Multi-domain, can't login to second domain with uid

Honza Burian burian.honza at gmail.com
Mon Oct 27 11:16:57 CET 2014 

Hi Torsten,

thanks for your reaction. Ok, I see what do you mean.
I thought that this is possible of course only if uid is unique trough
all of the domains. But this is not possible, right?

One more point.
When I login with <uid> only, then the ldap bind look like this (from
dirsrv/acces log):
SRCH base="ou=People,dc=firstdomain,dc=tld" scope=2
filter="(&(objectClass=inetorgperson)(|(uid=<uid>)(mail=<uid>@firstdomain.tld)(alias=<uid>@firstdomain.tld)))"
attrs="displayName mail alias nsRoleDN uid"

But when I login with <uid>@seconddomain.tld then ldap bind is like this:
SRCH base="ou=People,dc=seconddomain,dc=tld" scope=2
filter="(&(objectClass=inetorgperson)(|(uid=<uid>)(mail=<uid>@seconddomain.tld)(alias=<uid>@seconddomain.tld)))"
attrs="displayName mail alias nsRoleDN
uid"
And there is also second bind which correspond with ldap_filter
settings in /etc/imapd.conf:
SRCH base="dc=seconddomain,dc=tld" scope=2
filter="(|(&(|(uid=cyrus-admin)(uid=cyrus-murder))(uid=<uid>))(&(|(uid=<uid>)(mail=<uid>@seconddomain.tld)(mail=<uid>@))(objectClass=kolabinetorgperson))
)" attrs="1.1"

Is that correct?

I think that yesterday I saw in the log file in the second case
something like:
(|(uid=<uid>@seconddomain.tld)(mail=<uid>@seconddomain.tld at seconddomain.tld)(mail=<uid>@seconddomain.tld))
But I'm not sure. And also when I try to change config files to use
only uid for the second domain I probably do something bad, because
then I login trough imap / web client and I didn't saw any folders
with error that mailbox doesn't exist. So probably I something
misconfigured. So then I overwrite all changed config files from
backup.

Regards John

On 26 October 2014 23:33, Torsten Grote <torsten at kolab.org> wrote:
> Hi Honza,
>
> On 10/27/2014 05:04 AM, Honza Burian wrote:
>> All seems to work good except I can't login to second domain with uid only.
>> To my first primary domain I can login using uid or mail or alias.
>> Where can be problem?
>
> I think it works as expected, as it is only possible to use uid only
> login for one domain. Let's say you have 100 domains, should Kolab try
> to see if the UID matches all of them? What if two UIDs for different
> users exist in different domains?
>
> Kind Regards,
> Torsten
>
> --
> Torsten Grote
> Kolab.org Community Manager
>
> e: torsten at kolab.org
> w: https://Kolab.org
>
> pgp: 0x2175A534A4F2EFA3
>
>
> _______________________________________________
> users mailing list
> users at lists.kolab.org
> https://lists.kolab.org/mailman/listinfo/users

More information about the users mailing list