Some background information & context:
I work at an organization with a Cyrus Murder cluster that contains several hundred thousand mail accounts. We're beginning the process of migrating these accounts to Google's Gmail. (No fault of Cyrus' as a product, but we've decided as an organization that we don't want to be supporting all those users and maintaining over 10TB of imap data stores. That said, Cyrus works quite well at that scale.)
Anyway, so the consulting company we're working with to help us with the migration is using Google's GAMME tool. It's a mail migration tool that works with Exchange and IMAP servers to pull the data out of the old mail servers and into Google's servers. It's a pretty limited program, and unfortunately, for it's IMAP support is more limited than we'd like. The GAMME tool takes simple lists of users, in a formatted text file, and uses that information to login as each user on the IMAP server and then copy all their mail onto the Google server. The problem with that is it needs the plain-text passwords for all the existing users to be able to log into the IMAP server.
Now, like any sane organization, we don't keep track of our users' passwords in plain-text, so we can't generate these user lists that GAMME wants. And we also are unwilling to say, reset over a half a million user account passwords with ones we would then know.
What I'm thinking of doing:
To get around this problem what I would like to do is to setup a custom Cyrus front-end server. The front end server would be isolated on our network and only be able to talk to the other relevant Cyrus servers and to the systems we have running the GAMME tool. For the custom front-end server I think it should be possible to modify the source code that handles the authorization to bypass the normal process. I want the customized server to allow connections to the individual accounts on the back end data store servers using either a specific hard coded password or to just allow authentication with any password. Is something that would work given the Cyrus Murder architecture, and if so, which source code files for Cyrus contain the relevant authorization routine(s) that would need to be changed?
Or, alternatively, if any of you have firsthand experience migrating from large scale Cyrus IMAP environments to Google's Gmail and know of alternate ways to go about doing it than using Google's GAMME, I'd be interested in hearing how you went about doing it.
Thanks!
Brian.
---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus