Hi Sami,
Thank you for your reply.
yes you do need to define imapc_user if you want to switch user and master user around for imapc. like:
imapc_user = authapps imapc_master_user = %u
without imapc_user dovecot would login to the secondary server like A bob.test*bob.test password
When I add the 'imapc_user = authapps' option to the primary instance running on port 993, it passes the imapc_password as the password for the master user. here is what the logs on the shared instance show when I log into the primary instance:
2017-09-28 12:47:35.361064500 Sep 28 12:47:35 auth: Debug: ldap(bob.test,192.168.120.70,master,<hU/PLUVavLbAqHhG>): Master user lookup for login: authapps 2017-09-28 12:47:35.364892500 Sep 28 12:47:35 auth: Info: ldap(bob.test,192.168.120.70,master,<hU/PLUVavLbAqHhG>): invalid credentials (given password: XXXXXXXXX) 2017-09-28 12:47:37.367173500 Sep 28 12:47:37 auth: Debug: client passdb out: FAIL 2 user=bob.test
The given password in the logs is the password supplied as imapc_password.
if I change the imapc_password to be that of the bob.test user, the imapc login does succeed with bob.test as the master user.
I followed this before, and it seemed the solution was to set
imapc_password = %w
However, dovecot will not start with this configuration.
In Sven's email, he places the imapc_password = %w as a default_field in the userdb on the primary instance. If I remove the default field, I get the invalid credentials reported as above. However, I still think this is correct way to pass %w, because if I remove 'imapc_user = authapps' from the global config *and* 'imapc_password = %w' from the default_fields in the userdb, the logs on the shared instance show that the user password is not being passed in the imapc login:
2017-09-28 12:57:10.409884500 Sep 28 12:57:10 auth: Debug: static(bob.test,192.168.120.70,<rvFSUEVaxLfAqHhG>): lookup 2017-09-28 12:57:10.409903500 Sep 28 12:57:10 auth: Debug: static(bob.test,192.168.120.70,<rvFSUEVaxLfAqHhG>): username changed bob.test -> authapps 2017-09-28 12:57:10.409905500 Sep 28 12:57:10 auth: Info: static(authapps,192.168.120.70,<rvFSUEVaxLfAqHhG>): No password returned (and no nopassword) 2017-09-28 12:57:12.412437500 Sep 28 12:57:12 auth: Debug: client passdb out: FAIL 11 user=authapps original_user=bob.test
so maybe I am not passing the %w in the correct spot?
truly appreciate you taking a look at this, thank you.
passdb { args = user=authapps password=XXXXXXXXXX driver = static }
This is probably correct except that now user authapps can also login directly with password XXXXXXXXXX without master user login. Which is probably OK as long as the password is kept secret
Once I get the imapc master user sorted out, I will play with the config to see what I can trim, but as of now, dropping just the password, or the entire args line, also causes the imapc login to fail...
truly appreciate you taking a look at this, thank you.
Sami