On Thu, 12 Jan 2006, Philip Thiem wrote: > Cyrus 2.2 Supporta Virtual domains and SASL has or at least can be properly > patched for LDAP authentication. It always seemed to me like SASL was the
There are three mechanisms that much act together to properly have accounts in LDAP: 1. LDAP auth (SASL with auxprop+LDAP patch -- not in Debian, we need to update to latest sasl + the patches; saslauthd works, but it is on its way out) 2. Cyrus ptloader autorization module for LDAP (IMAP ACL support) This is how upstream wants it done, and there is a damn good ptloader module for LDAP, we would do well to support that one in Debian, but it is useless if we don't fix the SASL packages. 3. Cyrus mailboxes database, which is *NOT* in LDAP -- usually people work around this one using the autocreate patches, and scripts to remove outdated mailboxes. I am completely against messing with (3) in any way that will not work in 2.3 in the replicated Murder with Virtual Domains scenario, and I am also completely against anything that does not do (2) correctly. So, I am completely against the ldap mess kolab did on the virtual domain code: we don't want to support non-kolab users using that. Now AFAIK (so far), kolab needs to filddle with a lot of stuff because they did something that *everyone* who ever tried to do it that way before had been told to Not Do It by Cyrus upstream: they got information that is out of band (the domain) and placed it in-band ([EMAIL PROTECTED] mailboxes). So please excuse me if I am dead set against adding such stuff to regular Cyrus, it is asking for trouble. OTOH, I don't mind adding a cyrus-kolab package with the patches that break cyrus so that kolab can work applied (I will talk about this on the ML thread about the kolab+cyrus team collaboration). > * Patching SASL if the upstream stream isn't ready (i'm using a patched > package > myself). We should have a proper LDAP-worthy SASL in Debian, but nobody stepped up to take care of the monster of a package that is SASL, and I simply do NOT have the time right now. -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
