Re: basing user's mailbox name on different ldap attribute than authentication id
Hal Deadman wrote: > I am working with a custom java webmail application that accesses > Cyrus imap configured with sasl/pam_ldap for authentication. The > user's login names for the webmail client are based on the ldap cn > attribute but the mailboxes in Cyrus are based on the ldap > mailNickname attribute. The webmail client passes the mailNickname > attribute as the username when it authenticates to Cyrus. > > example: > cn=john.smith > mailNickname=ea9d92f15f608c44a7b4fdccf3f02bc5 > > I am introducing SSO via JA-SIG CAS and pam-cas. I would like to > authenticate to IMAP using the cn (since that's what pam-cas will get > when it validates the CAS service ticket) but I still want the > mailboxes to be based on the mailNickname attribute. > > Is there a way to have the user's mailbox be based on a different ldap > attribute than their authentication id? Perdition can do that, and probably several other IMAP proxies. Perdition can proxy pop3 and imap connections but does not proxy sieve connections. Another option is to use the SASL ldapdb user canonicalization plugin, which is more of a generic solution, and can be used with most/all cyrus services. - Dan Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
basing user's mailbox name on different ldap attribute than authentication id
I am working with a custom java webmail application that accesses Cyrus imap configured with sasl/pam_ldap for authentication. The user's login names for the webmail client are based on the ldap cn attribute but the mailboxes in Cyrus are based on the ldap mailNickname attribute. The webmail client passes the mailNickname attribute as the username when it authenticates to Cyrus. example: cn=john.smithmailNickname=ea9d92f15f608c44a7b4fdccf3f02bc5 I am introducing SSO via JA-SIG CAS and pam-cas. I would like to authenticate to IMAP using the cn (since that's what pam-cas will get when it validates the CAS service ticket) but I still want the mailboxes to be based on the mailNickname attribute. Is there a way to have the user's mailbox be based on a different ldap attribute than their authentication id? Thanks for any pointers. Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Too many open files
Rob McMahon wrote: > Shelley Waltz wrote: >> Oddly enough I had the identical issue today while trying to remove a >> bunch of users. I am running cyrus-imapd-2.3.7-2.el5 on RHEL5. >> >> I used cyradm and did >> sam user.x anyone c >> dm user.x >> >> This worked fine for about 20 users, then I got the following in maillog >> ... >> >> Nov 3 10:35:28 rr imap[16539]: IOERROR: opening quota file >> /var/lib/imap/quota/x/user.x: Too many open files >> Nov 3 10:35:28 rr imap[16539]: DBERROR: error fetching user.x: cyrusdb >> error >> Nov 3 10:35:28 rr imap[16539]: Deleted mailbox user.x >> >> If I look in /var/spool/imap/x/user/ the directory and folders for user >> x are still there. If I try to remove the mailbox once again using >> cyradm, it claims the mailbox does not exist. >> >> How does one resolve this issue safely? >> >> > I have the same problem with a few mailboxes myself, and don't know how > to clean it up. > > To avoid the problem in the first place, if you have just a few (tens ? > couple of hundred) users beginning with the same prefix, I think you can > avoid the problem in the first place by putting e.g. > > imap cmd="imapd" listen="imap" prefork=0 maxfds=4096 > > in /etc/cyrus.conf. > > I suspect the underlying cause is this chunk from > lib/cyrusdb_quotalegacy.c(foreach): > > /* strip off the qr specific path and replace with pattern */ > sprintf(strstr(quota_path, FNAME_QUOTADIR) + strlen(FNAME_QUOTADIR), > "?/%s*", prefix); > > /* search for the quotaroots */ > glob(quota_path, GLOB_NOSORT, NULL, &globbuf); > > That pattern on our boxes can match thousands of users. I think it > needs to be more careful and go looking for `prefix' and `prefix.*', but > I haven't dug into it far enough yet. I changed the maxfds to 4096 and will try removing mailboxes once again. >From my previous attempt described above, I still have /var/spool/imap/x/user/x with all the folders from the account in the directory. There appears to be no other trace of the account. Is it safe to just rm the var/spool/imap/x/user/x directory contents? I have a replica using sync_client which shows no trace whatsoever of the account, so it seems a safe bet, yes? thanks S Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Load balance multiple servers with common storage
I have been googling but couldnt see any concrete answer Is it possible to load balance multiple cyrus imapd connections with multiple servers connecting to same common storage Say , I mount the /var/spool/imap and /var/imap and the sieve dir from a SAN box on 2+ servers, Any user trying to access his mailbox will connect to any server using a h/w load balancer Irrespective of which server he connects to he will always see the same mailbox Is this a feasible solution. Will it not create locking issues on the mailboxes.db How many imap processes can a single mailboxes.db handle If I want to give a zero delay response. If there is requirement for more mailboxes , I just add more frontend boxes behind the load balancer. Can this work ? Thanks Ram Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html