Virtdomains: inter-domain admins do not work ---- was Re: Cannot get loginrealms to work with 2.0.16
Ken Murchison
ken at oceana.com
Sun Oct 6 08:48:46 EDT 2002
Quoting Christian Schulte <cs at schulte.it>:
> Ken Murchison wrote:
>
> >Quoting Christian Schulte <cs at schulte.it>:
> >
> >
> >
> >>>>Your other choice is to skip 2.1 and jump into 2.2
> >>>>available from CVS. Since you're already compiling
> >>>>your cyrus (as opposed to prepackaged binary) and
> >>>>you want virtual domains support (and willing to go
> >>>>to great lengths to get it), I'd suggest getting the 2.2 branch which
> >>>>has native virtual domainsupport
> >>>>built into it.
> >>>>
> >>>>There are a few ppl on the list who have been running
> >>>>the 2.2 branch for a couple weeks now and don't seem
> >>>>to be having any problems with it at all.
> >>>>
> >>>>
> >>Hello again,
> >>
> >>actually I got the cvs branch up and running. I am now running the 2_2
> >>cvs branch successfully on the same machine the 2.0.16 with SASL1 still
> >>runs on!
> >>
> >>
> >
> >FYI, this _might_ break POP3 access on the 2.2 side. It's possible that
> >accessing a mailbox via POP3 on 2.2 then 2.0.16 then 2.2 will not work. I
>
> >won't get into the technical details, but the mailbox format was tweaked in
>
> >2.1.something to fix a potential POP3 UIDL problem, and downgrading wasn't
>
> >considered (by me) and isn't handled gracefully.
> >
> >
> > Cyrus 2_2 got its own alias interface and the machine has two
> >
> >
> >>IPs now. I just had to tweak one option in the masterconf.c source to
> >>make the cyrus-2_2 master reading another cyrus.conf file than
> >>/etc/cyrus.conf. The 2.0.16 master reads /etc/cyrus.conf as usual and
> >> the 2.2 master now reads /etc/cyrus.conf.v2 . Every other configuration
> >>necessary for such setup could be specified in the cyrus.conf files. The
> >>old cyrus.conf file read by 2.0.16 for binding to the primary IP and
> >>starting the old binaries and the second cyrus.conf.v2 file for the 2.2
> >>master to bind to the secondary IP and to start the new binaries with
> >>theire own configuration files specified by the -C option. That all
> >>worked great and was much easier than I expected it to be! If I now
> >>would not have forgotten to specify another path to the sieve scripts
> >>for 2.2 than for 2.0.16, I would not have lost all my scripts. mkimap
> >>created a new /usr/sieve structure and delted the already existent one.
> >>But that was something I simply forgot about. For the new 2.2 I have the
> >>following imapd.conf file:
> >>
> >>configdirectory: /var/imap
> >>partition-default: /var/spool/imap
> >>admins: admin at somedomain.com
> >>servername: mailserver.somedomain.com
> >>localdomain: somedomain.com
> >>sasl_pwcheck_method: auxprop
> >>sasl_auxprop_plugin: sasldb
> >>sasl_allowanonymouslogin: no
> >>sasl_allowplaintext: yes
> >>tls_cert_file: /usr/local/var/imap/server.pem
> >>tls_key_file: /usr/local/var/imap/server.pem
> >>tls_ca_file: /usr/local/var/imap/CAcert.pem
> >>idlesocket: /usr/local/var/imap/socket/idle
> >>loginrealms: realm1.com realm2.net
> >>unixhierarchysep: yes
> >>virtdomains: yes
> >>altnamespace: no
> >>
> >>If creating a user with simply saslpasswd2 -c admin in the local realm I
> >>get the following situation:
> >>
> >>admin at somedomain.com: userPassword
> >>
> >>If logging in with "admin" I get the administration options but cannot
> >>create mailboxes in another domain than somedomain.com (Invalid mailbox
> >>name) and I cannot see any other mailboxes than in somedomain.com thus
> >>domain administration seems to work.
> >>If logging in with "admin at somedomain.com" I do not get any
> >>administration options and only see the admin inbox which I created for
> >>testing. I cannot get the difference here!
> >>The DNS reverselookup to the IP resolves correctly to
> >>mailserver.somedomain.com and /etc/nodename also says somedomain.com.
> >>domain-administration seems to work if logging in without an
> >>@localrealm, but inter-domain administration completely does not work
> >>for me.
> >>
> >>Changing the admins: line to
> >>
> >>admins: admin
> >>
> >>
> >>If now logging in with "admin" I get administration options but cannot
> >>see any user mailbox and again can only see the admin inbox. If I try to
> >>create a mailbox like user/test I get permission denied. If I create a
> >>mailbox like user/test at otherdomain.com I get Invalid mailbox name.
> >>If logging in with "admin at somedomain.com" I do not get any
> >>administration options and again only see the admin inbox. So
> >>inter-domain administrators do not work!
> >>What am I doing wrong ? Any hints would be helpful!
> >>
> >>
> >
> >Read the administrators section of doc/install-virtdomains.html closely.
> Set
> >
> >defaultdomain: admin at somedomin.com
> >
> >
> >
> Thanks! But I still cannot get the inter-domain admins to work.
>
> Thats my new imapd.conf file:
>
> configdirectory: /var/imap
> partition-default: /var/spool/imap
> defaultdomain: somedomain.com
> servername: imap.somedomain.com
> admins: admin
> sasl_pwcheck_method: auxprop
> sasl_auxprop_plugin: sasldb
> sasl_allowanonymouslogin: no
> sasl_allowplaintext: yes
> tls_cert_file: /usr/local/var/imap/server.pem
> tls_key_file: /usr/local/var/imap/server.pem
> tls_ca_file: /usr/local/var/imap/CAcert.pem
> idlesocket: /usr/local/var/imap/socket/idle
> unixhierarchysep: yes
> virtdomains: yes
> altnamespace: no
>
> If I specify defaultdomain: to the domain like above I cannot login any
> more with my admin users and cannot login with any user in the
> defaultdomain! If I set it to admin at somedomain.com I can login with my
> admin user but do get Permission denied if trying to create a mailbox or
> Invalid mailbox name if trying to create a mailbox for another domain.
> So no administration works. If I delete the defaultdomain: line
> completey, the domain-administrators work but the inter-domain
> administrators do not work. I cannot see what I am doing wrong here and
> I cannot find the apropriate parts in install-virtdomains.html.
This config works just fine for me. Others seem to have it working as well.
admins: cyrus admin at example.net
virtdomains: 1
defaultdomain: oceana.com
Can you post the telemetry of your commands/failures? The cyradm or imtest
output would be fine.
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
More information about the Info-cyrus
mailing list