Architectural mistake in cyrus ?

Andrew Morgan morgan at orst.edu
Thu Jul 16 15:41:01 EDT 2009


On Thu, 16 Jul 2009, Denis BUCHER wrote:

> servername: <hostname>.<MY MAIN DOMAIN> (replaced with real values)
> admins: cyrus cyrus@<MY MAIN DOMAIN>
> sasl_pwcheck_method: saslauthd
> sasl_mech_list: PLAIN
> virtdomains: on
> hashimapspool: true
>
> => I don't have any defaultdomain: but I already tried with main domain,
> or with alternative domain, it never solved the problem...
>
> => authentification is based on LDAP

You must define defaultdomain.  As the docs say:

     * Everyone is in a domain - It's best to think of every user as 
existing inside a domain. Unqualified users are technically inside the 
defaultdomain.

     * Global and Domain admins - The Cyrus virtual domains implementation 
supports per-domain administrators as well as global (inter-domain) 
administrators. Domain-specific administrators are specified with a fully 
qualified userid in the admins option (e.g., admin at example.net) and only 
have access to mailboxes in the associated domain. Global administrators 
are specified with unqualified userids.

     * Global administrators are specified with an unqualified userid in 
the admins option and have access to any mailbox on the server. Because 
global admins use unqualified userids, they belong to the defaultdomain. 
As a result, you CANNOT have a global admin without specifying a 
defaultdomain. Note that when trying to login as a global admin to a 
multi-homed server from a remote machine, it might be necessary to fully 
qualify the userid with the defaultdomain.

Personally, I have only test virtual domains using the sasldb auxprop 
plugin.  I don't know how saslauthd with ldap will interact with 
unqualified userid authentication.  Perhaps the solution is to login as 
cyrus@<defaultdomain>.

 	Andy


More information about the Info-cyrus mailing list