What is the "master password" for in the mail provisioning settigs?

I am running Nextcloud on a server with OpenLDAP, Dovecot and Postfix. All services, incl. Postfix use LDAP authentication and it works. The UID (which also serves as the login name to Nextcloud) has the pattern “.”, the mail domain is “my-domain.tld”, Nextcloud is served from “cloud.my-domain.tld”.

Now, I wanted to create a template for automatic mail provisioning. However, I am lost what the checkbox and input field “master password” are for.

a) It seems that it does not change anything whether the checkbox “Use master password” is enabled or disabled. The input field “master password” always remains editable.

b) If I try to save the configuration and the input field “master password” is empty, the configuration is not saved and the input field gets the focus.

What am I supposed to enter into that input field?! Obviously, users have their own individual passwords.

At the moment attempted configuration looks like this:

Provisioning domain: my-domain.tld
Email address template: %USERID%@my-domain.tld

IMAP user: %USERID%@my-domain.tld
IMAP host: server.my-domain.tld
IMAP Port: 993
IMAP Security: SSL/TLS

SMTP user: %USERID%@my-domain.tld
SMTP host: server.my-domain.tld
SMTP port: 587
IMAP Security: STARTTLS

Use master password: yes/no ← What does that mean?!
Master password: ← What is that for?!

Enable sieve: yes
Sieve user: %USERID%@my-domain.tld
Sieve host: server.my-domain.tld
Sieve port: 4190
Sieve Security: SSL/TLS

Please read this to understand the purpose of that feature:

and this for some more insights:

but it is still not working flawless, there are still some issues

Much luck,
ernolf

I read it, but still do not understand it. Moreover, given the discussion in the pull request, I am even more convinced that the entire feature is buggy right now.

First of all the pull request claims that SSO users had no password. IMHO, that is wrong. Of course, single sign-on users have a password as well in order to authenticate, single sign-on simply means that users should not be tasked to re-enter their passwords over and over again for each single service, but that the authenticate only once (with their password) with the first service they use and then they are authenticated for all other services, too.

Th discussion whether the “master password” should better be falled “default password” or “fallback password” shows that.

Anyway, I would be fine with not using the master password and request my Nextcloud users to re-enter their password once again, when the use the Mail app for the first time.

However, this seems to be impossible at the moment, because the checkbox to use a master password is not working and their is currently no option to not provide a master password.

So in essence, the entire mail provisioning feature is completely broken right now.

That is correct from your point of view but there is no entry in the oc_users.password field in the database. So nextcloud has no passsword stored from that user.

Much luck,
ernolf

When you are using user_saml Nextcloud usually does not see the actual users password and therefore cannot reuse it to authenticate against an email server. That’s the problem to be solved by with the master password feature.

Yes, I understood. Although I would prefer the term “dummy password” or - even better - Nextcloud should not need and try to send a password to the mail backend altogether.

Anyway, I don’t need to use that feature and the only problem which remains is that unchecking the checkbox “Use master password” has no effect and the GUI still requires a master password.

I assume the feature is called master password because dovecot is using this term Master users/passwords — Dovecot documentation

Sounds good to me, I didn’t know that one could configure dovecot like that. However, I’m unsure if such a configuration is supported by the IMAP library we are using. In the current version, a blank password is considered an error: Imap_Client/lib/Horde/Imap/Client/Socket.php at 79612af5452730db98e6a73bf9270c3f5512b9a2 · bytestream/Imap_Client · GitHub

Pull request: fix(provisioning): Do not require master password if disabled by ChristophWurst · Pull Request #9197 · nextcloud/mail · GitHub

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.