From: John C. Amodeo (no email)
Date: Wed Jun 01 2005 - 16:29:23 EDT
Tim,
The thought has crossed my mind several times. I see 2 problems with
this approach:
1) We already have some active users on the new infrastructure, as well
as several thousand on the old. Users in both infrastructures would be
blocked from accessing mail during the transfer period.
2) Since we have close to 200GB of mail spool, and judging from the
speed of the imap-->imap transfer, this migration is likely to take
several days. (which is obviously unacceptable)
My thought was to come as close as possible to a rolling migration -
bring both infrastructures "up to sync" with each other (which could
happen in the background over the course of a few days), cut over DNS
entries in the middle of the night, and then sync one last time... I
envision the equivalent of a manual replication / failover situation, if
that makes any sense...
I'm hoping I can do this with minimal downtime (maybe an hour or two...)
-John
Tim Pushor wrote:
> How about backing up the ldap directory, resetting the passwords to a
> known (to you) password, do the transition, and restore the directory?
>
> If thats not possible, how about setting up a new temporary directory
> with your user accounts and the known password, temporarily point
> cyrus to it until after the transition, then point it back?
>
> Thanks,
> Tim
>
> John C. Amodeo wrote:
>
>> I've been researching a way to proxy as another user for 2 days
>> without luck. It seems that Cyrus/SASL has the ability to take a
>> proxy command, but I cannot find any feasible application of it. I
>> need help.
>>
>> Here's the situation:
>>
>> I need to migrate 4 legacy Cyrus 2.0.17 servers to a new Cyrus 2.1.15
>> server. For multiple reasons, I would rather perform the migration
>> via imap using a sync utility like imapsync (or the equivalent)
>> rather than trying to merge the 4 servers through a manual upgrade /
>> reconstruct.
>>
>> I need to be able to "login" as a normal user, say Bob Smith, as the
>> Cyrus superuser using Cyrus's credentials. If not, it will be a
>> nightmare (and a bad practice) to collect my user's id's and
>> passwords to run the conversion... I would love to work in batch
>> mode where I would only need to supply userid (of the user) and then
>> the cyrus super account credentials (or equivalent...)
>>
>> I'm reading all over the place about the difference between authcid
>> and authzid, proxyservers: cyrus, etc. etc. but can't find any true
>> application for how this might work in real life. I've tried every
>> manageable combination of command line arguments with imtest to no
>> avail...
>>
>> Both my 2.0.16 boxes and my 2.1.15 box authenticate against a central
>> LDAP directory using sasl_mech_list: PLAIN.
>>
>> Does anyone have any ideas or suggestions? I really want to avoid
>> hacking the SASL code to take a "master" password for any user.
>>
>> Thanks in advance.
>>
>> -John
>>
-- ______________________________________________________________ John C. Amodeo :: Associate Director of Information Technology Faculty of Arts and Sciences Rutgers, The State University of New Jersey Voice: 732.932.9455 Fax: 732.932.0013 --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
|
|
|