virtual domains question

Phil Howard phil-info-cyrus at ipal.net
Fri Apr 11 13:11:35 EDT 2003 

On Fri, Apr 11, 2003 at 12:29:31PM -0400, Ken Murchison wrote:

| Phil Howard wrote:
| > 
| > On Fri, Apr 11, 2003 at 10:06:37AM -0400, Ken Murchison wrote:
| > 
| > | Unless you're asking about how they are stored internally, which you
| > | _shouldn't_ have to worry about, I think the documentation is pretty
| > | clear on how the naming is done.  Assuming that neither "example.com"
| > | nor "example.net" are your defaultdomain, the mailboxes above would be
| > | named "user.tom at example.com" and "user.tom at example.net".  Internally
| > | these are stored as "example.com!user.tom" and "example.net!user.tom".
| > | If one of these two domains are your defaultdomain, then the name is
| > | just "user.tom".
| > 
| > So there is a translation of a perceived hierarchy to another one.
| > Does it happen the same way without virtual domains?
| 
| Each domain resides in its own directory.  Other than that, the mailbox
| hierarchys are the same.
| 
| > How do you globally reference a folder?  "user.tom at example.com.foldername"?
| 
| No.  "user.tom.foldername at example.com"  -- the domain is just a suffix. 
| Internally its a prefix.

OK, so the "@" character is stronger than the "." and it gets broken into:

"user.tom.foldername" and "example.com" first, then re-arranged for the
translation.  So the dots in the domain never apply to the dots of the
namespace hierarchy, at least not until after it becomes a prefix.  That
makes sense, now.


| > | Just out of curiosity, what would you use cross domain ACLs for?
| > | Globally shared public mailboxes?  Or do you want to allow users in one
| > | domain to be able to access user mailboxes in another domain?
| > 
| > Cross department domain sharing.  Different departments would have
| > their own domain names, but in some cases that sharing would go between
| > specific people in different departments, hence different domains.
| 
| Well, most of the code to do this is already there.  The complication
| arises when trying to deal with users in the defaultdomain (unqualified
| userids) and how to handle 'anyone' and 'anonymous' (how to
| differentiate between anyone in a domain or anyone regardless of
| domain.)

I would presume a reference to a user w/o any domain qualification would
(or should) have the same effect as logging in w/o any domain.  Whether
that gets mapped to an actual domain, or simply accesses name hierarchy
that has no domain, would be a detail.

As for 'anyone' and 'anonymous' I'm not sure what to do.  I can see that
one might assume when written w/o a domain that they apply to the same
domain, as opposed to the default domain.


| > The way I look at it, multiple domains is just extra levels in one big
| > single hierarchy.
| 
| I agree.  The hardest part is maintaining backwards compatibility with
| single domain systems.  If we abandon this and force people to migrate
| all users into a fully qualfied domain, then things get easier.

Well I wouldn't want to force them.  But if there was a way to configure
that there is no default domain, then the behaviour could then treat
things like 'anyone' and 'anonymous' as being in the same domain, and
one could code 'anyone at anywhere' as a reference to all domains.  Just a
thought.

-- 
-----------------------------------------------------------------
| Phil Howard - KA9WGN |   Dallas   | http://linuxhomepage.com/ |
| phil-nospam at ipal.net | Texas, USA | http://ka9wgn.ham.org/    |
-----------------------------------------------------------------

More information about the Info-cyrus mailing list