Passing full userid or realm to SASL

Marcus I. Ryan marcus at
Wed Oct 5 02:31:37 EDT 2005

I've set up SASL with an LDAP backend that checks for a user in either 
the ou of the SASL realm, or the ou matching their domain (so 
user at domain.tld as the username or user with domain.tld as the realm).

I got it working using testsaslauthd, but when I try it through IMAP it 
appears IMAP strips the domain from the userid before it passes it to 
SASL, and doesn't pass it as a realm.  I can handle it either way 
(passing a username of userid at domain.tld or having it passed in as a 
userid and a realm), but it doesn't seem to do either.  Am I missing a 
setting/configuration option, or does this require some kind of code 

I've seen some hints on setting up cyrus.conf to have multiple imap 
listeners on multiple IP addresses, one for each domain, but that 
doesn't really scale the way I want, nor is it really necessary to have 
separate listeners, config files, etc.  I can get it to work without 
all that if I were just willing to require usernames be unique across 
all domains (the LDAP server), but I'd like to allow the same username 
in different domains if possible.

Any thoughts are appreciated.  Thanks.

Marcus I. Ryan, marcus at
Hanlon's Razor:  Never attribute to malice that which is adequately
explained by stupidity.

More information about the Info-cyrus mailing list