Virtdomains: inter-domain admins do not work ---- was Re: Cannot get loginrealms to work with 2.0.16

Ken Murchison ken at oceana.com
Sun Oct 6 08:48:46 EDT 2002 

Quoting Christian Schulte <cs at schulte.it>:

> Ken Murchison wrote:
> 
> >Quoting Christian Schulte <cs at schulte.it>:
> >
> >  
> >
> >>>>Your other choice is to skip 2.1 and jump into 2.2
> >>>>available from CVS.  Since you're already compiling
> >>>>your cyrus (as opposed to prepackaged binary) and
> >>>>you want virtual domains support (and willing to go
> >>>>to great lengths to get it), I'd suggest getting the 2.2 branch which 
> >>>>has native virtual domainsupport
> >>>>built into it.
> >>>>
> >>>>There are a few ppl on the list who have been running
> >>>>the 2.2 branch for a couple weeks now and don't seem
> >>>>to be having any problems with it at all.
> >>>>        
> >>>>
> >>Hello again,
> >>
> >>actually I got the cvs branch up and running.  I am now running the 2_2 
> >>cvs branch successfully on the same machine the 2.0.16 with SASL1 still 
> >>runs on!
> >>    
> >>
> >
> >FYI, this _might_ break POP3 access on the 2.2 side.  It's possible that 
> >accessing a mailbox via POP3 on 2.2 then 2.0.16 then 2.2 will not work.  I
> 
> >won't get into the technical details, but the mailbox format was tweaked in
> 
> >2.1.something to fix a potential POP3 UIDL problem, and downgrading wasn't
> 
> >considered (by me) and isn't handled gracefully.
> >
> >
> >  Cyrus 2_2 got its own alias interface and the machine has two 
> >  
> >
> >>IPs now. I just had to tweak one option in the masterconf.c source to 
> >>make the cyrus-2_2 master reading another  cyrus.conf file than 
> >>/etc/cyrus.conf. The 2.0.16 master reads /etc/cyrus.conf as usual and 
> >> the 2.2 master now reads /etc/cyrus.conf.v2 . Every other configuration 
> >>necessary for such setup could be specified in the cyrus.conf files. The 
> >>old cyrus.conf file read by 2.0.16 for binding to the primary IP and 
> >>starting the old binaries and the second cyrus.conf.v2 file for the 2.2 
> >>master to bind to the secondary IP and to start the new binaries with 
> >>theire own configuration files specified by the -C option.  That all 
> >>worked great and was much easier than I expected it to be! If I now 
> >>would not have forgotten to specify another path to the sieve scripts 
> >>for 2.2 than for 2.0.16, I would not have lost all my scripts. mkimap 
> >>created a new /usr/sieve structure and delted the already existent one. 
> >>But that was something I simply forgot about. For the new 2.2 I have the 
> >>following imapd.conf file:
> >>
> >>configdirectory: /var/imap
> >>partition-default: /var/spool/imap
> >>admins: admin at somedomain.com
> >>servername: mailserver.somedomain.com
> >>localdomain: somedomain.com
> >>sasl_pwcheck_method: auxprop
> >>sasl_auxprop_plugin: sasldb
> >>sasl_allowanonymouslogin: no
> >>sasl_allowplaintext: yes
> >>tls_cert_file: /usr/local/var/imap/server.pem
> >>tls_key_file: /usr/local/var/imap/server.pem
> >>tls_ca_file: /usr/local/var/imap/CAcert.pem
> >>idlesocket: /usr/local/var/imap/socket/idle
> >>loginrealms: realm1.com realm2.net
> >>unixhierarchysep: yes
> >>virtdomains: yes
> >>altnamespace: no
> >>
> >>If creating a user with simply saslpasswd2 -c admin in the local realm I 
> >>get the following situation:
> >>
> >>admin at somedomain.com: userPassword
> >>
> >>If logging in with "admin" I get the administration options but cannot 
> >>create mailboxes in another domain than somedomain.com (Invalid mailbox 
> >>name) and I cannot see any other mailboxes than in somedomain.com thus 
> >>domain administration seems to work.
> >>If logging in with "admin at somedomain.com" I do not get any 
> >>administration options and only see the admin inbox which I created for 
> >>testing. I cannot get the difference here!
> >>The DNS reverselookup to the IP resolves correctly to 
> >>mailserver.somedomain.com and /etc/nodename also says somedomain.com. 
> >>domain-administration seems to work if logging in without an 
> >>@localrealm, but inter-domain administration completely does not work 
> >>for me.
> >>
> >>Changing the admins: line to
> >>
> >>admins: admin
> >>
> >>
> >>If now logging in with "admin" I get administration options but cannot 
> >>see any user mailbox and again can only see the admin inbox. If I try to 
> >>create a mailbox like user/test I get permission denied. If I create a 
> >>mailbox like user/test at otherdomain.com I get Invalid mailbox name.
> >>If logging in with "admin at somedomain.com" I do not get any 
> >>administration options and again only see the admin inbox. So 
> >>inter-domain administrators do not work!
> >>What am I doing wrong ? Any hints would be helpful!
> >>    
> >>
> >
> >Read the administrators section of doc/install-virtdomains.html closely. 
> Set
> >
> >defaultdomain: admin at somedomin.com
> >
> >  
> >
> Thanks! But I still cannot get the inter-domain admins to work.
> 
> Thats my new imapd.conf file:
> 
> configdirectory: /var/imap
> partition-default: /var/spool/imap
> defaultdomain: somedomain.com
> servername: imap.somedomain.com
> admins: admin
> sasl_pwcheck_method: auxprop
> sasl_auxprop_plugin: sasldb
> sasl_allowanonymouslogin: no
> sasl_allowplaintext: yes
> tls_cert_file: /usr/local/var/imap/server.pem
> tls_key_file: /usr/local/var/imap/server.pem
> tls_ca_file: /usr/local/var/imap/CAcert.pem
> idlesocket: /usr/local/var/imap/socket/idle
> unixhierarchysep: yes
> virtdomains: yes
> altnamespace: no
> 
> If I specify defaultdomain: to the domain like above I cannot login any 
> more with my admin users and cannot login with any user in the 
> defaultdomain! If I set it to admin at somedomain.com  I can login with my 
> admin user but do get Permission denied if trying to create a mailbox or 
> Invalid mailbox name if trying to create a mailbox for another domain. 
> So no administration works. If I delete the defaultdomain: line 
> completey, the domain-administrators work but the inter-domain 
> administrators do not work. I cannot see what I am doing wrong here and 
> I cannot find the apropriate parts in install-virtdomains.html.

This config works just fine for me.  Others seem to have it working as well.

admins: cyrus admin at example.net
virtdomains: 1
defaultdomain: oceana.com

Can you post the telemetry of your commands/failures?  The cyradm or imtest 
output would be fine.

-- 
Kenneth Murchison     Oceana Matrix Ltd.
Software Engineer     21 Princeton Place
716-662-8973 x26      Orchard Park, NY 14127
--PGP Public Key--    http://www.oceana.com/~ken/ksm.pgp

More information about the Info-cyrus mailing list