How do you do Cyrus logins with

Igor Brezac igor at
Sun Dec 28 09:04:09 EST 2003

On Mon, 29 Dec 2003, Oliver Jones wrote:

> > Use
> > ldap_filter: %U@%r
> >
> > The current version of sasl lib splits a 'fully qualified username' to
> > userid and realm.  I believe this is a wrong behavior because '@' is a
> > valid userid character and the domain part is really not a realm
> > identifier in such instances.
> I've tried this.  Unfortunately when someone doesn't provide a domain on
> their login eg the "cyrus" admin user in commands like "./cyradm --user
> cyrus localhost" it searches the LDAP repository for (uid=cyrus@).  This
> isn't what I want.  I want Cyrus IMAPD to stop splitting the userid into
> user/realm.

This happens if your interfaces on the email server do not have reverse
lookup.  Otherwise imapd will fully qualify all userids unless they are
already fully qualified.

I guess my previous response was not clear. imapd is not splitting the
userid, sasl lib is.  You will need to use an older version of cyrus-sasl,
not sure which one.

> >From the docs it appears to me that "global" admin users (ie, ones who
> can access any virtual domain have to be of the form "username".  Where
> as domain restricted admins are of the form "username at domain.tld".  So
> if I was to amend the cyrus "admin" user to be cyrus at domain.tld it would
> be restricted to the domain.tld domain.  Right?
> Note that I am use the 2.2.2BETA distro.  Would it be wiser to fetch a
> more recent CVS snapshot?  Does the CVS version correct this (I believe)
> errant behaviour?

Yes, although this behavior is not different.


More information about the Info-cyrus mailing list