2.3.6: cannot administer the murder

Andrew Findlay andrew.findlay at skills-1st.co.uk
Tue Jul 4 15:28:54 EDT 2006 

I am having great difficulty in getting cyradm to work properly
with a 2.3.6 murder. This is a 'standard' murder with separate
front-end, backends, and mupdate server. 'virtdomains: userid' is in
effect. Operations done by ordinary users are OK; I only have trouble
with admin ops.

Problem 1: creating top-level user mailboxes.

	I connect to the front-end with cyradm:

	/usr/local/cyrus/bin/cyradm -user zqvh_admin fe1.srv.tile

	Things like listmailbox work OK. However, if I try to create
	a new user on a specified backend server:

	fe1.srv.tile> cm user/n7 at fred.com ms1.srv.tile
	createmailbox: Permission denied

	(If I leave out the backend name, the mailbox gets created on
	the frontend and then things get *really* confusing.)
	This permission denied is very odd, as I can connect directly
	to the mailstore ms1.srv.tile and authenticate as either the
	main admin user or as the frontend proxy user and create the
	mailbox with no trouble. I enable protocol logs on the
	message store, and found this:

Create via front-end, as seen on the mailstore:
---------- zqvh_admin Tue Jul  4 20:56:32 2006

<1152042992<6 CREATE {16+}
user/n4 at fred.com
>1152042992>6 NO Permission denied
<1152043063<Q01 LOGOUT
>1152043063>* BYE LOGOUT received
Q01 OK Completed

Create directly on mailstore:
---------- zqvh_admin Tue Jul  4 20:57:58 2006

<1152043078<4 RLIST "" ""
>1152043078>* LIST (\Noselect) "/" ""
4 OK Completed (0.000 secs 0 calls)
<1152043104<5 CREATE user/n5 at fred.com
>1152043104>5 OK Completed

The only difference that I can see is that the failing operation is
using the IMAP 'literal' syntax, but operations done by users are the
same, and they work!

[ The literal syntax does look rather odd: I don't think the '+'
symbol should be there ]


I have several other problems, but I suspect they all have a similar
cause. I have turned up syslog logging to debug level and all I get
in the log is a note that the user logged in with DIGEST-MD5 auth.

Can anyone suggest what is wrong?

Thanks

Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |
-----------------------------------------------------------------------

More information about the Info-cyrus mailing list