Re: Global admin fails via saslauthd and ldap

Thu, 19 Aug 2004 09:25:47 -0700 


On Wed, 18 Aug 2004 [EMAIL PROTECTED] wrote:

Hello,

I have done some digging into the code and found the following:

The login process is going thru following function calls:
cmd_login() -> imapd_canon_user() -> mysasl_canon_user() -> canonify_userid()
in canonify_userid() for default domain, domain part is getting dropped and
only mailid is returned as "canonuser". This value is propagated all the way
to saslauthd_verify_password() where the user_realm is null for the global
admin case and hence the ldap lookup fails. For all other cases "canonuser"
gets the complete email address and hence the ldap lookups are succeeding.

Anyone on the list uses 'saslauthd' with 'ldap' backend? Appreciate
pointers!


You can add a separate entry for your admins in ldap.

Or

Use ldap_default_realm: defaultdomain in saslauthd.conf

-Igor


Thanks
__
Seva

We are looking to migrate from our existing 2.1.x to the latest ver 2.2.8.
We want to use stock virtual hosting feature and have configured the system
accordingly. We are able to login via 'cyradm' and create user mailboxes
if we use domain specific admin. We have trouble logging in as global admin.
We are using 'saslauthd' and 'ldap' for authentication and using the
following
setting in the imapd.conf file:


virtdomains: on
admins: globaladmin [EMAIL PROTECTED]
defaultdomain: xyz.com


We are able to login as [EMAIL PROTECTED] and create mailboxes for
'test.com'
but can't login as 'globaladmin'. Alternatively, if we change the above
config
to the following:


virtdomains: on
admins: [EMAIL PROTECTED] mailadmin
defaultdomain: test.com


then we can login as [EMAIL PROTECTED] and create mailboxes for 'xyz.com'
but can't login as mailadmin.


We found that the default domain is getting discarded by the system and
never
getting passed to ldap server hence the 'DN' is missing the domain component
and hence failing.


Is there some config setting we are missing that is causing this? 


---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Reply via email to