[SOLVED] Migrate from postfix/Maildir/OpenBSD to Zimbra 5.0.21/CentOS5 - no passwords

[blueflametuna]

I reversed the order of the entries in the config:

auth_master_user_separator = *

auth default {
mechanisms = plain

passdb passwd-file {
args = /etc/passwd.masterusers
master = yes
pass = yes
}

passdb passwd {
}

userdb passwd {
}

userdb passwd {
}

user = root
}

- - -
And now it works:

myhost# telnet localhost 143
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK
1 login user1*masteruser masterpasswd
1 OK Logged in.
1 logout
* BYE Logging out
1 OK Logout completed.

---

Now I can actually begin the migration using imapsync.

Thanks for your help!

[blueflametuna]

Some good news...
Ran my first test migration:

imapsync --buffersize 8192000 --nosyncacls --subscribe --syncinternaldates --host1 mail.example.com --host2 mail.newserver.com --user1 testuser --authuser1 testuser\*masteruser --passfile1 pass1 --authmech1 PLAIN --user2 testuser@newserver.com --passfile2 pass2 --authmech2 PLAIN

. . .

+ NO msg #1485 [Y5UUNGkWRE44CtGtfrmjKA:9715] in INBOX
+ Copying msg #1485:9715 to folder INBOX
flags from: []["28-Sep-2009 07:22:16 -0700"]
Copied msg id [1485] to folder INBOX msg id [1754]
Time: 361 s
++++ End looping on each folder ++++
++++ Statistics ++++
Time : 384 sec
Messages transferred : 1485
Messages skipped : 0
Total bytes transferred: 7918144
Total bytes skipped : 0
Total bytes error : 0
Detected 0 errors


The bad news is that nearly all 1485 messages migrated were
SPAM SPAM SPAM SPAM SPAM SPAM SPAM SPAM

That's one of the reasons for going to the new Zimbra server:
spamassassin, clamav, RBLs, etc.

Well, that's proof of concept. I can get there from here now.
Just need to make a list of current users, clean up the junk, create the new accounts, and run them through the script.

Thanks again for all the help.

[blueflametuna]

Sad news to report. The master user did not work.
I had been testing on an account whose password was known.

I just tried it on a different account, and it:

Error login: [mail.mynetwork.com] with user [test2] auth [PLAIN]: 2 NO Authentication failed.

[Matuscak]

In your previous message you show the imapsync command with "--authuser1 testuser\*masteruser". In my experience, what should go there is just the
Master User ID that you created, eg: "--authuser1 masteruser".

FWIW, I've also never used the --passfile options. I just specified the passwords on the command line.

For debugging authentication in Dovecot there are some additional logging options you can configure:

auth_verbose = yes
auth_debug = yes
auth_debug_passwords = yes

See if that gives some hints as to what authentication is being used.

[blueflametuna]

I removed the line:

pass = yes

from the dovecot.conf file, and now it is working as advertised.

The description in the Authentication/MasterUsers - Dovecot Wiki
wasn't very clear, but since it was mentioned, it was worth a try.

[blueflametuna]

You mentioned:

You can create an admin account in Zimbra to do the same thing there.

How does MasterUser/Password work on the Zimbra side?

Many of the user passwords have been changed on the Zimbra side,
and I want to re-sync the email one more time before the cut-over.
But I am getting the following error in imapsync now:

auth [PLAIN]: 2 NO AUTHENTICATE failed

I would like to use the admin login for each user, if possible.

[Matuscak]

How does MasterUser/Password work on the Zimbra side? ...
I would like to use the admin login for each user, if possible.

Sure. Zimbra is set up with the equivalent of the Dovecot master user right out of the box. You need to specify a Zimbra administrator account with "--authuser2" and "--password2". It looks like the account we used for the conversion is set up as a "Global Administrator". Off the top of my head, I don't recall what the difference between that and a "Administrator" is.

I noticed that one difference from the script fragment I posted here and what you posted a bit later was you didn't include the "-ssl2" switch.

[blueflametuna]

Tried using an admin user on host2 (zimbra). Still not authenticating.

/usr/bin/imapsync --buffersize 8192000 --nosyncacls --subscribe --syncinternaldates --host1 mail.mynetwork.com --host2 zimbra.migratedomain.com --user1 someuser --authuser1 someuser\*master --passfile1 pass1 --authmech1 PLAIN --user2 someuser@migratedomain.com --authuser2 adminuser --passfile2 passadmin --authmech2 PLAIN

Looks like it is still trying to authenticate with the --user2 rather than --authuser2

[blueflametuna]

The --authuser2 is working. I had just not specified the correct admin account.

Very cool.

Cutover is tonight.

Thanks again!