Virtual domains and LDAP
James Satterfield
james at uberduper.com
Tue Aug 5 12:31:41 EDT 2003
Aha! For some reason I interpreted the virtual domains document to mean that by
setting the default domain, if a user tries to use an unqualified username, it
will append the default domain for authentication. I have no idea what I was
thinking. This solves the problem and makes me very happy. Thank you.
James.
Quoting Ken Murchison <ken at oceana.com>:
> James Satterfield wrote:
> > I'm using a virtual domain setup based on usernames. So I have a domain
> > uberduper.com and a user jsatter at uberduper.com
> > I've got imapd setup to use saslauthd, and saslauthd setup to auth against
> LDAP.
> > If I assign the uid of jsatter at uberduper.com in ldap, testsaslauthd can
> > successfully auth, but imapd cannot. Looking at the logs suggests that
> imapd
> > isn't passing the entire username jsatter at uberduper.com to saslauthd. Just
> > "jsatter"
>
> This is because you have specified uberduper.com as your defaultdomain,
> which causes Cyrus to strip the domain. defaultdomain is usually only
> used for backwards compatibility when upgrading an existing single
> domain installation. Read the virtdomains docs in the distro for details.
>
>
> >
> > Thanks,
> > James.
> >
> > Config snippets:
> > imapd.conf
> >
> > virtdomains: yes
> > defaultdomain: uberduper.com
> > configdirectory: /usr/local/var/imap
> > partition-default: /usr/local/var/spool/imap
> > allowplaintext: yes
> > admins: root cyrus
> > singleinstancestore: yes
> > duplicatesuppression: yes
> > sieveusehomedir: false
> > sievedir: /usr/local/var/imap/sieve
> > sendmail: /usr/sbin/sendmail
> > sasl_pwcheck_method: saslauthd
> > sasl_mech_list: plain
> > lmtpsocket: /usr/local/var/imap/socket/lmtp
> > idlesocket: /usr/local/var/imap/socket/idle
> > notifysocket: /usr/local/var/imap/socket/notify
> >
> >
> > saslauthd.conf
> > ldap_servers: ldap://64.62.153.124/
> > ldap_bind_dn: cn=root,dc=uberduper,dc=com
> > ldap_bind_pw: secret
> > ldap_search_base: dc=uberduper,dc=com
> > ldap_auth_method: custom
> >
> >
> > auth.log
> > Aug 4 20:44:36 knight saslauthd[48297]: do_auth : auth failure:
> > [user=jsatter] [service=imap] [realm=] [mech=ldap] [reason=Unknown]
> >
> >
> >
>
>
> --
> Kenneth Murchison Oceana Matrix Ltd.
> Software Engineer 21 Princeton Place
> 716-662-8973 x26 Orchard Park, NY 14127
> --PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
>
>
More information about the Info-cyrus
mailing list