Questions about LDAP schema and Multi-Domain IMAP

[Blackard, Robert]

I didn't know if this was a general Cyrus issue or a sasl issue so I sent to both lists.   I'm having a hard time finding and reconciling documentation about how to set up multi-domain user authentication for Cyrus IMAP using saslauthd, PAM and OpenLDAP.  Any information, hints or suggestions of other resources would be helpful.  I've been focusing on solving the problem for Cyrus and then expecting to back-fit that solution to sendmail.   I have rather grand plans, so let me give a little background.   I'm running RedHat 8.0, which comes with OpenLDAP 2.0.27, and I've downloaded the latest Cyrus IMAP and sasl stuff.   Ideally users would be authenticated (and have their mail routed by sendmail and stored by Cyrus) with uid and domain.  Uid's should be unique within domain, but the same uid should be allowed to exist under different domains.  It would be nice, but not a requirement, that additional dc components be available to segregate classes of users within a domain so that, for example, within omniprise.com I could have support.omniprise.com and sales.omniprise.com - I would think that the uid be unique under omniprise.com so that [EMAIL PROTECTED] and [EMAIL PROTECTED] would be invalid.   I have gotten this tree functioning under OpenLDAP as a starting point:   root |- com (dc) |  |- omniprise (dc) |  |  |- people (ou) |  |  |  |- blackard (inetOrgPerson, posixAccount) |  |- <yourco> (dc) |  |  |- ... |- org (dc) |  |- hillcountrytriumphclub (dc) |  |  |- people (ou) |  |  |  |- dgjulien (inetOrgPerson) |  |- <theirorg> (dc) |  |  |- ...   At the moment I've got the slapd.conf in a very simple form, and the suffix is defined as "" so that all data is stored in the same database.  I'll worry about separating these later.   Thanks in advance for any information you can provide, and I'm wearing my fireproof shorts in case I get flamed.