Announcement

Collapse
No announcement yet.

Virtual domains

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Virtual domains

    I installed OX on Centos 5, with cyrus, mysql and sendmail. I have pam with mysql working. Cyrus works with virtualdomains set to yes, but it is not clear how to set up open exchange to login with virtual domains.

    Did I miss something on the configuration of OX?

  • #2
    Hi,

    to understand your problem better, please describe what you are aiming for, how the system should look after it is done. Basically OX does not care about the domain backend and E-Mail specific stuff, we're acting like a smtp/imap client in many ways.

    Greetings

    Comment


    • #3
      The question is realated to same user name in two different domains. For instance if I have john@domain1.com and john@domain2.com, while these are two different people the username is the same.

      The current OX that I have working without virtual domains, the username is john. When I add virtual domains, then I have two john usernames but are actually two different users. How would I change the login at OX to john@domain1.com to authenticate in place of the username john how it authenticates now. Do I just change my OX account creation to have the john@domain1.com as the username?

      Comment


      • #4
        Hi,

        this can be done by using contexts. A context is a separate area in which users, resources, groups exist. One OX Server can manage a unlimited amount of contexts so you can have "john" in context 1 as well as a "john" in context 2. Please read the documentation at http://www.open-xchange.com/oxpedia#DocsAndExamples to get a better understanding of what contexts are. However - typically you have the login look like a E-Mail address with that virtual domain. Instead of using a login like john@1, john@2 (where the number is the context identifier), loginmappings can be set for each context leading to a login like john@company1.com, john@freemail.net. In the end, you just need to configure different E-Mail accounts for both "john" users at the different contexts.

        Greetings

        Comment


        • #5
          Thanks I was able to create a context and login as user@mydomain.com.

          /opt/open-xchange/sbin/createuser -c 2 -A myoxadmin -P xxx -u myuser \
          -d "My Test User" -g Test -s User -p xxx -e myuser@mydomain.com \
          --imaplogin myuser --imapserver 127.0.0.1 --smtpserver 127.0.0.1

          My only problem now is I get sslauthd errors when trying to autheticate to cyrus. I added the -r flag to saslauthd and log file indicates it is passing the realm. Is there another change that needs to be made for authentication?

          Dec 29 14:51:56 popmail saslauthd[30182]: do_auth : auth failure: [user=myuser@mydomain.com] [service=pop] [realm=mydomain.com] [mech=pam] [reason=PAM auth error]

          Comment


          • #6
            Sorry wanted to start with:
            I was able to create a context and login as myuser@mydomain.com

            Comment


            • #7
              I further found that it mght be related to pam_mysql. Each context builds a new database. The pam_mysql only selects from one database. My default database is oxdatabase_6. My context 2 database is oxdatabase_6_9. Is there a way to configure pam_mysql to select from multiple databases?

              /etc/pam.d/imap , pop, sieve, smtp

              auth optional pam_mysql.so host=/var/run/mysqld/mysqld.sock user=openexchange passwd=xxx db=oxdatabase_6 [table=login2user LEFT JOIN user ON login2user.id=user.id AND login2user.cid=user.cid] [where=user.cid=1] usercolumn=login2user.uid passwdcolumn=user.userPassword crypt=1

              account required pam_mysql.so host=/var/run/mysqld/mysqld.sock user=openexchange passwd=xxx db=oxdatabase_6 [table=login2user LEFT JOIN user ON login2user.id=user.id AND login2user.cid=user.cid] [where=user.cid=1] usercolumn=login2user.uid passwdcolumn=user.userPassword crypt=1

              Comment


              • #8
                Why is your OX building a new database schema per context? Did you set a maxctx size of 1 for the registerdatabase command? It is not required to set up a new db for each context, having 200-1000 contexts in one database is okay depending on the setup.

                Greetings

                Comment


                • #9
                  Thank you for the response. There was nothing specific in the setup instructions regarding maxctx.

                  I looked in the installtion document and did not find any details regarding setting the maxctx. Is that to mean that all contexts will be in the same database?

                  Could you explain how that setting is changed. Will I need to delete the installtion and start over with the maxctx changed?

                  Comment


                  • #10
                    From the installtion guide here is the command:

                    /opt/open-xchange/sbin/registerdatabase -A oxadminmaster -P admin_master_password \
                    -n oxdatabase -p db_password -m true

                    I found the database created during install and registered it. It was oxdatabase_6. I also used oxadminmaster and my password.

                    Comment


                    • #11
                      Ok, I rebuilt the server. Now the users show up in a database. It is called oxdatabase_6. When I set the maxctx to 1 it could not create the second context. However when I increased it again, the users now show in the single database oxdatabase_6. Is tehre something wrong with my db gen?

                      Here is the list database command:
                      /opt/open-xchange/sbin/listdatabase -A oxadminmaster -P xxxx id name hostname master mid weight maxctx curctx hlimit max inital
                      4 oxdatabase localhost true 0 100 1000 2 false 100 2


                      When I log into mysql here is what I get with show databases:

                      show databases;
                      +--------------------+
                      | Database |
                      +--------------------+
                      | information_schema |
                      | configdb |
                      | mysql |
                      | oxdatabase_6 |
                      | test |
                      +--------------------+

                      All the users now show up in oxdatabase_6.

                      However the pam_mysql now fails as it is looking for cid = 1. My contexts (cid) are 2 and 3.

                      It would seem that I need to pass the realm in somehow to get multiple domains to authenticate to mysql.

                      Comment


                      • #12
                        I made substantial progress on the virtual implementation with cyrus, mysql and sendmail.

                        Since each of my virtual domains would have a unique imapLogin value, I chose to use that to find the password. I changed the /etc/pam.d/imap , pop and sieve to the following 2 lines:

                        auth optional pam_mysql.so host=/var/lib/mysql/mysql.sock verbose=1 user=openexchange passwd=xxxx db=oxdatabase_6 [table=user] usercolumn=imapLogin passwdcolumn=userPassword crypt=1

                        account required pam_mysql.so host=/var/lib/mysql/mysql.sock verbose=1 user=openexchange passwd=xxxx db=oxdatabase_6 [table=user] usercolumn=imapLogin passwdcolumn=userPassword crypt=1

                        I now get unique and reliable logins to the imap server.

                        I had to modify the cyrusv2.m4 file for delivery my sendmail form:
                        S=EnvFromSMTP/HdrFromL, R=EnvToL/HdrToL, E=\r\n,
                        to
                        S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n,

                        I can now deliver mail to each of the virtual domains.

                        It would appear that the only problem I have left is the sieve login. There is an error when logging inot the sieve server. It seems as though the sieve sever authentication gets the defualtdomain appended to it, instead of the virtual domain.

                        Comment


                        • #13
                          It looks like I have a working installation now with virtual domains, pam_mysql, sendmail and cyrus.

                          I change the a property in /opt/open-xchange/etc/groupware/mailfilter.properties

                          From
                          SIEVE_CREDSRC=session
                          To
                          SIEVE_CREDSRC=imapLogin

                          The imapLogin is the same proeprty I use to authenticate for password. I no longer get the sieve errors on login

                          Thank you for your asssitance.

                          Comment

                          Working...
                          X