Hello Steve,
so your usernames are the local-part of the email address. Look at
imapd.conf:default_domain. imap/global.c:canonify_userid():
if (config_virtdomains) {
if (domain) {
if (config_defdomain && !strcasecmp(config_defdomain, domain+1)) {
*domain = '\0'; /* trim the default domain */
}
}
With virtdomains: userid it should not matter if the authentication ID ends
or not with the default_domain string.
Greetings
Дилян
-----Original Message-----
From: Steve Turner <[email protected]>
Reply-To: Info <[email protected]>
To: Info <[email protected]>
Subject: Enabling email based logins on existing system
Date: 18/09/24 00:02:33
We have a long-standing cyrus-imapd installation that is currently running on
RHEL8 using the cyrus-imapd-3.0.7-24.el8.ppc64le version that's installed via
standard RPM package management. This system has only ever supported imapd
connections using unadorned user names, and all user mailboxes are of the form
"user.mailbox". Authentication is done via saslauthd and a special PAM module
that we've written to authenticate users against our corporate employee
database. I've been trying to
configure the system to also allow authentication using the user's email
address (in addition to their unadorned cyrus mailbox name), but I've not been
successful. Authentication is not a problem, but I cannot convince cyrus-imapd
to map an email-based login to the user's underlying mailbox that is not based
on an email address.
I've seen all the discussions about using virtual domains, but no configuration
changes related to that topic have any bearing on the behavior I'm seeing.
The only thing that allows email-based authentication to work is to list the
relevant domain(s) in a "loginrealms" statement. I've also modified my
saslauthd invocation to pass the "-r" option, and our PAM authentication module
returns success for both types of logins. However, logging in with an email
address causes the connecting clients to report a "mailbox not found" error,
even though the authentication succeeds. The Roundcube client (for example)
reports: "Server Error: STATUS: Mailbox
does not exist".
I've built debug versions of the code with additional syslog() statements so I
can get an idea what's happening, and there doesn't appear to be any
configuration setting that will cause cyrus-imapd to authenticate with an email
address (e.g., "[email protected]") but map that to an unadorned user
name (e.g. "person.mailbox"). It looks to me like some additional imapd.conf
option like "striploginrealm" would need to be implemented, but I can't see an
opportune place in the code where the
logic for such an option could be inserted.
Cyrus / Info / seediscussions +participants +delivery options
Permalink
------------------------------------------
Cyrus: Info
Permalink:
https://cyrus.topicbox.com/groups/info/Tae2b59346d586220-M62ac429cb936a42044a97b28
Delivery options: https://cyrus.topicbox.com/groups/info/subscription
