Hal Deadman wrote: > I am working with a custom java webmail application that accesses > Cyrus imap configured with sasl/pam_ldap for authentication. The > user's login names for the webmail client are based on the ldap cn > attribute but the mailboxes in Cyrus are based on the ldap > mailNickname attribute. The webmail client passes the mailNickname > attribute as the username when it authenticates to Cyrus. > > example: > cn=john.smith > mailNickname=ea9d92f15f608c44a7b4fdccf3f02bc5 > > I am introducing SSO via JA-SIG CAS and pam-cas. I would like to > authenticate to IMAP using the cn (since that's what pam-cas will get > when it validates the CAS service ticket) but I still want the > mailboxes to be based on the mailNickname attribute. > > Is there a way to have the user's mailbox be based on a different ldap > attribute than their authentication id? Perdition can do that, and probably several other IMAP proxies. Perdition can proxy pop3 and imap connections but does not proxy sieve connections. Another option is to use the SASL ldapdb user canonicalization plugin, which is more of a generic solution, and can be used with most/all cyrus services. - Dan ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html