[Obm] Cyrus Authentication

Fabien ADAM fabien.adam at linagora.com
Sun Jan 9 12:01:05 CET 2011 

Hi,

I'm replying on the mailling list to share it with others.

Le 07/01/2011 18:22, François Bachelier a écrit :
> Hi Fabien,
>
> thanks for your answer its seems to be working  at least until the 
> testsaslauthd wich return a success
> when i try with thunderbird i dont get an auth error but i get a 
> "mailbox doesnt exist" error message

Cyrus is probably trying to get the mailbox <username> whereas the 
mailbox is <username>@<domain>. You can see it using cyradm tool and lm 
command.
The solution may be to set the realm option automatically. The realm is 
your domain. I don't exactly in which file(s) this parameter is set or not.

> i dont manage to find any usefull log in  all the mail.err warn info 
> that i have on the server
> the auth.log show a successfull login
>
> the account i m doing test with works fine with the previous setup and 
> using login at domain username.
>
> do you have any idea why this happen ?
>
> thanks !
>
> François
>
> Fabien ADAM wrote:
>> Le 07/01/2011 14:42, François Bachelier a écrit :
>>> Hello all,
>>>
>>>     I'm François Bachelier head of the IT service of IHES  a  
>>> mathematics
>>> and physics research institute near paris.
>>> We are currently migrating under OBM.
>>> My first question to the list is about OBM/Cyrus  Authentication.
>>>
>>> by default we need to use login at domain as username for our mail clients
>>> configuration, this is quite annoying for us, as we will have to
>>> reconfigure all the mail clients after we switch to OBM cyrus mail 
>>> server.
>>>
>>> I saw that cyrus could be configured to use only the login and get the
>>> domain name hard coded in the configuration, but i failed to make it 
>>> works
>>>
>>> actualy our imapd.conf looks like this :
>>>
>>> virtdomains: userid
>>> #defaultdomain:
>>> # Enable virtual domain support.  If enabled, the user's domain will
>>> # be determined by splitting a fully qualified userid at the last '@'
>>> # or '%' symbol.  If the userid is unqualified, and the virtdomains
>>> # option is set to "on", then the domain will be determined by doing
>>> # a reverse lookup on the IP address of the incoming network
>>> # interface, otherwise the user is assumed to be in the default
>>> # domain (if set).
>>>
>>>
>>> i tried to put defaultdomain: mydomain
>>> i tried also virtdomains : off / on
>>>
>>> but nothing seems to work.
>>>
>>> Is there a way to make this work ?
>>
>> You have to edit /etc/saslauthd.conf to use the second filter :
>> ldap_filter: 
>> (|(&(|(mailBox=%U@%d)(mailBox=%U@<singleDomainName>))(objectClass=obmUser)(mailAccess=PERMIT))(&(uid=%U)(cn=Administrator 
>> Cyrus*)(objectClass=posixAccount)))
>>
>> Then you need to test it with :
>> $ testsaslauthd -u userlogin -p password
>>
>>> thanks !
>>>
>>> François
>>> _______________________________________________
>>> Obm mailing list
>>> Obm at list.obm.org
>>> http://list.obm.org/mailman/listinfo/obm
>>
>>
>


-- 
Fabien ADAM
Linagora GSO
4 rue Giotto, Parc Technologique du Canal 31520 RAMONVILLE SAINT AGNE
Téléphone : +33 (0)5 62 19 24 91

More information about the Obm mailing list