virtual domains question

Ken Murchison ken at
Fri Apr 11 12:29:31 EDT 2003

Phil Howard wrote:
> On Fri, Apr 11, 2003 at 10:06:37AM -0400, Ken Murchison wrote:
> | Unless you're asking about how they are stored internally, which you
> | _shouldn't_ have to worry about, I think the documentation is pretty
> | clear on how the naming is done.  Assuming that neither ""
> | nor "" are your defaultdomain, the mailboxes above would be
> | named "user.tom at" and "user.tom at".  Internally
> | these are stored as "!user.tom" and "!user.tom".
> | If one of these two domains are your defaultdomain, then the name is
> | just "user.tom".
> So there is a translation of a perceived hierarchy to another one.
> Does it happen the same way without virtual domains?

Each domain resides in its own directory.  Other than that, the mailbox
hierarchys are the same.

> How do you globally reference a folder?  "user.tom at"?

No.  "user.tom.foldername at"  -- the domain is just a suffix. 
Internally its a prefix.

> Well I was actually planning to do it myself, except for everyone saying
> I should pay any attention to the internal hierarchy.  I didn't find any
> documentation that completely described it, so I just abandoned the idea.

There isn't a lot of documentation of the internals.  You pretty much
need to look at the source.

> | Just out of curiosity, what would you use cross domain ACLs for?
> | Globally shared public mailboxes?  Or do you want to allow users in one
> | domain to be able to access user mailboxes in another domain?
> Cross department domain sharing.  Different departments would have
> their own domain names, but in some cases that sharing would go between
> specific people in different departments, hence different domains.

Well, most of the code to do this is already there.  The complication
arises when trying to deal with users in the defaultdomain (unqualified
userids) and how to handle 'anyone' and 'anonymous' (how to
differentiate between anyone in a domain or anyone regardless of

> The way I look at it, multiple domains is just extra levels in one big
> single hierarchy.

I agree.  The hardest part is maintaining backwards compatibility with
single domain systems.  If we abandon this and force people to migrate
all users into a fully qualfied domain, then things get easier.

Kenneth Murchison     Oceana Matrix Ltd.
Software Engineer     21 Princeton Place
716-662-8973 x26      Orchard Park, NY 14127
--PGP Public Key--

More information about the Info-cyrus mailing list