`cyradm` login & `lm` behavior with Virtual Domains

Dan White dwhite at olp.net
Mon Jan 23 12:40:45 EST 2012


On 01/21/12 02:59 -0800, Reg Proctor wrote:
>Hi,
>
>I just want to confirm that logging into cyradm as I am experiencing it
>is normal and that lm is behaving as it should be. It seems a little
>unusual to me.
>
>
>First cyradm logging in,  here is what I am seeing:
>
>To log into cyradm I have to set my defaultdomain to localhost and then
>I can login like this:
>
>cyradm -u cyrus localhost
>pwd: xxxxxx
>
>However, using MySQL and setting the tracing so I can see the SQL
>statements I actually see this:
>
>SELECT AES_DECRYPT(`password`, 'xxxxxxxxxxxxx') AS password
>FROM `accounts`
>WHERE `user`='cyrus' AND `realm`='www.domain.com' AND `virtual` != 0;
>
>where `www.domain.com` is the fully qualified domain name (FQDN) of the
>server. This means in the database if the user is stored as [user:
>cyrus, realm: localhost], the login will fail. Instead the use has to be
>stored as [user: cyrus, realm: www.domain.com ], and once that change is
>made I can login.
>
>While this is trivial once you know it I couldn't find where is
>mentioned that that would be the behavior in the docs. Also, and perhaps
>more importantly, it makes the database non-portable to other servers
>which may cause problems with a high availability setup through multiple
>servers where someone is replicating a database periodically.

Do you have?

virtdomains: on

If so, try:

virtdomains: userid

See the manpage for imapd.conf, and:

http://www.cyrusimap.org/docs/cyrus-imapd/2.4.13/install-virtdomains.php

Also, some mechanisms may derive your realm from the authentication
exchange (digest-md5 and gssapi). I'm not clear if that realm value is
relevant before authentication is complete. If necessary, try explicitly
specifying another mechanism like plain or login (--auth).

>Second, `lm` wildcard behavior:
>
>With `lm`, once I am logged in this is the behavior I am seeing with
>wildcards:
>
>Works:
>lm
>lm *
>lm *@fulldomain
>
>Doesn't work:
>lm *@*
>lm *@partialdomain*
>
>It seems to me that if my domain was abc.com and I wanted to list all
>users I should be able to do so with lm *@abc* or lm *@ab* etc. however
>anything but the full domain will not work. Neither I guess would
>something like fred@* if you wanted to find all the fred's (not that I
>can see any reason to do that).
>
>I'm just wondering if this is by design or perhaps could be improved or
>maybe my distr. has a bug?

I don't know. Cyrus stores mailboxes internally like:

example.org!user.jsmith.Trash

-- 
Dan White


More information about the Info-cyrus mailing list