I am running Nextcloud on a server with OpenLDAP, Dovecot and Postfix. All services, incl. Postfix use LDAP authentication and it works. The UID (which also serves as the login name to Nextcloud) has the pattern “.”, the mail domain is “my-domain.tld”, Nextcloud is served from “cloud.my-domain.tld”.
Now, I wanted to create a template for automatic mail provisioning. However, I am lost what the checkbox and input field “master password” are for.
a) It seems that it does not change anything whether the checkbox “Use master password” is enabled or disabled. The input field “master password” always remains editable.
b) If I try to save the configuration and the input field “master password” is empty, the configuration is not saved and the input field gets the focus.
What am I supposed to enter into that input field?! Obviously, users have their own individual passwords.
At the moment attempted configuration looks like this:
I read it, but still do not understand it. Moreover, given the discussion in the pull request, I am even more convinced that the entire feature is buggy right now.
First of all the pull request claims that SSO users had no password. IMHO, that is wrong. Of course, single sign-on users have a password as well in order to authenticate, single sign-on simply means that users should not be tasked to re-enter their passwords over and over again for each single service, but that the authenticate only once (with their password) with the first service they use and then they are authenticated for all other services, too.
Th discussion whether the “master password” should better be falled “default password” or “fallback password” shows that.
Anyway, I would be fine with not using the master password and request my Nextcloud users to re-enter their password once again, when the use the Mail app for the first time.
However, this seems to be impossible at the moment, because the checkbox to use a master password is not working and their is currently no option to not provide a master password.
So in essence, the entire mail provisioning feature is completely broken right now.
That is correct from your point of view but there is no entry in the oc_users.password field in the database. So nextcloud has no passsword stored from that user.
When you are using user_saml Nextcloud usually does not see the actual users password and therefore cannot reuse it to authenticate against an email server. That’s the problem to be solved by with the master password feature.
Yes, I understood. Although I would prefer the term “dummy password” or - even better - Nextcloud should not need and try to send a password to the mail backend altogether.
Anyway, I don’t need to use that feature and the only problem which remains is that unchecking the checkbox “Use master password” has no effect and the GUI still requires a master password.