Re: user and realm splitting in cyrus/ldap

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Marten Lehmann wrote:

Hello,
I'm using Cyrus with saslauthd using ldap. When I am testing the setup with testsaslauthd it works fine. But when I am authenticating through cyrus (imap login) then I notice in the saslauthd logs, that cyrus seems to split the credentials. I'm using virtual domains, so a login looks like test@xxxxxxxxx Through cyrus saslauthd receives 

[user=test] [service=imap] [realm=test.com] [mech=ldap]

but with testsaslauthd it receives

[user=test@xxxxxxxx] [service=imap] [realm=] [mech=ldap]

as I expected it. How can I tell cyrus not to split it up to realms?


You have to set the ldap_filter correctly:

ldap_filter: <uid=%u>
Specify a filter. The following tokens can be used in the filter string: 

        %%   = %
        %u   = user
        %U   = user portion of %u (%U = test when %u = test@xxxxxxxxxx)
        %d   = domain portion of %u if available (%d = domain.tld when %u =
               %test@xxxxxxxxxx), otherwise same as %r
        %1-9 = domain tokens (%1 = tld, %2 = domain when %d = domain.tld)
        %s   = service
        %r   = realm
        %D   = user DN (available for group checks)
The %u token has to be used at minimum for the filter to be useful. If 
        ldap_auth_method is 'bind', the filter will search for the DN
(distinguished name) attribute. Otherwise, the search will look for 
        the 'ldap_password_attr' (see below) attribute.


In my case it is:
ldap_filter: (&(umMailObjectStatus=enabled)(umCyrusStatus=enabled)(umLogin=%u%R)) 

So that it looks for user@xxxxxxxxxx


Regards
Marten
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html



--
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Rudy Gevaert          Rudy.Gevaert@xxxxxxxx          tel:+32 9 264 4734
Directie ICT, afd. Infrastructuur ICT Department, Infrastructure office
Groep Systemen                    Systems group
Universiteit Gent                 Ghent University
Krijgslaan 281, gebouw S9, 9000 Gent, Belgie               www.UGent.be
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux