Summary: can safely I put mailbox subscriptions for a new user directly into their .sub file ?
Hi,
I am putting together a large cyrus system - 20,000 users - at a UK college.
Creation of users need to be automatic, I will get a list of new users every day from central admin. Logged in as cyrus I can create the users and their mail boxes (drafts, etc) using a perl script, easy.
The user then needs to be subscribed to their mailboxes. This must be done logged in as the user - that is hard, I have no way of knowing their password.
You don't need to. You can proxy as any user as long as you authenticate as an admin. You need to be able to authenticate using a SASL mechanism which allows for proxying (PLAIN, DIGEST-MD5, OTP, SRP). Using cyradm, this would look like:
cyradm --user cyrus --authz <userid> --auth digest-md5 localhost
Using imtest, it would look like this:
imtest -a cyrus -u <userid> -m digest-md5 localhost
Both of these will authenticate you as cyrus (using cyrus' password), but authorize you (assume the identity) as <userid>.
I do notice that the user fred's subscription list is stored in:
/var/imap/user/f/fred.sub
Is there any reason why I should not just create that file ?
You *can* do this if you like, as long as you create it r/w by the cyrus user, but all administration *should* be done via the IMAP protocol.
Come to that, is there any reason why I should not create the user's mailbox directly, ie .../users/fred/ and use reconstruct to rebuild the cyrus.cache, etc files ?
No, I wouldn't recommend that. Every mailbox needs to have an entry in mailboxes.db, in addition to its directory and cyrus.* files. As I said above, all Cyrus administration *should* be done via IMAP.
-- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
