Welcome, if you would like to post a comment please register.
We also encourage you to explore all things Zimbra with our team and members of the community.
I want to migrate my users from cyrus to ZCS. The useraccount's are stored with as md5 in the mysql (pam_mysql).
I found a small article how to implement the migration with a 3rd authentication store with imapsync on User Migration - Zimbra :: Wiki. IMHO there i have to set new account passwords for my users.
Do anyone see a possibity how to move the users without resetting the useraccount passwords?!
You can create a Cyrus account and add it to the admins section of imapd.conf, then you can use that account as authuser1 in imapsync for all the accounts to migrate
Thanks anteos for your idears! If this is working, it would mean, that id don't need the passwords for the useraccounts at source cyrus server.
I wonder if it is possible not to change the passwords for the user. So this is a little bit off-topic - the main question is how to migrate the md5 passwords from mysql into the openldap of zimbra.
"md5" could mean different things. If they look like $1$f98sahyp98fhsaf98hwa then you have something that could be shoved directly into zimbra's openldap with syntax userPassword: {CRYPT}$1$f98sahyp98fhsaf98hwa. Or if you're lucky then you might be able to use the {MD5} scheme.
Worst case, you have the source, and you have a place to inject PAM modules. Even if you're not a programmer, you can abuse pam_script to temporarily grab you user passwords and feed them to slappasswd or zmprov setPassword.
ok, i think i've got it. Sorry for some wrong information, but i rechecked an noticed that the passwords are not md5, but crypt.
So i taked the crypted passwords and insert them via ldap browser into the user attribute in zcs openldap. this works for me - now i only have to sync the passwords via script - but this should be no problem!
i recognized that i have to "zmcontrol stop && zmcontrol start" after changeing the user attribute. is there a shorter way?!
I'm surprised. Even if Zimbra's mailboxd and/or saslauthd caches password hashes, I'd expect it to double-check LDAP directly on failure.
You can run ~zimbra/bin/ldap or ~zimbra/bin/zmmailboxdctl to restart just those services without also restarting the MTA (postfix/clamav/amavisd), but since mailboxd takes the longest, this wouldn't be a very big win.
Bugzilla
Wiki
Source
migration from cyrus with encrypted password? 
Linear Mode
