Problem
If OX is configured to use SAML, it is required to use the master user dovecotadmin together with the mailPrimaryAddress as imaplogin to read and write mails. A new OX-user with mailPrimaryAddress example@domain.intranet thus should have the imaplogin example@domain.intranet*dovecotadmin.
When creating a new OX-user, the listener ox-user.py uses the mailPrimaryAddress as imaplogin.
Bug fix #50725, introduced in OX App Suite (7.10.3-ucs1), added an UCR-variable ox/listener/imaplogin_value which enables your system to use the dovecotadmin acount for all users. The syntax also enables the use of alternative schemes like ‘dovecotadmin*{}’. The curly braces will be replaced with the mailPrimaryAddress of the UCS user.
After setting the variable, the listener has to be restarted:
ucr set ox/listener/imaplogin_value='{}*dovecotadmin'
service univention-directory-listener crestart
The implemented solution has no effect on users, which are already present at this point.
Solution
To set the imaplogin of existing users, you can run one of the solutions described in the following sections. To check if the modification were successful, compare the number of OX-users with the output below. Depending on your context, the password file has to be changed.
/opt/open-xchange/sbin/listuser -c 10 -A oxadmin -P "$(</etc/ox-secrets/context10.secret)" --csv | grep '*dovecotadmin' -o | wc -l
Resync all OX-users and -groups
The easiest way to resync all OX-users and -groups is to use the univention-directory-listener-ctrl . Depending on the amount of users, this will take some time. The process will run in the background until it’s completed.
univention-directory-listener-ctrl resync ox-user
Open-XChange changeuser
Alternatively, the users can be modified separately using the changeuser tool provided by the OX Appsuite. To achieve the same result as above, you can write a for-loop, which iterates over a list of pairs with (username, mailPrimaryAddress).
/opt/open-xchange/sbin/changeuser -c 10 -A oxadmin -P "$(</etc/ox-secrets/context10.secret)" -u username --imaplogin example@domain.intranet*dovecotadmin
Using SQL
The local database can also be updated using SQL. Depending on your system, the database has to be adjusted. Univention does not support this. When choosing this option, it is highly encouraged to make a backup beforehand.
mysql --password="$(cat /etc/mysql.secret)"
use localhost_5;
UPDATE user SET imaplogin=CONCAT(imaplogin,'*dovecotadmin') WHERE imaplogin NOT LIKE '%*dovecotadmin';
UPDATE user_mail_account SET login=CONCAT(login,'*dovecotadmin') WHERE login NOT LIKE '%*dovecotadmin';
exit;