I got it to work! I'll explain how in case anyone else is interested:
First, the documentation is wrong about the username format. The config file documentation said <username><separator><master username>, but I had to reverse that to <master username><separator><username>.
Second, I had some extra passdb lines that worked before, but once I turned on master=yes, they broke Dovecot. Before, right after my LDAP passdb line, I had:
passdb passwd { }
passdb shadow { }
userdb passwd ( }
...because I wanted to first check LDAP, and if a user wasn't found, check the local system users as well. But I think the problem was I have the system setup to use LDAP nameservices as well, so maybe it was complaining about me having two LDAP queries? I don't know. It used to work fine until I threw in the master user option. So, I replaced the above with:
passdb passwd-file { args = /etc/shadow }
userdb passwd-file { args = /etc/passwd }
...and everything worked. That's probably better anyway. The above still loads my local user accounts, after first checking LDAP, and allows master users.
# telnet localhost imap Trying 127.0.0.1... Connected to localhost. Escape character is '^]'.
- OK IMAP server ready. 1 login testuser*realuser "testpass" 1 OK Logged in.
~Adam
On Mon, 3 Apr 2006, Adam M. Dunn wrote:
Hi. I'm testing out the new 'master users' feature, and I'm not having any luck getting it to work. Anyone out there using it yet?
Here's what I have so far:
dovecot.conf:
auth_master_user_separator = *
auth default {
passdb passwd-file { # Master users that can login as anyone else args = /etc/dovecot/dovecot.masterusers master = yes pass = yes }
# LDAP database passdb ldap { args = /etc/dovecot/dovecot-ldap.conf }
... ... }
dovecot.masterusers:
testuser:{plain}testpass
# telnet localhost imap Trying 127.0.0.1... Connected to localhost. Escape character is '^]'.
- OK IMAP server ready. 1 login realuser*testuser "testpass" 1 NO Authentication failed.
As you can see I get authentication failed. The log shows it fails for the 'realuser' that exists in ldap. Any ideas out there? I have the 'testuser' also setup in /etc/passwd.
Thanks Adam