Hello ,
I'm trying to use global admins with virtual domains and I am not sure how it
works. It works find with admins for specific domains.
Part of the documentation says that every user has a domain when using virtual
domains and part says use a user without a domain for a global domain.
Cou
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --On Monday, December 11, 2006 22:54:06 -0400 "Marc G. Fournier"
<[EMAIL PROTECTED]> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
>
> 'k, I'm obviously missing something, cause its not working ...
>
> I setup defaultdomain in imapd.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
'k, I'm obviously missing something, cause its not working ...
I setup defaultdomain in imapd.conf to point to the domain, so now when I try
to login, it shows:
plaintext cyrus SASL(-13): user not found: checkpass failed
and, in my sql backend, I
user/[EMAIL PROTECTED] (\HasNoChildren)
user/[EMAIL PROTECTED] (\HasNoChildren)
user/[EMAIL PROTECTED] (\HasNoChildren)
user/[EMAIL PROTECTED] (\HasNoChildren)
user/[EMAIL PROTECTED] (\HasNoChildren)
mail1.ugent.be> quit
As you can see I can now login :) and create mailboxes. So I guess I'm
Hi Rudy,
On 17.05.2006, at 10:29, Rudy Gevaert wrote:
former03 | Baltasar Cevc wrote:
Hi Rudy,
On 16.05.2006, at 11:39, Rudy Gevaert wrote:
But as you can see the [EMAIL PROTECTED] user doesn't list any mailboxes or
create any mailboxes.
Does anybody have any clues?
I just had a look at my
former03 | Baltasar Cevc wrote:
Hi Rudy,
On 16.05.2006, at 11:39, Rudy Gevaert wrote:
But as you can see the [EMAIL PROTECTED] user doesn't list any mailboxes or
create any mailboxes.
Does anybody have any clues?
I just had a look at my config - I've set servername and defaultdomain
to t
Hi Rudy,
On 16.05.2006, at 11:39, Rudy Gevaert wrote:
But as you can see the [EMAIL PROTECTED] user doesn't list any mailboxes or
create any mailboxes.
Does anybody have any clues?
I just had a look at my config - I've set servername and defaultdomain
to the same value ('jura') - maybe you
machine and
add the user 'cyrus' with saslpasswd it can't login yet.
jura:/mail/mail1# cat etc/imapd.conf:
defaultdomain: jura
admins: [EMAIL PROTECTED] cyrus
The first address would be the virtual domain admin of mail.ugent.be,
the second is a global admin - you have to set a
saslpasswd it can't login yet.
jura:/mail/mail1# cat etc/imapd.conf:
defaultdomain: jura
admins: [EMAIL PROTECTED] cyrus
The first address would be the virtual domain admin of mail.ugent.be,
the second is a global admin - you have to set a SASL secret for
cyrus@. In case your servername is ma
mitrohin a.s. wrote:
defaultdomain always is removed from username. imho, sasl routines
use hostname as realm for this case.
Sadly If I set the default domain to the hostname from the machine and
add the user 'cyrus' with saslpasswd it can't login yet.
jura:/mail/mail1# cat etc/imapd.con
going to
> > use "ldap_default_realm" value unless it gets a null ("") realm
> > from imap. I have not looked into the imap code, but it appears
> > that it is sending the "reverse dns" host name as the realm.
> >
> > Anyway to force imap t
e realm for following
case: cyradm -u [EMAIL PROTECTED] localhost
Alternatively, is there anyway to make imap send null ("") to sasl
when global admin logins as: cyradm -u globaladmin localhost
About a year half ago, when we looked to migrate to 2.2.x from 2.1.x,
above scenario (cyr
name as the realm.
Anyway to force imap to use passed fqdn as the realm for following
case: cyradm -u [EMAIL PROTECTED] localhost
Alternatively, is there anyway to make imap send null ("") to sasl
when global admin logins as: cyradm -u globaladmin localhost
About a year half ago,
Hello,
We have the following set in the imapd.conf for 2.3.1 install:
virtdomains: on
admins: globaladmin [EMAIL PROTECTED]
defaultdomain: xyz.com
and in saslauthd.conf:
ldap_default_realm: xyz.com
Following cyradm logins fail for the 'globaladmin', whether or not
FQDN is passed as an option of
Thanks Igor, it works now!
>
> You can add a separate entry for your admins in ldap.
>
We did setup a dummy ldap branch for the default domain (which
is specially setup for this). We use "ldap_auth_method: fastbind"
and use filter to get to base DN, which has domain as one of its
components.
lt domain, domain part is getting dropped and
only mailid is returned as "canonuser". This value is propagated all the way
to saslauthd_verify_password() where the user_realm is null for the global
admin case and hence the ldap lookup fails. For all other cases "canonuser"
gets the com
and
only mailid is returned as "canonuser". This value is propagated all the way
to saslauthd_verify_password() where the user_realm is null for the global
admin case and hence the ldap lookup fails. For all other cases "canonuser"
gets the complete email address and hence th
and create user mailboxes
if we use domain specific admin. We have trouble logging in as global admin.
We are using 'saslauthd' and 'ldap' for authentication and using the following
setting in the imapd.conf file:
I've found that if I have a default domain & a cyrus-imap admin
that admin can only add mailboxes to his domain, be it with the
domain name or without. He cannot add mailboxes on other domains.
How would i create a global admin who can add mailboxes as he pleases?
-Nigel
pgp
Christos Soulios wrote:
Quoting Rob Siemborski <[EMAIL PROTECTED]>:
On Fri, 2 Jan 2004, Christos Soulios wrote:
Rob Siemborski wrote:
On Fri, 2 Jan 2004, Paul Boven wrote:
The only argument I currently completely understand for an IP-only based
setup is that of sites that need to distinguish
On Sat, 3 Jan 2004, Christos Soulios wrote:
> > You can do that in a model that still allows users to add an @ sign and a
> > domain to their userid.
>
> I cannot figure out how this can be achieved. And to make it clear, I will give
> an example.
>
> I have two domains domain1.com and domain2.com
Quoting Rob Siemborski <[EMAIL PROTECTED]>:
> On Fri, 2 Jan 2004, Christos Soulios wrote:
>
> > Rob Siemborski wrote:
> > > On Fri, 2 Jan 2004, Paul Boven wrote:
> > >
> > > The only argument I currently completely understand for an IP-only based
> > > setup is that of sites that need to distingu
On Fri, 2 Jan 2004, Paul Boven wrote:
> Christos Soulios wrote:
>
> > Security is one thing. More than this, my opinion is that in order cyrus
> > to be deployed in a true multi domain environment, and thus actually be
> > used by ISPs, admins must be able to distribute the virtual domains
> >
>
> In almost every case, all of the information available in Cyrus has
> already crossed the network unencrypted, be it via SMTP between sites or
While not an universal answer, i feel the need to defend the encrypted
transport a little:
When a domain is handled by an isp, that domains internal ma
On Fri, 2 Jan 2004 13:09:43 -0500 (EST)
Rob Siemborski <[EMAIL PROTECTED]> wrote:
> The only way to get a win out of a model that disallows that feature is to
> come up with something where it actively causes problems.
Yes, and this requires active knowledge of cyrus & sasl code. I think you
gu
On Wed, 31 Dec 2003 16:09:47 +0100
Christian Schulte <[EMAIL PROTECTED]> wrote:
> How are loginrealms handled if virtdomain-support gets enabled when it was
> in use before without virtdomains ?
>
I forgot a bit about loginrealms ... they make sense to me in a setup where
mail system is set up
On Fri, 2 Jan 2004, Christos Soulios wrote:
> Rob Siemborski wrote:
> > On Fri, 2 Jan 2004, Paul Boven wrote:
> >
> > The only argument I currently completely understand for an IP-only based
> > setup is that of sites that need to distinguish ANONYMOUS users between
> > domains (and prehaps that i
Rob Siemborski wrote:
On Fri, 2 Jan 2004, Paul Boven wrote:
The only argument I currently completely understand for an IP-only based
setup is that of sites that need to distinguish ANONYMOUS users between
domains (and prehaps that is good enough).
What about being able to determine the virtual d
On Fri, 2 Jan 2004, Paul Boven wrote:
> Security is a very important thing. And security to me means encryption,
> not only of the authentication phase but of the whole session. Now with
> HTTPS I know you loose the ability to support virtual domains, because
> the TLS session must be setup before
Paul Boven wrote:
Hi Christos, everyone,
Security is a very important thing. And security to me means encryption,
not only of the authentication phase but of the whole session. Now with
HTTPS I know you loose the ability to support virtual domains, because
the TLS session must be setup before
Hi Christos, everyone,
Christos Soulios wrote:
Security is one thing. More than this, my opinion is that in order cyrus
to be deployed in a true multi domain environment, and thus actually be
used by ISPs, admins must be able to distribute the virtual domains
according to the name of the serve
domains support in cyrus.
How do you propose to handle admins, especially the global admin? Jure's
proposal seems to make the most sense to me at this point (admins use
fully qualified userids)
Jure's proposal sounds fine to me too. With a small change. Which is
that domain admins do n
explain why this matters. Are you limited certain domains to a
particular interface for security reasons? I assumed that byaddr is
just a convenience for the users.
How do you propose to handle admins, especially the global admin?
Jure's proposal seems to make the most sense to me at this
ess the user is coming from belongs. [EMAIL PROTECTED] usernames should be
rejected IMHO. global admin should be specified without the @domain and
authenticated on any ip address. per domain admin users should be specified
with @domain and should only authenticate when coming to the right ip
addr
Quoting Ken Murchison <[EMAIL PROTECTED]>:
>
> But authentication should fail in this case, unless the user's in two
> different domains have the same userid and password.
>
Actually, I think that it is more efficient if cyrus-imap did all the virtual
domains handling, without the assistance o
> I just committed some code to CVS which changes the virtdomains option
> from a SWITCH to an ENUM having 3 options:
>
> off/no/0/false/f (disabled)
> userid(fully qualified userids only)
> on/yes/1/true/t (current behavior)
>
> What this means (hopefu
ginrealms part gets also
stripped to un-qualify the userid) ?
> without defaultdomain server accepts & authenticates only usernames in the
> form [EMAIL PROTECTED], where domain specifies the hirearchy tree the user
> belongs to. global admin should be specified without the @doma
s the hirearchy tree the user belongs
to. global admin should be specified without the @domain and admin users
with @domain should only have rights over their domain tree.
virtdomains=ipaddr (or something)
here we need to teach server the ip->domain mapping. reverse dns? most
likely.
server a
On Tue, 30 Dec 2003, Christos Soulios wrote:
> This means that there is no choice for an administrator who might want
> to distribute users to the domains _only_ according to the IP address of
> the server that users connect to? I would not like my users to have the
> ability to choose a domain
Christos Soulios wrote:
This means that there is no choice for an administrator who might want
to distribute users to the domains _only_ according to the IP address of
the server that users connect to? I would not like my users to have the
ability to choose a domain only by appending a @domain
This means that there is no choice for an administrator who might want
to distribute users to the domains _only_ according to the IP address of
the server that users connect to? I would not like my users to have the
ability to choose a domain only by appending a @domain to their userid.
Are the
On Tue, 30 Dec 2003, Rob Siemborski wrote:
> On Tue, 30 Dec 2003, Igor Brezac wrote:
>
> > I think I found what is causing the problem or at least unpredicteble
> > behavior. %r will have a value regardless of whether an application
> > (imapd in this case) passes the realm to the auxprop. sasl
On Tue, 30 Dec 2003, Igor Brezac wrote:
> I think I found what is causing the problem or at least unpredicteble
> behavior. %r will have a value regardless of whether an application
> (imapd in this case) passes the realm to the auxprop. saslauthd auths do
> not work this way. This is also some
7;t know what to tell you
> >>about my configuration to make you believe me when I say I can't connect a
> >>global admin through anything but localhost. If I had the time and I was
> >>more understanding of C, I'd dive in the code and hunt it down, but the
> >&
Igor Brezac wrote:
Ummm.. there aren't many mechs on my system :-) But at least this
Read cyrus-sasl/doc/
Would you like me to post my config again? I don't know what to tell you
about my configuration to make you believe me when I say I can't connect a
global admin throu
something confusing with %r and global
admin/defaultdomain. At least it was my problem that days and took me
hours to figure out :-)
--
Christian
Hello all,
I know many of you are disscussing some problems on virtual domain and
global admin.
I have also read many of those problems which are very similar to my case.
However I would like to mention again a strange problem on the "admins"
parameters in /etc/imapd.conf
The prob
> Ummm.. there aren't many mechs on my system :-) But at least this
Read cyrus-sasl/doc/
> Would you like me to post my config again? I don't know what to tell you
> about my configuration to make you believe me when I say I can't connect a
> global admin through a
> S: + go ahead
> C:
> S: L01 OK User logged in
> Authenticated.
>
>
> # imtest -a [EMAIL PROTECTED] -m login x.y.z.60
> S: * OK Ipass Cyrus IMAP4 v2.2.2 server ready
> C: C01 CAPABILITY
> S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE
this manner. No defaultdomain setting. Users are hashed
in the domains as they should be, however I'd like to have a global
admin. The documents say I need the defaultdomain to have a global
admin. Why? Is there anyway to get around this?
I'd like to have a global admin without having the d
still want unqualified logins
> > > > if not due upgrading reasons from an old installation with unqualified
> > > > logins ? This all only has to do with unqualified logins which I do not
> > > > want/need except for the global admin. If someone plans on changing
hashing all nice and pretty.
> >>
> >> Now I have a slightly different issue. I've finally gone back and set
> >> things up in this manner. No defaultdomain setting. Users are hashed
> >> in the domains as they should be, however I'd like to have a global
t
> >> things up in this manner. No defaultdomain setting. Users are hashed
> >> in the domains as they should be, however I'd like to have a global
> >> admin. The documents say I need the defaultdomain to have a global
> >> admin. Why? Is there anyway t
an old installation with unqualified
> > > logins ? This all only has to do with unqualified logins which I do not
> > > want/need except for the global admin. If someone plans on changing the
> > > behaviour with the global admin and defaultdomain I would really lik
the domains as they should be, however I'd like to have a global
admin. The documents say I need the defaultdomain to have a global
admin. Why? Is there anyway to get around this?
I'd like to have a global admin without having the defaultdomain set.
I don't really understand w
Kendrick Vargas schrieb:
As for only being able to log in via localhost to your global admin account,
it's a bug whether you like it or not :-) Relying on a bug to maintain
your security is really bad security. The only time I feel secure in my
setups is when I know everything is working
all only has to do with unqualified logins which I do not
> > want/need except for the global admin. If someone plans on changing the
> > behaviour with the global admin and defaultdomain I would really like to
> > keep the ability to not let a global admin in if not connecting to
> >
cept for the global admin. If someone plans on changing the
> behaviour with the global admin and defaultdomain I would really like to
> keep the ability to not let a global admin in if not connecting to
> localhost and of course there should be a note about the change so that
> next
.somename.com
admins: someadmin
and no default domain! If I login as "someadmin" mysql auxprop plugin
will query for "[EMAIL PROTECTED]" and after authentication
this will be the global admin "someadmin" from the admins line with all
rights.
This tends to go against
On Sun, 28 Dec 2003, Kendrick Vargas wrote:
> On Fri, 26 Dec 2003, Igor Brezac wrote:
>
> > On Fri, 26 Dec 2003, Kendrick Vargas wrote:
> >
> > > On Fri, 26 Dec 2003, Igor Brezac wrote:
> > >
> > > > > configdirectory: /opt/var/imap
> > > > > partition-default: /opt/var/spool/imap
> > > > > admin
On Fri, 26 Dec 2003, Igor Brezac wrote:
> On Fri, 26 Dec 2003, Kendrick Vargas wrote:
>
> > On Fri, 26 Dec 2003, Igor Brezac wrote:
> >
> > > > configdirectory: /opt/var/imap
> > > > partition-default: /opt/var/spool/imap
> > > > admins: [EMAIL PROTECTED]
> > >
> > > This admin is for hudat.com o
t; I have
>
> servername: imap.somename.com
> admins: someadmin
>
> and no default domain! If I login as "someadmin" mysql auxprop plugin
> will query for "[EMAIL PROTECTED]" and after authentication
> this will be the global admin "someadmin" from
I vote for the config option.
I'm always in favour of less hard coded behaviour and more configuration options (with sane defaults). :)
Regards
On Mon, 2003-12-29 at 00:40, Christos Soulios wrote:
Hi list.
It would be very helpful if I could choose _only_ one from these
options. You see, w
Hi list.
It would be very helpful if I could choose _only_ one from these
options. You see, with current code for virtual domains, I faced the
following frustrating situation.
Provided that I have set up two domains foo.com and bar.com in my dns
server and that I have given 2 IP addresses to my
erent issue. I've finally gone back and set
> > things up in this manner. No defaultdomain setting. Users are hashed in
> > the domains as they should be, however I'd like to have a global admin.
> > The documents say I need the defaultdomain to have a global admin.
On Fri, 26 Dec 2003, Kendrick Vargas wrote:
> On Fri, 26 Dec 2003, Igor Brezac wrote:
>
> > On Fri, 26 Dec 2003, Kendrick Vargas wrote:
> >
> > > Doesn't seem to work. If I set a fake domain, cyrus just checks the user
> > > against the hostname of the machine, or some truncated form of it. I can
On Fri, 26 Dec 2003, Igor Brezac wrote:
> On Fri, 26 Dec 2003, Kendrick Vargas wrote:
>
> > Doesn't seem to work. If I set a fake domain, cyrus just checks the user
> > against the hostname of the machine, or some truncated form of it. I can
> > see this cuz I am using mysql as the auth backend, a
erent issue. I've finally gone back and set
> > things up in this manner. No defaultdomain setting. Users are hashed in
> > the domains as they should be, however I'd like to have a global admin.
> > The documents say I need the defaultdomain to have a global admin.
uld be, however I'd like to have a global admin.
The documents say I need the defaultdomain to have a global admin. Why?
Is there anyway to get around this?
I'd like to have a global admin without having the defaultdomain set. I
don't really understand why that would be a req
ng all nice and
> > > pretty.
> > >
> > > Now I have a slightly different issue. I've finally gone back and set
> > > things up in this manner. No defaultdomain setting. Users are hashed in
> > > the domains as they should be, however I'd like to
min" mysql auxprop plugin
will query for "[EMAIL PROTECTED]" and after authentication
this will be the global admin "someadmin" from the admins line with all
rights.
--
Christian
I've finally gone back and set
> > things up in this manner. No defaultdomain setting. Users are hashed in
> > the domains as they should be, however I'd like to have a global admin.
> > The documents say I need the defaultdomain to have a global admin. Why?
> &
r. No defaultdomain setting. Users are hashed in
> the domains as they should be, however I'd like to have a global admin.
> The documents say I need the defaultdomain to have a global admin. Why?
> Is there anyway to get around this?
>
> I'd like to have a global admin without
x27;d like to have a global admin.
The documents say I need the defaultdomain to have a global admin. Why?
Is there anyway to get around this?
I'd like to have a global admin without having the defaultdomain set. I
don't really understand why that would be a requirement. Maybe this
b
hello,
I have tried the Cyrus 2.2-1 Beta on RH8 and RH9.
It is very strange that the line in /etc/imapd.conf : " admins: cyrus " does
not behave the same.
Since I use saslauthd with mech=LDAP, I have the record for
[EMAIL PROTECTED] (!) because
On RH8, it acts as the global admin
I have tried to setup the global admin for 2.2.1
beta according to the doc but I failed.
I have also read the mailling list, just found a
litte help...
Platform:
RH 9
Cyrus-imapd-2.2.1 beta
Cyrus-2.1.15
Openldap 2.1.22-4 (rawhide)
This is my extract of my config files:
/etc/imapd.conf
76 matches
Mail list logo
