Dovecot on a Backup Domain Controller - no mailboxes?

UCS - Univention Corporate Server
#1

Good evening,

it is out intention to replace an old piece of hardware running UCS 4.3 including Dovecot.
Therefore we successfully configured a new server as backup domain controller including Dovecot, too.
The problem now is, that within the domain the first server is defined a primary mailserver, which is also true for the BDC and that means, that access to Dovecot on the BDC is not possible.
We want to use imapsync to copy the emails from PDC to BDC, but login on the BDC fails for the mentioned reason. How can we have active user account on both Dovecot installations?

Thanks for any help/hints in advance.

Regards,

Stefan

#2

Hello,

the IMAP server should be working. It may not be receiving emails from Postfix, because the old server is set as mailHomeServer for users. But access to the still empty mailboxes should be possible. Please try:

fetchmail --verbose --check --nodetach --protocol IMAP --all --keep --username <email@dom.ain> <server>

That should succeed for both servers.

If there is a problem, try raising Dovecots loglevel:

ucr set mail/dovecot/logging/auth_debug=yes mail/dovecot/logging/auth_verbose=yes mail/dovecot/logging/mail_debug=yes
service dovecot restart

Then retry the connection and observe /var/log/dovecot.log.

Greetings
Daniel

#3

Hello Daniel,

I have raised the loglevel and here is the output:

Nov 13 16:48:10 dellsrv2 dovecot: auth: Debug: client passdb out: FAIL#0111#011user=in-put@xxxxxconsult.net#011temp
Nov 13 16:48:10 dellsrv2 dovecot: auth: Debug: client in: AUTH#0112#011LOGIN#011service=imap#011secured#011session=H8F3vo16seTAqAJb#011lip=192.168.2.93#011rip=192.168.2.91#011lport=143#011rport=58545
Nov 13 16:48:14 dellsrv2 dovecot: auth: Debug: client passdb out: CONT#0112#011VXNlcm5hbWU6
Nov 13 16:48:14 dellsrv2 dovecot: auth: Debug: client in: CONT<hidden>
Nov 13 16:48:14 dellsrv2 dovecot: auth: Debug: client passdb out: CONT#0112#011UGFzc3dvcmQ6
Nov 13 16:48:14 dellsrv2 dovecot: auth: Debug: client in: CONT<hidden>
Nov 13 16:48:14 dellsrv2 dovecot: auth: Debug: pam(in-put@xxxxxxconsult.net,192.168.2.91,<H8F3vo16seTAqAJb>): cache miss
Nov 13 16:48:14 dellsrv2 dovecot: auth-worker(139955): Debug: pam(in-put@xxxxconsult.net,192.168.2.91,<H8F3vo16seTAqAJb>): lookup service=dovecot

192.168.2.91 is the old server and 192.168.2.93 the new UCS. I have tested it three times and the credentials are valid to log into the local samba server.

Thanks for your help,

Stefan

#4

Sorry - I cannot see the problem from that log output.
If I understand correctly it works with:

fetchmail --verbose --check --nodetach --protocol IMAP --all --keep --username in-put@xxxxxxconsult.net 192.168.2.91

And doesn’t work with:

fetchmail --verbose --check --nodetach --protocol IMAP --all --keep --username in-put@xxxxxxconsult.net 192.168.2.93

Correct?

Authentication is done through PAM. I suggest to compare the /etc/dovecot directories of both servers and /etc/pam.d/dovecot. They should be the same.

#5

Hi,

I was able to solve it.

For whatever reason, the pam configuration contained the wrong ldap server to contact.

But even after I changed this, I still received an error, because dovecot-ldap.conf.ext on the BDC is configured to look for accounts for which the BDC is the primary mailserver:

user_filter = (&(|(objectClass=univentionMail)(objectClass=univentionMailSharedFolder))(|(!(univentionMailHomeServer=))(univentionMailHomeServer=dellsrv2.xxxxxconsult.net))(|(mailPrimaryAddress=%Lu)(uid=%u)))
iterate_filter = (&(objectClass=univentionMail)(|(!(univentionMailHomeServer=))(univentionMailHomeServer=dellsrv2.xxxxxconsult.net))(mailPrimaryAddress=*))

After I change dellsrv2.xxxxxconsult.net to dellsrv.xxxxxconsult.net the login was successful.

Thank you for your help,

Stefan

Mastodon