handling unqualified names?

Christian Schulte cs at schulte.it
Sun Nov 27 17:44:48 EST 2005

Bill Kearney schrieb:

> Hello,
> Not sure if I've got things configured correctly but this may be a bug (on
> my end or within cyrus?)
> How is cyrus supposed to handle an unqualified username?  That is, logging
> in as "joe" instead of joe at domain1.tld ?
> I've tried a couple of variations, each time logging in as just "joe", into
> a machine whose FQDN is 'mail.domain4.tld'.  The database has accounts in
> both domains, domain1.tld and domain2.tld (literally using those names for
> this test setup).  Each domain has a "joe" account, both joe at domain1.tld and
> joe at domain2.tld exist as mailboxes.  So it's a machine in domain4 accepting
> mail for domain1 and domain2.   I have one machine that'll be receiving mail
> for several domains, none of which within the machine's own domain.   I
> could imagine an ISP mail server sort of acting in the same way.
> FQDN of server: "mail.domain4.tld"
> Using these in /etc/imapd.conf
> defaultdomain: domain3.tld
> virtdomains: off
> login:                        query made:
> joe                            joe at mail.domain4.tld

Servername appended by SASL auxprop plugin SQL for unqualified users. 
Mailbox would be user.joe or user/joe for unixhierarchysep: on.

> joe at domain1.tld    joe at domain1.tld
> joe at domain2.tld    joe at domain2.tld
> It would appear 'defaultdomain' is ignored.+

  defaultdomain: <none>
             The default domain for virtual domain support

So for virtdomains: off all defaultdomain settings have no effect, AFAIK.

> defaultdomain: domain3.tld
> virtdomains: on
> login:                        query made:
> joe                            joe at domain4.tld
> joe at domain1.tld    joe at domain1.tld
> joe at domain2.tld    joe at domain2.tld
> Interestingly, with virtdomains turned on it uses the domain of the mail
> server instead of it's whole FQDN, but again ignores the defaultdomain
> directive.

virtdomains: off
             Enable  virtual domain support.  If enabled, the user's 
domain will be determined by splitting a fully qualified userid at the
             last '@' or '%' symbol.  If the userid is unqualified, and 
the virtdomains option is set to "on",  then  the  domain  will  be
             determined  by doing a reverse lookup on the IP address of 
the incoming network interface, otherwise the user is assumed to be
             in the default domain (if set).

             Allowed values: off, userid, on

So the unqualified userid joe gets the domain of the servername 
determined by a reverse DNS lookup appended.

> So what gives here?  Under what circumstances does defaultdomain affect
> anything?

Have you tried virtdomains: userid ? This will disable the reverse lookup.

> And what if I did want to login with a bare username?  How would I tell
> cyrus to pass that along without tacking a realm onto it?

It does work in cyrus and I think it also does work with SASL auxprop 
LDAP. It does not work with auxprop SQL where this auxprop plugin will 
always append the servername as a realm to unqualified userids. So if 
you set virtdomains: userid and login with an unqualified userid the 
auxprop plugin will always append the servername.

I may be wrong here, but the defaultdomain setting is there to 
"unqualify" qualified userids. So if you login with joe at domain3.tld as 
in your example above the defaultdomain is stripped and the userid 
becomes joe. SASL auxprop plugin SQL will then append the servername as 
a realm leading to a lookup of joe at mail.domain4.tld.

So the answer is that auxprop plugin SQL does not support unqualified 
userids, I think.


More information about the Info-cyrus mailing list