[Dovecot] How to use Master Users.
Hi. I'm testing out the new 'master users' feature, and I'm not having any luck getting it to work. Anyone out there using it yet?
Here's what I have so far:
dovecot.conf:
auth_master_user_separator = *
auth default {
passdb passwd-file { # Master users that can login as anyone else args = /etc/dovecot/dovecot.masterusers master = yes pass = yes }
# LDAP database passdb ldap { args = /etc/dovecot/dovecot-ldap.conf }
... ... }
dovecot.masterusers:
testuser:{plain}testpass
# telnet localhost imap Trying 127.0.0.1... Connected to localhost. Escape character is '^]'.
- OK IMAP server ready. 1 login realuser*testuser "testpass" 1 NO Authentication failed.
As you can see I get authentication failed. The log shows it fails for the 'realuser' that exists in ldap. Any ideas out there? I have the 'testuser' also setup in /etc/passwd.
Thanks Adam
I got it to work! I'll explain how in case anyone else is interested:
First, the documentation is wrong about the username format. The config file documentation said <username><separator><master username>, but I had to reverse that to <master username><separator><username>.
Second, I had some extra passdb lines that worked before, but once I turned on master=yes, they broke Dovecot. Before, right after my LDAP passdb line, I had:
passdb passwd { }
passdb shadow { }
userdb passwd ( }
...because I wanted to first check LDAP, and if a user wasn't found, check the local system users as well. But I think the problem was I have the system setup to use LDAP nameservices as well, so maybe it was complaining about me having two LDAP queries? I don't know. It used to work fine until I threw in the master user option. So, I replaced the above with:
passdb passwd-file { args = /etc/shadow }
userdb passwd-file { args = /etc/passwd }
...and everything worked. That's probably better anyway. The above still loads my local user accounts, after first checking LDAP, and allows master users.
# telnet localhost imap Trying 127.0.0.1... Connected to localhost. Escape character is '^]'.
- OK IMAP server ready. 1 login testuser*realuser "testpass" 1 OK Logged in.
~Adam
On Mon, 3 Apr 2006, Adam M. Dunn wrote:
Hi. I'm testing out the new 'master users' feature, and I'm not having any luck getting it to work. Anyone out there using it yet?
Here's what I have so far:
dovecot.conf:
auth_master_user_separator = *
auth default {
passdb passwd-file { # Master users that can login as anyone else args = /etc/dovecot/dovecot.masterusers master = yes pass = yes }
# LDAP database passdb ldap { args = /etc/dovecot/dovecot-ldap.conf }
... ... }
dovecot.masterusers:
testuser:{plain}testpass
# telnet localhost imap Trying 127.0.0.1... Connected to localhost. Escape character is '^]'.
- OK IMAP server ready. 1 login realuser*testuser "testpass" 1 NO Authentication failed.
As you can see I get authentication failed. The log shows it fails for the 'realuser' that exists in ldap. Any ideas out there? I have the 'testuser' also setup in /etc/passwd.
Thanks Adam
I had a few minutes to spare, so I added my findings to the wiki under the MasterPassword page. I couldn't find the Wiki rules, and it allowed me to make changes, so I assumed the Wiki is fully public. Timo: If I overstepped my boundries and shouldn't have done that, my appologies, and please feel free to revert my changes. Also, If I got anything wrong please feel free to fix it. I also didn't test the SASL stuff, so that's open to someone else to try and post.
Hope that helps others.
~Adam
On Tue, 4 Apr 2006, Kenneth Porter wrote:
On Monday, April 03, 2006 3:59 PM -0500 "Adam M. Dunn" <adunn@hgsc.bcm.tmc.edu> wrote:
I got it to work! I'll explain how in case anyone else is interested:
Sounds like a good item for the wiki. Thanks for the R&D to get it working.
On Mon, 2006-04-03 at 15:59 -0500, Adam M. Dunn wrote:
I got it to work! I'll explain how in case anyone else is interested:
First, the documentation is wrong about the username format. The config file documentation said <username><separator><master username>, but I had to reverse that to <master username><separator><username>.
For beta6 I changed the code to match the order in dovecot-example.conf. This is because the intended order was UW-IMAP compatible, and there aren't many people yet using master users in Dovecot so I think it's still safe to change. :)
participants (3)
-
Adam M. Dunn
-
Kenneth Porter
-
Timo Sirainen