Re: basing user's mailbox name on different ldap attribute than authentication id

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hal Deadman wrote:
> I am working with a custom java webmail application that accesses 
> Cyrus imap configured with sasl/pam_ldap for authentication. The 
> user's login names for the webmail client are based on the ldap cn 
> attribute but the mailboxes in Cyrus are based on the ldap 
> mailNickname attribute. The webmail client passes the mailNickname 
> attribute as the username when it authenticates to Cyrus.
>
> example:
> cn=john.smith
> mailNickname=ea9d92f15f608c44a7b4fdccf3f02bc5
>
> I am introducing SSO via  JA-SIG CAS and pam-cas. I would like to 
> authenticate to IMAP using the cn (since that's what pam-cas will get 
> when it validates the CAS service ticket) but I still want the 
> mailboxes to be based on the mailNickname attribute. 
>
> Is there a way to have the user's mailbox be based on a different ldap 
> attribute than their authentication id? 

Perdition can do that, and probably several other IMAP proxies. 
Perdition can proxy pop3 and imap connections but does not proxy sieve 
connections.

Another option is to use the SASL ldapdb user canonicalization plugin, 
which is more of a generic solution, and can be used with most/all cyrus 
services.

- Dan
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux