Results 1 to 7 of 7

Thread: Migrating users with imapsync... without passwords?

  1. #1
    Join Date
    Jul 2007
    Posts
    22
    Rep Power
    8

    Default Migrating users with imapsync... without passwords?

    I am looking to migrate users from an OS X server using the default cyrus mail store. I've read that imapsync is the way to go, but I don't have the passwords for all 700+ accounts. Frankly, I'm surprised that this method is so popular as it is not common practice to track user passwords.

    Only option I can think of is to reset everyone's password and do the migration then. I suppose if this were a regular unix server I might simply make a backup of the shadow file, reset all passwords, do the migration, and then put the passwords back, but this is OS X with a password server. Can I backup and restore the password server? How can I make a mass password change like that?

    -matthew

  2. #2
    Join Date
    Aug 2007
    Location
    Indianapolis
    Posts
    54
    Rep Power
    8

    Default

    Three methods that we used...

    1) A "migration page" where users had to login to have their accounts relocated. We simply cached the password, passed to imapsync, and ran it right there on the spot.

    2) We use LDAP, so we simply copied the LDAP entry, changed the password, then copied the password back when we were done.

    3) This caused problems, but might work for you... just alter the pam definitions for IMAP such that any password works. This of course requires downtime and an all-at-once move, lest you open a major security problem.

    DC

  3. #3
    Join Date
    Aug 2005
    Posts
    1,433
    Rep Power
    12

    Default

    I'm not sure about this, but you may be able to use AUTHENTICATE PLAIN on your OS X server using the admin login to gain access to all the user accounts.
    Bugzilla - Wiki - Downloads - Before posting... Search!

  4. #4
    Join Date
    Jul 2007
    Posts
    22
    Rep Power
    8

    Default

    Now that you mention it, I was able to give access to users' mailboxes to the admin user (or anyone, really). The problem is that they show up as folders in the admin's account. You can't (AFAIK) log directly into the other accounts.

    Or is there something I'm missing?

  5. #5
    Join Date
    Aug 2005
    Posts
    1,433
    Rep Power
    12

    Default

    AUTHENTICATE PLAIN would allow you to use the admin username/password credentials to log in as a different user. You should check out your IMAP server to see if it supports this.
    Bugzilla - Wiki - Downloads - Before posting... Search!

  6. #6
    Join Date
    Jul 2007
    Posts
    22
    Rep Power
    8

    Default

    How does that work, exactly? I tried it (from telnet) and it just logs me in to the admin's mailbox. How do you then switch to the user you want to sync? It looks like you can use either AUTHENTICATE PLAIN or LOGIN, but not both.

  7. #7
    Join Date
    Aug 2005
    Posts
    1,433
    Rep Power
    12

    Default

    Right. LOGIN adminname adminpass will log you into the admin account. If you instead used AUTHENTICATE PLAIN, then a base64-encoded string including the account you want to login, the admin name, and the admin pass delimited by NUL bytes, the server will use the admin credentials to log you into the target user. imapsync knows how to do this...
    Bugzilla - Wiki - Downloads - Before posting... Search!

Similar Threads

  1. Migrating from Cyrus to Zimbra - imapsync
    By claud1e in forum Migration
    Replies: 4
    Last Post: 08-26-2009, 01:59 AM
  2. 4.0 RC1 imapsync with admin???
    By kirme3 in forum Administrators
    Replies: 37
    Last Post: 07-19-2007, 10:52 AM
  3. Migrating from "mdir" to Zimbra
    By czaveri in forum Installation
    Replies: 9
    Last Post: 04-04-2006, 01:04 PM
  4. Migrating Accounts from LDAP with {crypt} Passwords
    By shanson in forum Administrators
    Replies: 3
    Last Post: 03-11-2006, 04:09 PM
  5. Migrating Accounts from LDAP with Encrypted Passwords
    By andreychek in forum Administrators
    Replies: 3
    Last Post: 12-16-2005, 03:40 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •