Virtdomains: inter-domain admins do not work ---- was Re: Cannot get loginrealms to work with 2.0.16
pvk at tsinet.ru
pvk at tsinet.ru
Sun Oct 6 07:16:54 EDT 2002
On Sun, Oct 06, 2002 at 04:23:59AM +0200, Christian Schulte wrote:
> >
> Thanks! But I still cannot get the inter-domain admins to work.
>
> Thats my new imapd.conf file:
>
> configdirectory: /var/imap
> partition-default: /var/spool/imap
> defaultdomain: somedomain.com
> servername: imap.somedomain.com
> admins: admin
> sasl_pwcheck_method: auxprop
> sasl_auxprop_plugin: sasldb
> sasl_allowanonymouslogin: no
> sasl_allowplaintext: yes
> tls_cert_file: /usr/local/var/imap/server.pem
> tls_key_file: /usr/local/var/imap/server.pem
> tls_ca_file: /usr/local/var/imap/CAcert.pem
> idlesocket: /usr/local/var/imap/socket/idle
> unixhierarchysep: yes
> virtdomains: yes
> altnamespace: no
>
> If I specify defaultdomain: to the domain like above I cannot login any
> more with my admin users and cannot login with any user in the
> defaultdomain! If I set it to admin at somedomain.com I can login with my
> admin user but do get Permission denied if trying to create a mailbox or
> Invalid mailbox name if trying to create a mailbox for another domain.
> So no administration works. If I delete the defaultdomain: line
> completey, the domain-administrators work but the inter-domain
> administrators do not work. I cannot see what I am doing wrong here and
> I cannot find the apropriate parts in install-virtdomains.html.
You misunderstood.
Let me try to explain. When you specify "defaultdomain" in configuration file,
it's assumed that any user who logs on without domain part in her login id
belongs to default domain.
"admins: admin" line in your configuration file means that user admin, i.e.
user "admin" below the default domain is global administrator (admin who
have access to all virtual domains and default domain namespaces).
If you need domain-specific administrator, you should specify user who has
an entity below the target virtual domain:
admins: admin admin at somedomain.com
Then, when you login with admin at somedomain.com credentials, you'll have
admin authority only within @somedomain.com namespace.
But take in mind that "admin" and "admin at somedomain.com" are different accounts
until your defaultdomain != "somedomain.com".
--
Pavel Korovin
More information about the Info-cyrus
mailing list