Hello Steve,
so your usernames are the local-part of the email address. Look at imapd.conf:default_domain. imap/global.c:canonify_userid():
if (config_virtdomains) {
if (domain) {
if (config_defdomain && !strcasecmp(config_defdomain, domain+1)) {
*domain = '\0'; /* trim the default domain */
}
}
With virtdomains: userid it should not matter if the authentication ID ends or not with the default_domain string.
Greetings
Дилян
-----Original Message-----
From: Steve Turner <sdturne@xxxxxxxxxx>
Reply-To: Info <info@xxxxxxxxxxxxxxxxxx>
To: Info <info@xxxxxxxxxxxxxxxxxx>
Subject: Enabling email based logins on existing system
Date: 18/09/24 00:02:33
We have a long-standing cyrus-imapd installation that is currently running on RHEL8 using the cyrus-imapd-3.0.7-24.el8.ppc64le version that's installed via standard RPM package management. This system has only ever supported imapd connections using unadorned user names, and all user mailboxes are of the form "user.mailbox". Authentication is done via saslauthd and a special PAM module that we've written to authenticate users against our corporate employee database. I've been trying to
configure the system to also allow authentication using the user's email address (in addition to their unadorned cyrus mailbox name), but I've not been successful. Authentication is not a problem, but I cannot convince cyrus-imapd to map an email-based login to the user's underlying mailbox that is not based on an email address.
I've seen all the discussions about using virtual domains, but no configuration changes related to that topic have any bearing on the behavior I'm seeing.
The only thing that allows email-based authentication to work is to list the relevant domain(s) in a "loginrealms" statement. I've also modified my saslauthd invocation to pass the "-r" option, and our PAM authentication module returns success for both types of logins. However, logging in with an email address causes the connecting clients to report a "mailbox not found" error, even though the authentication succeeds. The Roundcube client (for example) reports: "Server Error: STATUS: Mailbox
does not exist".
I've built debug versions of the code with additional syslog() statements so I can get an idea what's happening, and there doesn't appear to be any configuration setting that will cause cyrus-imapd to authenticate with an email address (e.g., "person@xxxxxxxxxxxxxxxxx") but map that to an unadorned user name (e.g. "person.mailbox"). It looks to me like some additional imapd.conf option like "striploginrealm" would need to be implemented, but I can't see an opportune place in the code where the
logic for such an option could be inserted.
Cyrus / Info / seediscussions +participants +delivery options
Permalink
------------------------------------------
Cyrus: Info
Permalink: https://cyrus.topicbox.com/groups/info/Tae2b59346d586220-M62ac429cb936a42044a97b28
Delivery options: https://cyrus.topicbox.com/groups/info/subscription
