Navigation

    Kopano
    • Register
    • Login
    • Search
    • Categories
    • Get Official Kopano Support
    • Recent
    Statement regarding the closure of the Kopano community forum and the end of the community edition

    Passwordless IMAP gateway via socket not working !?

    Kopano Groupware Core
    3
    5
    472
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • isol
      isol last edited by

      Hello, I am trying to migrate IMAP users from a dovecot system (where you can set a master user) to kopano 8.7.0 with kopano-migration-imap (i.e. imapsync). As I do not have all the passwords I want to do it without as described in

      https://documentation.kopano.io/kopano_migration_manual/imap_migration.html

      I set the imap gateway to use the socket instead of the TCP connection:

      file:///var/run/kopano/server.sock
      and set “bypass_auth=yes”
      in the gateway.cfg.

      The socket exists and belongs to the user kopano. But I get the following error when I try to access the destination mailbox with imapsync:

      Host2 failure: Error login on [localhost] with user [XXXX] auth [LOGIN]: 2 BAD Internal error: OpenECSession failed

      and in the gateway logs I see:

      Thu Apr 4 11:39:40 2019: [ZGateway IMAP|T21731] [error ] HrLogon server “file:///var/run/kopano/server.sock.” user “XXXX”: network error
      Thu Apr 4 11:39:40 2019: [ZGateway IMAP|T21731] [warning] Failed to login from [[::ffff:127.0.0.1]:38014] with invalid username “XXXX” or wrong password: network error (80040115)
      Thu Apr 4 11:39:40 2019: [ZGateway IMAP|T21731] [error ] Connection error.

      Am I missing something? Or has the behavior changed somehow? When I use the port and a password it works, so the username must be correct.

      1 Reply Last reply Reply Quote 0
      • Bernd G
        Bernd G last edited by

        Hi,

        we have done a migration with imapsync a year ago. The have created a migration account on kopano and switched the user store (user-store -> migration-store) during migration and back afterwards (migration-store -> user-store). This was working very well.

        Best regards,
        BerndG

        1 Reply Last reply Reply Quote 0
        • thctlo
          thctlo last edited by

          Just change the socket to TCP conn and try it with this format.

          kopano-migration-imap --addheader --host1 FQ.DN.TLD --port1 993 --user1 “email@some.tld” --password1 “passwd_WITHOUT ! that fails”
          –host2 localhost --port2 143 --user2 “email@some.tld” --password2 “SomePasswd”

          That worked fine for me.
          i also had the OpenESSession failed, that was a missing package for me, but i cant find which it was. (sorry)

          1 Reply Last reply Reply Quote 0
          • isol
            isol last edited by

            Hmm, but this is probably in the other direction? I need the passwordless access on the destination server, i.e. I do not know passwd2. I have tried:

            • socket=file://…
            • socket=http://localhost:236/
            • socket=http://127.0.0.1:236/
              together with “bypas_auth=yes”, but in neither case it worked. All cases work for users where I have the password, though, so I suppose “bypass_auth” is not working although it is advertised in the log “username and password will not be checked”. And for a user with wrong password, I do not see anything in gateway.log or server.log, even with log level 6. So clearly something is not working as intended here !?
            1 Reply Last reply Reply Quote 0
            • isol
              isol last edited by

              Aargh, I had two errors:

              • copy&paste error : file:///var/run/kopano/server.sock. instead of file:///var/run/kopano/server.sock (note the trailing dot…). Interestingly, the gateway does not complain that the socket does not exist…
              • typo in username for passwordless server - then it cannot find a user and acts as if it had a bad password.

              I also found this interesting post:
              https://www.invenios.de/blog/121-zarafa-gateway-imap-ohne-passwort/
              It must be adapted slightly to work with a systemd-based distro, in fact you copy the kopano-gateway service in /lib/systemd/system with another name, add a parameter for a seconf configuration fil and in this config you put the passwordless auth, e.g. limited to 127.0.0.1 for the client. Then you can even run the normal gateway unchanged and an additional service without passwords.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post