Virtdomains: inter-domain admins do not work ---- was Re: Cannot get loginrealms to work with 2.0.16

Ken Murchison ken at oceana.com
Sat Oct 5 09:17:24 EDT 2002 

Quoting Christian Schulte <cs at schulte.it>:

> >
> >> Your other choice is to skip 2.1 and jump into 2.2
> >> available from CVS.  Since you're already compiling
> >> your cyrus (as opposed to prepackaged binary) and
> >> you want virtual domains support (and willing to go
> >> to great lengths to get it), I'd suggest getting the 2.2 branch which 
> >> has native virtual domainsupport
> >> built into it.
> >>
> >> There are a few ppl on the list who have been running
> >> the 2.2 branch for a couple weeks now and don't seem
> >> to be having any problems with it at all.
> >
> Hello again,
> 
> actually I got the cvs branch up and running.  I am now running the 2_2 
> cvs branch successfully on the same machine the 2.0.16 with SASL1 still 
> runs on!

FYI, this _might_ break POP3 access on the 2.2 side.  It's possible that 
accessing a mailbox via POP3 on 2.2 then 2.0.16 then 2.2 will not work.  I 
won't get into the technical details, but the mailbox format was tweaked in 
2.1.something to fix a potential POP3 UIDL problem, and downgrading wasn't 
considered (by me) and isn't handled gracefully.


  Cyrus 2_2 got its own alias interface and the machine has two 
> IPs now. I just had to tweak one option in the masterconf.c source to 
> make the cyrus-2_2 master reading another  cyrus.conf file than 
> /etc/cyrus.conf. The 2.0.16 master reads /etc/cyrus.conf as usual and 
>  the 2.2 master now reads /etc/cyrus.conf.v2 . Every other configuration 
> necessary for such setup could be specified in the cyrus.conf files. The 
> old cyrus.conf file read by 2.0.16 for binding to the primary IP and 
> starting the old binaries and the second cyrus.conf.v2 file for the 2.2 
> master to bind to the secondary IP and to start the new binaries with 
> theire own configuration files specified by the -C option.  That all 
> worked great and was much easier than I expected it to be! If I now 
> would not have forgotten to specify another path to the sieve scripts 
> for 2.2 than for 2.0.16, I would not have lost all my scripts. mkimap 
> created a new /usr/sieve structure and delted the already existent one. 
> But that was something I simply forgot about. For the new 2.2 I have the 
> following imapd.conf file:
> 
> configdirectory: /var/imap
> partition-default: /var/spool/imap
> admins: admin at somedomain.com
> servername: mailserver.somedomain.com
> localdomain: somedomain.com
> sasl_pwcheck_method: auxprop
> sasl_auxprop_plugin: sasldb
> sasl_allowanonymouslogin: no
> sasl_allowplaintext: yes
> tls_cert_file: /usr/local/var/imap/server.pem
> tls_key_file: /usr/local/var/imap/server.pem
> tls_ca_file: /usr/local/var/imap/CAcert.pem
> idlesocket: /usr/local/var/imap/socket/idle
> loginrealms: realm1.com realm2.net
> unixhierarchysep: yes
> virtdomains: yes
> altnamespace: no
> 
> If creating a user with simply saslpasswd2 -c admin in the local realm I 
> get the following situation:
> 
> admin at somedomain.com: userPassword
> 
> If logging in with "admin" I get the administration options but cannot 
> create mailboxes in another domain than somedomain.com (Invalid mailbox 
> name) and I cannot see any other mailboxes than in somedomain.com thus 
> domain administration seems to work.
> If logging in with "admin at somedomain.com" I do not get any 
> administration options and only see the admin inbox which I created for 
> testing. I cannot get the difference here!
> The DNS reverselookup to the IP resolves correctly to 
> mailserver.somedomain.com and /etc/nodename also says somedomain.com. 
> domain-administration seems to work if logging in without an 
> @localrealm, but inter-domain administration completely does not work 
> for me.
> 
> Changing the admins: line to
> 
> admins: admin
> 
> 
> If now logging in with "admin" I get administration options but cannot 
> see any user mailbox and again can only see the admin inbox. If I try to 
> create a mailbox like user/test I get permission denied. If I create a 
> mailbox like user/test at otherdomain.com I get Invalid mailbox name.
> If logging in with "admin at somedomain.com" I do not get any 
> administration options and again only see the admin inbox. So 
> inter-domain administrators do not work!
> What am I doing wrong ? Any hints would be helpful!

Read the administrators section of doc/install-virtdomains.html closely.  Set

defaultdomain: admin at somedomin.com

-- 
Kenneth Murchison     Oceana Matrix Ltd.
Software Engineer     21 Princeton Place
716-662-8973 x26      Orchard Park, NY 14127
--PGP Public Key--    http://www.oceana.com/~ken/ksm.pgp

More information about the Info-cyrus mailing list