Hi Sami,
Thank you for your reply.
yes you do need to define imapc_user if you want to switch user and master user
around for imapc. like:
imapc_user = authapps
imapc_master_user = %u
without imapc_user dovecot would login to the secondary server like A
bob.test*bob.test password
When I add the 'imapc_user = authapps' option to the primary instance
running on port 993, it passes the imapc_password as the password for
the master user. here is what the logs on the shared instance show when
I log into the primary instance:
2017-09-28 12:47:35.361064500 Sep 28 12:47:35 auth: Debug:
ldap(bob.test,192.168.120.70,master,<hU/PLUVavLbAqHhG>): Master user
lookup for login: authapps
2017-09-28 12:47:35.364892500 Sep 28 12:47:35 auth: Info:
ldap(bob.test,192.168.120.70,master,<hU/PLUVavLbAqHhG>): invalid
credentials (given password: XXXXXXXXX)
2017-09-28 12:47:37.367173500 Sep 28 12:47:37 auth: Debug: client passdb
out: FAIL 2 user=bob.test
The given password in the logs is the password supplied as imapc_password.
if I change the imapc_password to be that of the bob.test user, the
imapc login does succeed with bob.test as the master user.
I followed this before, and it seemed the solution was to set
imapc_password = %w
However, dovecot will not start with this configuration.
In Sven's email, he places the imapc_password = %w as a default_field in
the userdb on the primary instance. If I remove the default field, I
get the invalid credentials reported as above. However, I still think
this is correct way to pass %w, because if I remove 'imapc_user =
authapps' from the global config *and* 'imapc_password = %w' from the
default_fields in the userdb, the logs on the shared instance show that
the user password is not being passed in the imapc login:
2017-09-28 12:57:10.409884500 Sep 28 12:57:10 auth: Debug:
static(bob.test,192.168.120.70,<rvFSUEVaxLfAqHhG>): lookup
2017-09-28 12:57:10.409903500 Sep 28 12:57:10 auth: Debug:
static(bob.test,192.168.120.70,<rvFSUEVaxLfAqHhG>): username changed
bob.test -> authapps
2017-09-28 12:57:10.409905500 Sep 28 12:57:10 auth: Info:
static(authapps,192.168.120.70,<rvFSUEVaxLfAqHhG>): No password returned
(and no nopassword)
2017-09-28 12:57:12.412437500 Sep 28 12:57:12 auth: Debug: client passdb
out: FAIL 11 user=authapps original_user=bob.test
so maybe I am not passing the %w in the correct spot?
truly appreciate you taking a look at this, thank you.
passdb {
args = user=authapps password=XXXXXXXXXX
driver = static
}
This is probably correct except that now user authapps can also login directly
with password XXXXXXXXXX without master user login.
Which is probably OK as long as the password is kept secret
Once I get the imapc master user sorted out, I will play with the config
to see what I can trim, but as of now, dropping just the password, or
the entire args line, also causes the imapc login to fail...
truly appreciate you taking a look at this, thank you.
Sami
