesh shinde a écrit :
<blockquote cite="mid:50E54A49.4050809@netcore.co.in" type="cite">
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
<font face="Times New Roman, Times, serif">Hi all , <br>
<br>
I am trying to configure the cyrus + Active directories
authentication. <br>
I have cyrus-imapd-2.4.6-5 and Active Directory 2003 &
2010 <br>
<br>
The mailbox in cyrus is in format of <a
moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="mailto:firstname.lastname@domain.com">firstname.lastname@domain.com</a><br>
But the problem is attributes of Active directories like
sAMAccountName: userPrincipalName: & mail: are different (
not same ) <br>
<br>
Example :-- <br>
<br>
mail: <a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:jayesh.shinde@domain.com">jayesh.shinde@domain.com</a><br>
sAMAccountName: 10030<br>
userPrincipalName: <a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:jshinde@domain.com">jshinde@domain.com</a><br>
<br>
Cyrus mailbox :-- <a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:jayesh.shinde@domain.com">jayesh.shinde@domain.com</a><br>
<br>
Requirement is :-- <br>
------------------------<br>
I want to do auth by "sAMAccountName" name , this
sAMAccountName is use for Windows desktop login. <br>
And I want to keep same login & password credential for
both windows + email login <br>
<br>
When I am trying do login with pop3/ imap with above </font><font
face="Times New Roman, Times, serif">"sAMAccountName" of active
directory , </font><font face="Times New Roman, Times, serif">then
I am not able to login. It gets fail. <br>
<br>
Where as if I use "mail:" attribute of Active directory then I
am able to login with pop3 / imap and able to all normal
activity. <br>
<br>
1) Is any one come across such scenario or requirement , if yes
how its getting manage ?<br>
2) Is there any way or workaround by which I can do sucessfull
login with "sAMAccountName" and get login in "Cyrus mailbox" ?
( which is mention in above example) </font><br>
</blockquote>
<font face="Times New Roman, Times, serif">Unless I missed
something, Active Directory authentication would use GSSAPI (that
is, kerberos) and the username would be the kerberos
userprincipalname, not the samaccountname. So </font><font
face="Times New Roman, Times, serif">I suppose what you're trying
to do is LDAP authentication against Active Directory with
saslauthd.</font><br>
<font face="Times New Roman, Times, serif"><br>
One way to make this work would be to disable virtual domains (or
use a default domain), and rename the mailboxes as the
sAMAccountName (and change mail routing accordingly).<br>
<br>
I don't think there is a way to make mailbox aliases or username
rewrite in cyrus, so you'd have to use some kind of proxy to do
that without renaming the mailboxes.<br>
<br>
Cheers,<br>
</font>
<pre class="moz-signature" cols="72">--
Clement Hermann (nodens)
- "L'air pur ? c'est pas en RL, ça ? c'est pas hors charte ?"
Jean in L'Histoire des Pingouins, <a class="moz-txt-link-freetext" href="http://tnemeth.free.fr/fmbl/linuxsf/">http://tnemeth.free.fr/fmbl/linuxsf/</a>
Vous trouverez ma clef publique sur le serveur public pgp.mit.edu.
Please find my public key on the public keyserver pgp.mit.edu.
</pre>
</body>
</html>