[Fwd: Re: Cyrus IMAPd, auxprop and canon_user plugins?]

Igor Brezac igor at ypass.net
Fri Sep 29 12:35:28 EDT 2006 


> -----Original Message-----
> From: cyrus-devel-bounces at lists.andrew.cmu.edu [mailto:cyrus-devel-
> bounces at lists.andrew.cmu.edu] On Behalf Of Torsten Schlabach
> Sent: Friday, September 29, 2006 10:58 AM
> To: Igor Brezac
> Cc: cyrus-devel at lists.andrew.cmu.edu
> Subject: Re: [Fwd: Re: Cyrus IMAPd, auxprop and canon_user plugins?]
> 
> Igor,
> 
>  > You will need to write a custom cyrus imapd authorization module or a
>  > sasl canon plugin.
> 
> Thank you for confirming that!
> 
> Some people claimed it could be done by using sasl-regexp stuff in
> OpenLDAP together with ldabdb auxprop plugin alone. I came to the
> conclusion that I don't see how this might work, which is what you're
> saying.

This is an internal cyrus imapd issue, so openldap sasl-regexp does not
help.

> 
> Now I have to decide wether I will write a canon_user or an auxprop
> plugin.
> 
> I have indeed done some successful prototyping with a canon_user plugin
> using the norealm.c example from Diego Rivera [1]. But I wonder if I
> could handle this inside the ldapdb auxprop plugin as well.
> 
> Inside the auxprop plugin, I have the LDAP connection and the object
> against which I authenticate anyway. So it would be very easy to read an
> extra attribute from that object and use it as the canonicalized username.
> 
> The question is: Can an auxprop plugin override the username?

I do not think this is possible.  I suggest you write a custom canon plugin.
The code is self contained, easier to build and you will not need to patch
cyrus software every time new releases come out.

Another semi decent option is to hack pts/ldap code or write your own pts
module.

-Igor

> 
> Regards,
> Torsten
> 
> ---
> 
> [1]
> http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-
> sasl&msg=4403
> 
> 
> Igor Brezac schrieb:
> >
> >>-----Original Message-----
> >>From: cyrus-devel-bounces at lists.andrew.cmu.edu [mailto:cyrus-devel-
> >>bounces at lists.andrew.cmu.edu] On Behalf Of Torsten Schlabach
> >>Sent: Thursday, September 28, 2006 5:55 PM
> >>To: cyrus-devel at lists.andrew.cmu.edu
> >>Subject: [Fwd: Re: Cyrus IMAPd, auxprop and canon_user plugins?]
> >>
> >> > What do you want to achieve, what problem do you want to solve?
> >>
> >>As I wrote:
> >>
> >> > Our users want to login using their email address as a login name,
> not
> >> > their xy12345 name.
> >>
> >>Isn't that a very common problem?
> >
> >
> > You will need to write a custom cyrus imapd authorization module or a
> sasl
> > canon plugin.
> >
> > -Igor
> >
> >
> >>Regards,
> >>Torsten
> >>
> >>-------- Original-Nachricht --------
> >>Betreff: Re: Cyrus IMAPd, auxprop and canon_user plugins?
> >>Datum: Thu, 28 Sep 2006 21:56:06 +0200
> >>Von: Dilyan Palauzov <Dilyan.Palauzov at aegee.org>
> >>An: Torsten Schlabach <tschlabach at gmx.net>
> >>Referenzen: <451C05ED.5000401 at gmx.net>
> >>
> >>	Hello Torsten,
> >>	What do you want to achieve, what problem do you want to solve? How
> >>want the users want to login, why do you walk about xy12345, when you
> >>don't have questions about it?
> >>	Greetings,
> >>		?????
> >>
> >>Torsten Schlabach wrote:
> >>
> >>>Hi!
> >>>
> >>>I am not really sure how to ask the question the right way, but let me
> >>>start somewhere:
> >>>
> >>>I understand that an auxprop plugin retrieves a number of attributes
> >>>from a backend. One of that attributed typically is a userPassword
> >>>string IIUC.
> >>>
> >>>What other attributes does Cyrus IMAPd ask off an auxprop plugin it
> >>
> >>uses?
> >>
> >>>Is there anything like a "mailbox name" or "authzId" attribute for
> >>>example which is beeing retrieved through the auxprop plugin?
> >>>
> >>>We run a setup that does not have virtual domains, but we use mailbox
> >>>names such as xy12345 and we map e-mail addresses to mailboxes.
> >>>
> >>>No users want to login using their email address as a login name, not
> >>>their xy12345 name.
> >>>
> >>>I think there might be two ways of achieving that:
> >>>
> >>>a) By putting a "mailbox name" attribute in the backend database, if
> >>>IMAPd would care or
> >>>b) By writing something to the authzid attribute in the auxprop plugin.
> >>>
> >>>In case of doing the latter, would the auxprop plugin eliminate the
> need
> >>>for a canon_user plugin?
> >>>
> >>>Do I suffer from any misconception here?
> >>>
> >>>Regards,
> >>>Torsten
> >>>

More information about the Cyrus-devel mailing list