user and realm splitting in cyrus/ldap

Rudy Gevaert Rudy.Gevaert at UGent.be
Fri Dec 22 11:42:30 EST 2006 

Marten Lehmann wrote:
> Hello,
> 
> I'm using Cyrus with saslauthd using ldap. When I am testing the setup 
> with testsaslauthd it works fine. But when I am authenticating through 
> cyrus (imap login) then I notice in the saslauthd logs, that cyrus seems 
> to split the credentials. I'm using virtual domains, so a login looks 
> like test at test.com. Through cyrus saslauthd receives
> 
> [user=test] [service=imap] [realm=test.com] [mech=ldap]
> 
> but with testsaslauthd it receives
> 
> [user=test at test.com] [service=imap] [realm=] [mech=ldap]
> 
> as I expected it. How can I tell cyrus not to split it up to realms?

You have to set the ldap_filter correctly:

ldap_filter: <uid=%u>
         Specify a filter.  The following tokens can be used in the 
filter string:

         %%   = %
         %u   = user
         %U   = user portion of %u (%U = test when %u = test at domain.tld)
         %d   = domain portion of %u if available (%d = domain.tld when %u =
                %test at domain.tld), otherwise same as %r
         %1-9 = domain tokens (%1 = tld, %2 = domain when %d = domain.tld)
         %s   = service
         %r   = realm
         %D   = user DN (available for group checks)

         The %u token has to be used at minimum for the filter to be 
useful.  If
         ldap_auth_method is 'bind', the filter will search for the DN
         (distinguished name) attribute.  Otherwise, the search will 
look for
         the 'ldap_password_attr' (see below) attribute.


In my case it is:
ldap_filter: 
(&(umMailObjectStatus=enabled)(umCyrusStatus=enabled)(umLogin=%u%R))

So that it looks for user at domain.com
> 
> Regards
> Marten
> ----
> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


-- 
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Rudy Gevaert          Rudy.Gevaert at UGent.be          tel:+32 9 264 4734
Directie ICT, afd. Infrastructuur ICT Department, Infrastructure office
Groep Systemen                    Systems group
Universiteit Gent                 Ghent University
Krijgslaan 281, gebouw S9, 9000 Gent, Belgie               www.UGent.be
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --

More information about the Info-cyrus mailing list