TWiki> Cyrus Web>CreateMailboxPermissionDenied (31 Aug 2005, TWikiGuest)EditAttach
Getting "createmailbox: Permission denied" errors when trying to create a mailbox?

If virtdomains is set to "yes" or "on," cyrus tries to do a reverse lookup in order to append a domain name to your username. You think you're connecting as cyrus, but you're really connecting as "cyrus@localhost" or possibly something else, depending on your DNS setup. Since cyrus is listed as an admin in imapd.conf but cyrus@localhost is not, you'll get permission denied errors.

The easy solution is to change virtdomains to "userid" - then cyrus won't append any domain to your username at all. Unfortunately this also means that your users will have to log in using their full email addresses, which isn't always desirable, especially if you are migrating a group of users over to cyrus. A better solution is to add cyrus@DOMAIN to your admins line.

On a related note, if you log in as cyrus@domain1.com and try to create a mailbox for user.foo@domain2.com, you will get an "Invalid mailbox name" error, as that user can only create mailboxes on its own domain. I haven't found a way to create a global administrator with virtdomains set to "on" because cyrus seems to always insist on automatically appending a domain name.

-- MikeNuss? - 25 Oct 2004

You can create global administrator. Extracted from cyrus-imapd documentation: The Cyrus virtual domains implementation supports per-domain administrators as well as "global" (inter-domain) administrators. Domain-specific administrators are specified with a fully qualified userid in the admins option (e.g. admin@example.net) and only have access to mailboxes in the associated domain. Mailbox names should be specified in the same fashion as on a single domain configuration.

Global administrators are specified with an unqualified userid in the admins option and have access to any mailbox on the server. Because global admins use unqualified userids, they belong to the defaultdomain. As a result, you can NOT have a global admin without specifying a defaultdomain. Note that when trying to login as a global admin to a multi-homed server from remote machine, it might be necessary to fully qualify the userid with the defaultdomain.

-- LLT - 23 Jan 2005

Edit | Attach | Print version | History: r29 < r28 < r27 < r26 < r25 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r29 - 31 Aug 2005 - 10:07:08 - TWikiGuest
 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback