Hello, I have done some digging into the code and found the following:
The login process is going thru following function calls: cmd_login() -> imapd_canon_user() -> mysasl_canon_user() -> canonify_userid() in canonify_userid() for default domain, domain part is getting dropped and only mailid is returned as "canonuser". This value is propagated all the way to saslauthd_verify_password() where the user_realm is null for the global admin case and hence the ldap lookup fails. For all other cases "canonuser" gets the complete email address and hence the ldap lookups are succeeding. Anyone on the list uses 'saslauthd' with 'ldap' backend? Appreciate pointers! Thanks __ Seva > We are looking to migrate from our existing 2.1.x to the latest ver 2.2.8. > We want to use stock virtual hosting feature and have configured the system > accordingly. We are able to login via 'cyradm' and create user mailboxes > if we use domain specific admin. We have trouble logging in as global admin. > We are using 'saslauthd' and 'ldap' for authentication and using the > following > setting in the imapd.conf file: > > > virtdomains: on > admins: globaladmin [EMAIL PROTECTED] > defaultdomain: xyz.com > > > We are able to login as [EMAIL PROTECTED] and create mailboxes for > 'test.com' > but can't login as 'globaladmin'. Alternatively, if we change the above > config > to the following: > > > virtdomains: on > admins: [EMAIL PROTECTED] mailadmin > defaultdomain: test.com > > > then we can login as [EMAIL PROTECTED] and create mailboxes for 'xyz.com' > but can't login as mailadmin. > > > We found that the default domain is getting discarded by the system and > never > getting passed to ldap server hence the 'DN' is missing the domain component > and hence failing. > > > Is there some config setting we are missing that is causing this? --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
