Re: cyrus + Active directories authentication query

"Clement Hermann (nodens)" <nodens2099@xxxxxxxxx> · Thu, 03 Jan 2013 22:44:59 +0100

    Le 03/01/2013 10:07, jayesh shinde a écrit :

      Hi all , 

        I am trying to configure the cyrus + Active directories
        authentication. 

        I have cyrus-imapd-2.4.6-5  and  Active Directory 2003 &
        2010 

        The  mailbox in cyrus  is in format of  firstname.lastname@xxxxxxxxxx

        But the problem is attributes  of Active directories like
        sAMAccountName:  userPrincipalName: & mail: are different (
        not same ) 

        Example :--  

        mail: jayesh.shinde@xxxxxxxxxx

        sAMAccountName: 10030

        userPrincipalName: jshinde@xxxxxxxxxx

        Cyrus mailbox :-- jayesh.shinde@xxxxxxxxxx

        Requirement is :-- 

        ------------------------

         I want to do auth by "sAMAccountName" name , this 
        sAMAccountName is use for  Windows desktop login. 

         And I want to keep same login & password credential for
        both windows + email login 

         When I am trying do login with  pop3/ imap  with above "sAMAccountName" of active
        directory  , then

        I am not able to login. It gets fail. 

        Where as if  I use "mail:" attribute of Active directory then I
        am able to login with  pop3 / imap  and able to all normal
        activity. 

        1) Is any one come across such scenario or requirement , if yes
        how its getting manage ?

        2) Is there any way or workaround by which I can do sucessfull
        login with "sAMAccountName" and get login in "Cyrus mailbox"  ?
        ( which is mention in above example) 

    Unless I missed
      something, Active Directory authentication would use GSSAPI (that
      is, kerberos) and the username would be the kerberos
      userprincipalname, not the samaccountname. So I suppose what you're trying
      to do is LDAP authentication against Active Directory with
      saslauthd.

      One way to make this work would be to disable virtual domains (or
      use a default domain), and rename the mailboxes as the
      sAMAccountName (and change mail routing accordingly).

      I don't think there is a way to make mailbox aliases or username
      rewrite in cyrus, so you'd have to use some kind of proxy to do
      that without renaming the mailboxes.

      Cheers,

    -- 
Clement Hermann (nodens)
- "L'air pur ? c'est pas en RL, ça ? c'est pas hors charte ?"
Jean in L'Histoire des Pingouins, http://tnemeth.free.fr/fmbl/linuxsf/

Vous trouverez ma clef publique sur le serveur public pgp.mit.edu.
Please find my public key on the public keyserver pgp.mit.edu.

----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus