virtdomains: 1 (don´t query DNS)
virtdomains: userid (do DNS query)
In fact, if you read the manual, the way it works is:
virtdomains: 1
(do DNS query if no realm is specified in userid - see excerpt I included in previous email)
virtdomains: userid
(never do a DNS query, i.e.: only use userid - and the part that is not mentioned but I can see for myself in the queries - if no realm is specified in user id then use [the short] server name for the realm... and that gives me something consistent which is all I needed. As a bonus there is no chance of costly DNS lookups which there can be if I leave virtdomains set at 1.)
I have yet to find ldap_default_realm in the html manual but perhaps it is only in the man pages (or I just haven't seen it even though it is there). In any case, I will certainly look further with your information provided but at it stands, the solution of changing virtdomains to userid was a good one for my needs.
Thank you for your kind help.
Reggie.
Thursday, August 6, 2009, 1:25:13 PM, you wrote:
> On Thu, Aug 6, 2009 at 3:34 PM,
> Nybbles2Byte<nybbles2byte@xxxxxxxxx> wrote:
>> Thanks but I am not sure how you are getting that conclusion from this
>> wording in the manual. As far as I can see it almost (but not quite) the
>> reverse of what you are saying.
> # man imapd.conf
> virtdomains: off
> Enable virtual domain support. If enabled, the user’s domain
> will be determined by splitting a fully qualified userid at the last
> ’@’ or ’%’ symbol.
> userid refer to "login" user not reverse DNS.
> fully qualified userid => johndoe@xxxxxxxxxxx (no dns lookup)
> unqualified userid => johndoe (no dns lookup if
> sasl_ldap_default_domain* or sasl_ldap_default_realm* and
> defaultdomain is set)
> * without sasl_ prefix at saslauthd.conf .
> With saslauthd.conf:
> ldap_default_realm: default.example.org
> ldap_filter: (&(objectClass=inetOrgPerson)(mail=%U@%d))
> Login with unqualified userid root makes query to
> (&(objectClass=inetOrgPerson)(mail=root@xxxxxxxxxxxxxxxxxxx))
> With "admins: root" root become global admin.
> This example is to salsauthd with LDAP backhend.
>> ----------------------------------------------------------------------------------
>> Configuring Virtual Domains
>> Introduction
>> Virtual domains is the practice of hosting a service for more than one
>> domain on one server. Cyrus IMAP has the ability to host IMAP/POP mailboxes
>> for multiple domains (e.g. test@xxxxxxxxxxx and test@xxxxxxxxxxx) on a
>> single server or Murder.
>> In order to accomplish this, Cyrus needs to know which domain to look in
>> when a mailbox is accessed. There are two ways in which Cyrus can determine
>> the domain:
>> * Fully qualified userid - the client logs in with a userid containing
>> the domain in which the user belongs (e.g test@xxxxxxxxxxx or
>> test%example.net)
>> * IP address - the server looks up the domain based on the IP address of
>> the receiving interface (useful for servers with multiple NICs or using IP
>> aliasing)
>> Both of these methods are active if the virtdomains option is set to on (or
>> yes, 1, true) and can be used in conjunction with one another. If the
>> virtdomains option is set to userid, then only the first method is used.
>> Note that a fully qualified userid takes precedence over a domain obtained
>> from the IP address.
>> ----------------------------------------------------------------------------------
--
Nybbles2Byte mailto:nybbles2byte@xxxxxxxxx
---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html