Global admin fails via saslauthd and ldap

imap at imap at
Wed Aug 18 20:12:14 EDT 2004


I have done some digging into the code and found the following:

The login process is going thru following function calls:
cmd_login() -> imapd_canon_user() -> mysasl_canon_user() -> canonify_userid()     
in canonify_userid() for default domain, domain part is getting dropped and
only mailid is returned as "canonuser". This value is propagated all the way
to saslauthd_verify_password() where the user_realm is null for the global
admin case and hence the ldap lookup fails. For all other cases "canonuser"
gets the complete email address and hence the ldap lookups are succeeding.

Anyone on the list uses 'saslauthd' with 'ldap' backend? Appreciate


> We are looking to migrate from our existing 2.1.x to the latest ver 2.2.8.
> We want to use stock virtual hosting feature and have configured the system
> accordingly. We are able to login via 'cyradm' and create user mailboxes
> if we use domain specific admin. We have trouble logging in as global admin.
> We are using 'saslauthd' and 'ldap' for authentication and using the
> following
> setting in the imapd.conf file:
> virtdomains: on
> admins: globaladmin mailadmin at
> defaultdomain:
> We are able to login as mailadmin at and create mailboxes for
> ''
> but can't login as 'globaladmin'. Alternatively, if we change the above
> config
> to the following:
> virtdomains: on
> admins: globaladmin at mailadmin
> defaultdomain:
> then we can login as globaladmin at and create mailboxes for ''
> but can't login as mailadmin.
> We found that the default domain is getting discarded by the system and
> never
> getting passed to ldap server hence the 'DN' is missing the domain component
> and hence failing.
> Is there some config setting we are missing that is causing this?

Cyrus Home Page:
Cyrus Wiki/FAQ:
List Archives/Info:

More information about the Info-cyrus mailing list