user and realm splitting in cyrus/ldap

Marten Lehmann lehmann at
Mon Dec 25 19:44:30 EST 2006


> In my case it is:
> ldap_filter: 
> (&(umMailObjectStatus=enabled)(umCyrusStatus=enabled)(umLogin=%u%R))
> So that it looks for user at

thanks. I'm using saslauthd with the -r option now as Simon adviced but 
your combination with the "enabled" status is interesting. I also 
planned to include this because we want to be able to disabled certain 
accounts but there is one catch with it: The user just sees 
"authentication failure". So he might think something is wrong with our 
servers although we blocked his account intentionally.

Is there a way to include an own, special error message? I would like to 
distinguish between

1) Login ok
2) Account doesn't exist
3) Account temporarily disabled

Where does Cyrus get the error message from?

With testsaslauthd I get:
0: NO "authentication failed"
Cyrus IMAP says:
x NO Login failed: authentication failure

On successful logins testsaslauthd gives:
0: OK "Success."
While Cyrus IMAP responds with:
x OK User logged in

Is there any way to change this?


More information about the Info-cyrus mailing list