Cyrus::IMAP, referrals, murder, mailbox moves, etc.

Michael Bacon baconm at duke.edu
Wed Mar 19 16:09:23 EST 2003 

--On Wednesday, March 19, 2003 15:57:14 -0500 Ken Murchison 
<ken at oceana.com> wrote:

> You should wait for a reply from Rob for definitive answers, but I'll
> get you started.
>
> ...
>
> > Should all of the ACLs be cleared on the old server before the
> > move starts, then restored when the move is finished, or is that taken 
care
>
> You shouldn't have to change ACLs.  The location of the mailbox has no
> effect on the ACL

I was actually thinking more along the lines of temporarily setting all 
ACLs on the mailbox to "none" in order to make sure the user didn't corrupt 
the mailbox with APPENDs or some such thing.  But if it's getting somehow 
locked for the move, I guess that isn't necessary.

> > Secondly, is there a way to get cyradm (or alternately, 
Cyrus::IMAP::Admin)
> > to return the backend server where a mailbox is located?  Or is there 
some
>
> Yup.
>
> info <mailbox>
>
> It uses the IMAP ANNOTATEMORE extension for this.  If you use 'info'
> without any args, it will show you any server annotations (motd,
> comment).  You can use 'setinfo' to set either one of these.

That's certainly helpful -- info is in fact what I'm looking for.  I 
presume that's the same as the undocumented $client->getinfo() call in 
Cyrus::IMAP::Admin?

Anyway, I think I see where I'm running afoul of cyradm.  The code for 
doing the referrals in Cyrus/IMAP/Admin.pm is something like this:


######
        my $cyradm = Cyrus::IMAP::Admin->new($refserver, $port)
          or die "cyradm: cannot connect to $refserver\n";
        $cyradm->addcallback({-trigger => 'EOF',
                              -callback => \&_cb_ref_eof,
                              -rock => \$cyradm});
        $cyradm->authenticate()
          or die "cyradm: cannot authenticate to $refserver\n";
######

The problem is that for a lot of the things we do around here, we use some 
of the undocumented arguments to authenticate(), because SASL has the nasty 
habit of trying to do KERBEROS_IV before it does GSSAPI, which is almost 
always not what we want it to do, although we have KERBEROS_IV support on 
for older clients.  Also, it tries to guess the UserID and AuthID, and 
usually guesses it wrong for our purposes.  However, when this calls 
authenticate() from within the setaclmailbox() call, or whatever, it's 
using all of the defaults.  I wonder if it would be useful to store all of 
the arguments passed into authenticate() in instance variables of the 
$client object for later retrieval, perhaps with a getauthinfo() call, or 
some such thing.  Would we be the only ones who would find that useful, or 
would that benefit others as well?  (If so, I may get started on it... 
Perhaps this should move over to cyrus-devel at some point...)

Thanks much,
Michael

More information about the Info-cyrus mailing list