On 02/18/13 15:35 +0100, Gabriele Bulfon wrote: >Hi, >I recently reimplemented cyrus+postfix+ldap in multi domain mode, and everything works fine. >I found my self needing to convert a situation where a dom1.com is same as dom2.com, >and every user in 1st domain are actually the same users of 2nd domain. >On postfix, I can manage this with virtual aliases. >On ldap, I could manage common authentication through relay / rwm, so that user@xxxxxxxx >can still authenticate as user@xxxxxxxx, with same password (and this works for any service >trying to authenticate on ldap). >Being cyrus authentication routed through saslauthd+ldap, I can authenticate on imap both >as user@xxxxxxxx and user@xxxxxxxx, but then cyrus look for a different mailbox as it doesn't >actually know the two domains are the same one. >Is there any way to instruct cyrus to treat dom2.com as dom1.com? >Thanx for any help. >Gabriele. You can use the ldapdb canonicalization plugin to transform the authentication identity (user@xxxxxxxx) into user@xxxxxxxx. To configure (in /etc/imapd.conf): sasl_ldapdb_uri: ldap://ldap.example.com sasl_ldapdb_mech: DIGEST-MD5 sasl_ldapdb_id: searcher sasl_ldapdb_pw: searcher_secret sasl_ldapdb_canon_attr: maildrop sasl_canon_user_plugin: ladpdb The logic is basically: ldapwhoami -Y DIGEST-MD5 -U searcher -X u:user@xxxxxxxx <provide password of searcher_secret> uid=user@xxxxxxxx,ou=people,dc=example,dc=com ldapsearch -Y DIGEST-MD5 -U searcher -b \ "uid=user@xxxxxxxx,ou=people,dc=example,dc=com" maildrop <provide password of searcher_secret> maildrop: user@xxxxxxxx You will need to configure your 'searcher' identity with an authzTo capable of authorizing as any of your user@xxxxxxxx identities. And you will need to configure appropriate authz-regexp rules in your slapd config to map sasl identities (searcher, and user@xxxxxxxx) into DNs. Getting all the ACLs correct can take a little trial and error. -- Dan White ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus