Need some advice

John C. Amodeo amodeo at
Fri Jul 18 14:51:33 EDT 2003


I am looking for some sound advice for the following situation I'm
currently faced with, and I was hoping someone has some good advice to
give me...

Our current setup:
Cyrus 2.0.17
Sasl 1.5.27 patched for LDAP support

We have about 15 Cyrus 'virtual' servers running on 4 separate
machines.  We are using IP aliasing and running multiple instances of
Cyrus bound to individual IP addresses to create the hacked virtual
domain support...

Our authentication mechanism is LDAP which points at a directory
structure where identical usernames exist in the LDAP tree, but only
under different contexts.  Thus, you can have multiple users with the
same username (i.e. joesmith) as long as they are on different e-mail
servers, and authentication works because in each Cyrus server is an
'imapd.conf' file that lets you specify an LDAP basedn.

What we would like to do is migrate this legacy system to:
Cyrus >= 2.2.X
Sasl >= 2.1.15
Virtual Domain support

We want this new Cyrus installation to run on an HA cluster, but for all
intents and purposes, we are looking to combine these 15 'virtual'
servers into 1 Cyrus server with virtual domain support.

One of the biggest roadblocks I've come across so far is the LDAP
authentication.  From what I understand, LDAP information is no longer
stored in the imapd.conf file.  If this is the case, I would need to
point SASL at the root of the LDAP server, which would create an
obstacle for duplicate usernames in the organization's directory
structure.  I am not sure if renaming user's username is a feasible
option at this time, but if necessary, we would be able to individualize
the usernames with some effort.

Another issue that's come up is that of the actual virtual domain
design.  In reality, we have 1 domain, but several sub domains within
that domain that make up the different IMAP e-mail servers.  The Cyrus
documentation suggests that you can have:

...but does not seem to imply you could have: two separate domains and have authentication and mail delivery
work properly with this configuration.  Am I misunderstanding the design
of the virtual domain support in 2.2.X?  Will Cyrus virtual domains work
with what I need to do?

Lastly, it would seem to me the process is messy to merge the
mailboxes.db files from 15 Cyrus servers to 1 Cyrus server if I were to
copy all the data into the new mailstore, run reconstruct, etc... which
I would rather not do.  I'm toying around with the idea of setting up
some sort of IMAP Proxy, so I can install the new servers in parallel
and move user's mailboxes randomly with very little downtime.  Does
anyone have any experience with a setup like this?  Are my ideas to
grand given the limitations of my current setup?

I'd really appreciate any insight someone could give me...  More
specifically, ideas on my authentication problems and the merging of the
IMAP servers into 1 Cyrus mailstore.

Thanks in advance.

John C. Amodeo - Associate Director of Information Technology
Faculty of Arts and Sciences -- Computer & Network Operations
Rutgers, The State University of New Jersey
732.932.9455-voice 732.932.0013-fax

More information about the Info-cyrus mailing list