Cyrus administration problem

Nybbles2Byte nybbles2byte at gmail.com
Thu Aug 6 16:49:11 EDT 2009 

I get it, I know what you are saying but, perhaps this was just a typo but I was responding to this as you wrote it:

virtdomains: 1 (don´t query DNS)
virtdomains: userid (do DNS query)

In fact, if you read the manual, the way it works is:

virtdomains: 1 
(do DNS query if no realm is specified in userid - see excerpt I included in previous email)

virtdomains: userid 
(never do a DNS query, i.e.: only use userid - and the part that is not mentioned but I can see for myself in the queries - if no realm is specified in user id then use [the short] server name for the realm... and that gives me something consistent which is all I needed.  As a bonus there is no chance of costly DNS lookups which there can be if I leave virtdomains set at 1.)

I have yet to find ldap_default_realm in the html manual but perhaps it is only in the man pages (or I just haven't seen it even though it is there). In any case, I will certainly look further with your information provided but at it stands, the solution of changing virtdomains to userid was a good one for my needs.

Thank you for your kind help.
Reggie.

Thursday, August 6, 2009, 1:25:13 PM, you wrote:

> On Thu, Aug 6, 2009 at 3:34 PM,
> Nybbles2Byte<nybbles2byte at gmail.com> wrote:
>> Thanks but I am not sure how you are getting that conclusion from this
>> wording in the manual.  As far as I can see it almost (but not quite) the
>> reverse of what you are saying.


> # man imapd.conf

> virtdomains: off
>       Enable virtual domain support.  If enabled, the user’s domain
> will be determined by splitting a fully qualified userid at the  last
> ’@’  or ’%’  symbol.

> userid refer to "login" user not reverse DNS.

> fully qualified userid => johndoe at example.org (no dns lookup)
> unqualified userid => johndoe (no dns lookup if
> sasl_ldap_default_domain* or sasl_ldap_default_realm* and
> defaultdomain is set)

> * without sasl_ prefix at saslauthd.conf .

> With saslauthd.conf:

> ldap_default_realm: default.example.org
> ldap_filter: (&(objectClass=inetOrgPerson)(mail=%U@%d))

> Login with unqualified userid root makes query to
> (&(objectClass=inetOrgPerson)(mail=root at default.example.org))

> With "admins: root" root become global admin.

> This example is to salsauthd with LDAP backhend.

>> ----------------------------------------------------------------------------------
>> Configuring Virtual Domains
>> Introduction

>> Virtual domains is the practice of hosting a service for more than one
>> domain on one server. Cyrus IMAP has the ability to host IMAP/POP mailboxes
>> for multiple domains (e.g. test at example.com and test at example.net) on a
>> single server or Murder.

>> In order to accomplish this, Cyrus needs to know which domain to look in
>> when a mailbox is accessed. There are two ways in which Cyrus can determine
>> the domain:

>>     * Fully qualified userid - the client logs in with a userid containing
>> the domain in which the user belongs (e.g test at example.com or
>> test%example.net)
>>     * IP address - the server looks up the domain based on the IP address of
>> the receiving interface (useful for servers with multiple NICs or using IP
>> aliasing)

>> Both of these methods are active if the virtdomains option is set to on (or
>> yes, 1, true) and can be used in conjunction with one another. If the
>> virtdomains option is set to userid, then only the first method is used.
>> Note that a fully qualified userid takes precedence over a domain obtained
>> from the IP address.
>> ----------------------------------------------------------------------------------





-- 
 Nybbles2Byte                            mailto:nybbles2byte at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20090806/6c86082c/attachment-0001.html

More information about the Info-cyrus mailing list