Questions about LDAP schema and Multi-Domain IMAP

Blackard, Robert Robert.Blackard at tgslc.org
Wed Mar 5 10:47:59 EST 2003 

I didn't know if this was a general Cyrus issue or a sasl issue so I sent to
both lists.

 

I'm having a hard time finding and reconciling documentation about how to
set up multi-domain user authentication for Cyrus IMAP using saslauthd, PAM
and OpenLDAP.  Any information, hints or suggestions of other resources
would be helpful.  I've been focusing on solving the problem for Cyrus and
then expecting to back-fit that solution to sendmail.

 

I have rather grand plans, so let me give a little background.

 

I'm running RedHat 8.0, which comes with OpenLDAP 2.0.27, and I've
downloaded the latest Cyrus IMAP and sasl stuff.

 

Ideally users would be authenticated (and have their mail routed by sendmail
and stored by Cyrus) with uid and domain.  Uid's should be unique within
domain, but the same uid should be allowed to exist under different domains.
It would be nice, but not a requirement, that additional dc components be
available to segregate classes of users within a domain so that, for
example, within omniprise.com I could have support.omniprise.com and
sales.omniprise.com - I would think that the uid be unique under
omniprise.com so that blackard at omniprise.com <mailto:blackard at omniprise.com>
and blackard at support.omniprise.com <mailto:blackard at support.omniprise.com>
would be invalid.

 

I have gotten this tree functioning under OpenLDAP as a starting point:

 

root

|- com (dc)

|  |- omniprise (dc)

|  |  |- people (ou)

|  |  |  |- blackard (inetOrgPerson, posixAccount)

|  |- <yourco> (dc)

|  |  |- ...

|- org (dc)

|  |- hillcountrytriumphclub (dc)

|  |  |- people (ou)

|  |  |  |- dgjulien (inetOrgPerson)

|  |- <theirorg> (dc)

|  |  |- ...

 

At the moment I've got the slapd.conf in a very simple form, and the suffix
is defined as "" so that all data is stored in the same database.  I'll
worry about separating these later.

 

Thanks in advance for any information you can provide, and I'm wearing my
fireproof shorts in case I get flamed.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.andrew.cmu.edu/mailman/private/info-cyrus/attachments/20030305/a25935d4/attachment.html

More information about the Info-cyrus mailing list