Passing full userid or realm to SASL
Marcus I. Ryan
marcus at riboflavin.net
Wed Oct 5 02:31:37 EDT 2005
I've set up SASL with an LDAP backend that checks for a user in either
the ou of the SASL realm, or the ou matching their domain (so
user at domain.tld as the username or user with domain.tld as the realm).
I got it working using testsaslauthd, but when I try it through IMAP it
appears IMAP strips the domain from the userid before it passes it to
SASL, and doesn't pass it as a realm. I can handle it either way
(passing a username of userid at domain.tld or having it passed in as a
userid and a realm), but it doesn't seem to do either. Am I missing a
setting/configuration option, or does this require some kind of code
patch?
I've seen some hints on setting up cyrus.conf to have multiple imap
listeners on multiple IP addresses, one for each domain, but that
doesn't really scale the way I want, nor is it really necessary to have
separate listeners, config files, etc. I can get it to work without
all that if I were just willing to require usernames be unique across
all domains (the LDAP server), but I'd like to allow the same username
in different domains if possible.
Any thoughts are appreciated. Thanks.
--
Marcus I. Ryan, marcus at riboflavin.net
--------------------------------------------------------------------
Hanlon's Razor: Never attribute to malice that which is adequately
explained by stupidity.
--------------------------------------------------------------------
More information about the Info-cyrus
mailing list