Using MySQL plugin and NTLM - obscure gotcha

Nels Lindquist nlindq at
Fri May 23 18:29:14 EDT 2003

Okay, this one's *fun.*

If by "fun" you mean "spending all afternoon trying to figure out why 
exactly Lookout Explode(tm) is behaving the way it is."

Anyway, I'm using:

Cyrus SASL 2.1.13 with MySQL plugin and NTLM support
Cyrus IMAPD 2.1.13

LOGIN, PLAIN, CRAM-MD5 and DIGEST-MD5 (+/- TLS) work perfectly with 
SASL2 auth tokens stored in a MySQL table.  I decided to try 
recompiling SASL2 to take advantage of NTLM support, as we have a few 
users relying on MS clients.

Problem:  MySQL SELECT statements are case insensitive.  Cyrus IMAP 
namespace is not.  Clients logged into Windows with any case 
variation of their username can authenticate with NTLM.  However, 
since the authentication token is passed on to IMAP completely 
unmodified, case variants of the username token other than all-
lowercase don't map to valid IMAP namespace, and 'LIST "" "INBOX"' 
returns nothing useful.

OE then tries to create an INBOX, but of course has no permission to 
do so, and the request fails.

Is there some equivalent to Samba's "username level" directive that 
could be used to force the user auth token to lowercase somewhere 
along the way?

Thanks for any suggestions!

Nels Lindquist <*>
Information Systems Manager
Morningstar Air Express Inc.

More information about the Info-cyrus mailing list