login to imapd with local username is killing me

Gavin McCullagh gavin.mccullagh at gcd.ie
Sun Aug 1 12:35:51 CEST 2010


On Sun, 01 Aug 2010, Gavin McCullagh wrote:

> having finally migrated to our new kolab setup and had to change everyone's
> username from <username> to <username>@<domain>, I'm not getting lots of
> confused users who are not following instructions and persisting with the
> old <username>.  
> They _should_ be unable to login.  Instead, they login, see no email and
> presume we've lost all of their email in the transition.  This is described
> in issue2869:
> 	https://issues.kolab.org/issue2869
> Can anyone think of a workaround to block people from logging in with the
> local username?  This is really causing us a lot of problems.

Okay, I've found what appears to be a reasonable workaround.  I've modified
/kolab/etc/kolab/templates/saslauthd.conf.template, as follows:

  # Avoid the "Domain/Realm not available" error message
  # ldap_default_realm: @@@postfix-mydomain@@@
  ldap_default_realm: xxx.ie

so that the ldap_default_realm is not set to any of our domains.  The
result of this seems to be what I want, people must use the full username
including domain _or_ they get a failed login.

Is there something that I'm missing here?  Will this have some nasty side
effect that I don't yet see?

Would this suggest a solution to issue2869?


More information about the users mailing list