no global admin with virtual domains? [was Re: saslpasswd and virtual domains]

Rudy Gevaert Rudy.Gevaert at UGent.be
Tue May 16 05:39:31 EDT 2006


Hi Baltasar!

former03 | Baltasar Cevc wrote:
> Hi Rudy,
> 
> On 15.05.2006, at 08:49, Rudy Gevaert wrote:
> 
>> mitrohin a.s. wrote:
>>
>>> defaultdomain always is removed from username. imho, sasl routines
>>> use hostname as realm for this case.
>>
>>
>>
>> Sadly If I set the default domain to the hostname from the machine and 
>> add the user 'cyrus' with saslpasswd it can't login yet.
>>
>> jura:/mail/mail1# cat etc/imapd.conf:
>> defaultdomain: jura
>> admins: cyrus at mail.ugent.be cyrus
> 
> The first address would be the virtual domain admin of mail.ugent.be, 
> the second is a global admin - you have to set a SASL secret for 
> cyrus@<servername>. In case your servername is mail.ugent.be you should 
> delete the first entry.
> I haven't completely undestood the domain conversions, however, if I'm 
> not misunderstood, defaultdomain has only one function: to be replaced 
> by the servername - meaning that in your example if you try to login as 
> user1 at jura, you'd end up with the same result as user1 at mail.ugent.be 
> (supposing that that's your servername).
> 
> Hope that helps,


It gave me a bit of help.  The hostname of the server is jura so I have 
added a user cyrus at jura to the /etc/sasldb2 file.  I have removed the 
default domain parameter.

jura:/usr/lib/sasl2# sasldblistusers2
cyrus at jura: userPassword
cyrus at mail.ugent.be: userPassword


jura:/usr/lib/sasl2# head /mail/mail1/etc/imapd.conf
admins: cyrus cyrus at mail.ugent.be
allowanonymouslogin: no
altnamespace: yes
configdirectory: /mail/mail1/var/imap
#defaultdomain: mail.ugent.be
defaultpartiton: default
duplicatesuppression: 1
expunge_mode: delayed
hashimapspool: 1
mboxkey_db: skiplist


I can now log in as cyrus at mail.ugent.be and cyrus at jura:

jura:/usr/lib/sasl2# cyradm -u cyrus at mail.ugent.be mail1.ugent.be
Password:
mail1.ugent.be> lm
user/foo.bar (\HasNoChildren)       user/rudy.gevaert (\HasNoChildren)
user/foo.fafa (\HasNoChildren)      user/testuser2 (\HasNoChildren)
mail1.ugent.be> quit
jura:/usr/lib/sasl2# cyradm -u cyrus at jura mail1.ugent.be
Password:
mail1.ugent.be> lm
mail1.ugent.be> cm user/fifie
createmailbox: Permission denied
mail1.ugent.be> cm user/fifie at jura
createmailbox: Permission denied
mail1.ugent.be> cm user/fifi at mail.ugent.be
createmailbox: Invalid mailbox name
mail1.ugent.be> quit

But as you can see the cyrus at jura user doesn't list any mailboxes or 
create any mailboxes.

Does anybody have any clues?

-- 
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Rudy Gevaert                             e-mail: Rudy.Gevaert at UGent.be
Directie ICT, Afdeling Infrastructuur
Groep Systemen                                      tel: +32 9 264 4734
Universiteit Gent / Ghent University                fax: +32 9 264 4994
Krijgslaan 281, gebouw S9, 9000 Gent, Belgie               www.UGent.be
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --


More information about the Info-cyrus mailing list