dovecot - Mar 2011 - Master user creds for proxy stored statically/locally?

I have successfully set up the master user on the destination server
(2.0.11) and tests have worked. now I'm working on the proxy
Before I had the proxy just forward everything to the backend and had the
destination server do the authentication.

My authentication is done via LDAP but not really sure how to append the
master user and password to the users credentials after authentication is
done.
id rather not have the master user/pass in each users ldap entry and
returned after doing a lookup or add a destuser field for each user...
basically i prefer not having to add any new attributes to LDAP

Can the information be stored locally in a file on the proxy? do i just make
the same master user file that I have on the backend?

Thanks!

On Sun, Mar 13, 2011 at 03:26:58PM -0400, Edward Carraro
wrote:
> I have successfully set up the master user on the destination server
> (2.0.11) and tests have worked. now I'm working on the proxy
> Before I had the proxy just forward everything to the backend and had the
> destination server do the authentication.
> 
> My authentication is done via LDAP but not really sure how to append the
> master user and password to the users credentials after authentication is
> done.
You should not save the master users credentials with the mail user
credentials. Instead you should use a dedicated userdb and passdb.

For further reference have a look at
http://wiki2.dovecot.org/Authentication/MasterUsers.
> id rather not have the master user/pass in each users ldap entry and
> returned after doing a lookup or add a destuser field for each user...
> basically i prefer not having to add any new attributes to LDAP
> 
> Can the information be stored locally in a file on the proxy? do i just
make
> the same master user file that I have on the backend?
I don't undestand your question. You can either forward plaintext
credentials to your backend or authenticate on your proxy and go with
the proxys master user to your backend
(http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy).

Dennis

On Mon, Mar 21, 2011 at 2:06 PM, Timo Sirainen <tss at iki.fi> wrote:
>
> =master_user=%u
>
> same thing with or without the = in front
I noticed that there are two master_users with different values in debug

Mar 21 18:09:49 auth: Info: passdb(doveadmin,192.168.12.209,master): Master
user logging in as user at domain.com
Mar 21 18:09:49 imap-login: Info: Login: user=<user at domain.com>,
method=PLAIN, rip=192.168.12.209, lip=192.168.12.205, mpid=25147
[...]
Mar 21 18:09:49 auth: Debug: master out: USER   3253338113
user at domain.com  home=/home/domain.com/user at domain.com
master_user=user at domain.com       master_user=doveadmin
[...]
Mar 21 18:09:49 imap(user at domain.com): Debug: acl: acl username = doveadmin
[...]

On 21.3.2011, at 20.52, Edward Carraro wrote:
> script-login: Fatal: execvp(/usr/local/bin/postlogin.sh) failed: Permission
> denied
Well, what happens with:

sudo su -s /bin/sh dovecot
/usr/local/bin/postlogin.sh