handling unqualified names?
Christian Schulte
cs at schulte.it
Sun Nov 27 17:44:48 EST 2005
Bill Kearney schrieb:
> Hello,
>
> Not sure if I've got things configured correctly but this may be a bug (on
> my end or within cyrus?)
>
> How is cyrus supposed to handle an unqualified username? That is, logging
> in as "joe" instead of joe at domain1.tld ?
>
> I've tried a couple of variations, each time logging in as just "joe", into
> a machine whose FQDN is 'mail.domain4.tld'. The database has accounts in
> both domains, domain1.tld and domain2.tld (literally using those names for
> this test setup). Each domain has a "joe" account, both joe at domain1.tld and
> joe at domain2.tld exist as mailboxes. So it's a machine in domain4 accepting
> mail for domain1 and domain2. I have one machine that'll be receiving mail
> for several domains, none of which within the machine's own domain. I
> could imagine an ISP mail server sort of acting in the same way.
>
> FQDN of server: "mail.domain4.tld"
> Using these in /etc/imapd.conf
>
> defaultdomain: domain3.tld
> virtdomains: off
>
> login: query made:
> joe joe at mail.domain4.tld
^^^^^^^^^^^^^^^^
Servername appended by SASL auxprop plugin SQL for unqualified users.
Mailbox would be user.joe or user/joe for unixhierarchysep: on.
> joe at domain1.tld joe at domain1.tld
> joe at domain2.tld joe at domain2.tld
>
> It would appear 'defaultdomain' is ignored.+
defaultdomain: <none>
The default domain for virtual domain support
So for virtdomains: off all defaultdomain settings have no effect, AFAIK.
>
> defaultdomain: domain3.tld
> virtdomains: on
>
> login: query made:
> joe joe at domain4.tld
> joe at domain1.tld joe at domain1.tld
> joe at domain2.tld joe at domain2.tld
>
> Interestingly, with virtdomains turned on it uses the domain of the mail
> server instead of it's whole FQDN, but again ignores the defaultdomain
> directive.
virtdomains: off
Enable virtual domain support. If enabled, the user's
domain will be determined by splitting a fully qualified userid at the
last '@' or '%' symbol. If the userid is unqualified, and
the virtdomains option is set to "on", then the domain will be
determined by doing a reverse lookup on the IP address of
the incoming network interface, otherwise the user is assumed to be
in the default domain (if set).
Allowed values: off, userid, on
So the unqualified userid joe gets the domain of the servername
determined by a reverse DNS lookup appended.
>
> So what gives here? Under what circumstances does defaultdomain affect
> anything?
Have you tried virtdomains: userid ? This will disable the reverse lookup.
>
> And what if I did want to login with a bare username? How would I tell
> cyrus to pass that along without tacking a realm onto it?
It does work in cyrus and I think it also does work with SASL auxprop
LDAP. It does not work with auxprop SQL where this auxprop plugin will
always append the servername as a realm to unqualified userids. So if
you set virtdomains: userid and login with an unqualified userid the
auxprop plugin will always append the servername.
I may be wrong here, but the defaultdomain setting is there to
"unqualify" qualified userids. So if you login with joe at domain3.tld as
in your example above the defaultdomain is stripped and the userid
becomes joe. SASL auxprop plugin SQL will then append the servername as
a realm leading to a lookup of joe at mail.domain4.tld.
So the answer is that auxprop plugin SQL does not support unqualified
userids, I think.
--
Christian
More information about the Info-cyrus
mailing list