Virtdomains: inter-domain admins do not work ---- was Re: Cannot get loginrealms to work with 2.0.16

Christian Schulte cs at schulte.it
Sat Oct 5 22:23:59 EDT 2002 

Ken Murchison wrote:

>Quoting Christian Schulte <cs at schulte.it>:
>
>  
>
>>>>Your other choice is to skip 2.1 and jump into 2.2
>>>>available from CVS.  Since you're already compiling
>>>>your cyrus (as opposed to prepackaged binary) and
>>>>you want virtual domains support (and willing to go
>>>>to great lengths to get it), I'd suggest getting the 2.2 branch which 
>>>>has native virtual domainsupport
>>>>built into it.
>>>>
>>>>There are a few ppl on the list who have been running
>>>>the 2.2 branch for a couple weeks now and don't seem
>>>>to be having any problems with it at all.
>>>>        
>>>>
>>Hello again,
>>
>>actually I got the cvs branch up and running.  I am now running the 2_2 
>>cvs branch successfully on the same machine the 2.0.16 with SASL1 still 
>>runs on!
>>    
>>
>
>FYI, this _might_ break POP3 access on the 2.2 side.  It's possible that 
>accessing a mailbox via POP3 on 2.2 then 2.0.16 then 2.2 will not work.  I 
>won't get into the technical details, but the mailbox format was tweaked in 
>2.1.something to fix a potential POP3 UIDL problem, and downgrading wasn't 
>considered (by me) and isn't handled gracefully.
>
>
>  Cyrus 2_2 got its own alias interface and the machine has two 
>  
>
>>IPs now. I just had to tweak one option in the masterconf.c source to 
>>make the cyrus-2_2 master reading another  cyrus.conf file than 
>>/etc/cyrus.conf. The 2.0.16 master reads /etc/cyrus.conf as usual and 
>> the 2.2 master now reads /etc/cyrus.conf.v2 . Every other configuration 
>>necessary for such setup could be specified in the cyrus.conf files. The 
>>old cyrus.conf file read by 2.0.16 for binding to the primary IP and 
>>starting the old binaries and the second cyrus.conf.v2 file for the 2.2 
>>master to bind to the secondary IP and to start the new binaries with 
>>theire own configuration files specified by the -C option.  That all 
>>worked great and was much easier than I expected it to be! If I now 
>>would not have forgotten to specify another path to the sieve scripts 
>>for 2.2 than for 2.0.16, I would not have lost all my scripts. mkimap 
>>created a new /usr/sieve structure and delted the already existent one. 
>>But that was something I simply forgot about. For the new 2.2 I have the 
>>following imapd.conf file:
>>
>>configdirectory: /var/imap
>>partition-default: /var/spool/imap
>>admins: admin at somedomain.com
>>servername: mailserver.somedomain.com
>>localdomain: somedomain.com
>>sasl_pwcheck_method: auxprop
>>sasl_auxprop_plugin: sasldb
>>sasl_allowanonymouslogin: no
>>sasl_allowplaintext: yes
>>tls_cert_file: /usr/local/var/imap/server.pem
>>tls_key_file: /usr/local/var/imap/server.pem
>>tls_ca_file: /usr/local/var/imap/CAcert.pem
>>idlesocket: /usr/local/var/imap/socket/idle
>>loginrealms: realm1.com realm2.net
>>unixhierarchysep: yes
>>virtdomains: yes
>>altnamespace: no
>>
>>If creating a user with simply saslpasswd2 -c admin in the local realm I 
>>get the following situation:
>>
>>admin at somedomain.com: userPassword
>>
>>If logging in with "admin" I get the administration options but cannot 
>>create mailboxes in another domain than somedomain.com (Invalid mailbox 
>>name) and I cannot see any other mailboxes than in somedomain.com thus 
>>domain administration seems to work.
>>If logging in with "admin at somedomain.com" I do not get any 
>>administration options and only see the admin inbox which I created for 
>>testing. I cannot get the difference here!
>>The DNS reverselookup to the IP resolves correctly to 
>>mailserver.somedomain.com and /etc/nodename also says somedomain.com. 
>>domain-administration seems to work if logging in without an 
>>@localrealm, but inter-domain administration completely does not work 
>>for me.
>>
>>Changing the admins: line to
>>
>>admins: admin
>>
>>
>>If now logging in with "admin" I get administration options but cannot 
>>see any user mailbox and again can only see the admin inbox. If I try to 
>>create a mailbox like user/test I get permission denied. If I create a 
>>mailbox like user/test at otherdomain.com I get Invalid mailbox name.
>>If logging in with "admin at somedomain.com" I do not get any 
>>administration options and again only see the admin inbox. So 
>>inter-domain administrators do not work!
>>What am I doing wrong ? Any hints would be helpful!
>>    
>>
>
>Read the administrators section of doc/install-virtdomains.html closely.  Set
>
>defaultdomain: admin at somedomin.com
>
>  
>
Thanks! But I still cannot get the inter-domain admins to work.

Thats my new imapd.conf file:

configdirectory: /var/imap
partition-default: /var/spool/imap
defaultdomain: somedomain.com
servername: imap.somedomain.com
admins: admin
sasl_pwcheck_method: auxprop
sasl_auxprop_plugin: sasldb
sasl_allowanonymouslogin: no
sasl_allowplaintext: yes
tls_cert_file: /usr/local/var/imap/server.pem
tls_key_file: /usr/local/var/imap/server.pem
tls_ca_file: /usr/local/var/imap/CAcert.pem
idlesocket: /usr/local/var/imap/socket/idle
unixhierarchysep: yes
virtdomains: yes
altnamespace: no

If I specify defaultdomain: to the domain like above I cannot login any 
more with my admin users and cannot login with any user in the 
defaultdomain! If I set it to admin at somedomain.com  I can login with my 
admin user but do get Permission denied if trying to create a mailbox or 
Invalid mailbox name if trying to create a mailbox for another domain. 
So no administration works. If I delete the defaultdomain: line 
completey, the domain-administrators work but the inter-domain 
administrators do not work. I cannot see what I am doing wrong here and 
I cannot find the apropriate parts in install-virtdomains.html.

--Christian--

More information about the Info-cyrus mailing list