Import users from another srv yunohost but withou ssl certificat

What type of hardware are you using: Other(?)
What YunoHost version are you running: 12
How are you able to access your server: The webadmin
SSH
Direct access via physical keyboard/screen
Are you in a special context or did you perform specific tweaking on your YunoHost instance ?: no

Describe your issue

I would like to make a backup but only the account directories, in order to be able to import it on a new server, but I don’t really see how to do it.

In summary, I have 2 yunohost srvs.

srv1, has its own internet line is in production and works, it serves as a mail server, and nextcloud, and the users exist in nextcloud. and it is the one that is in production

srv2, as for it is in the windows domain, authentication in nextcloud is done via the domain controller, I had to look for it but now it creates my users with domain\users and not the uid, on the other hand they do not have a mailbox on this server.

That is why I would like to be able to import them from srv1, but without the ssl certificates, etc …

Je voudrais faire une sauvegarde mais uniquement les annuaires des comptes , afin de pouvoir la importer sur un nouveau serveur , mais je ne vois pas trop comment faire.

En résumé , j’ai 2 srv yunohost .

srv1 ,a sa propre ligne internet est en prod et fonctionne , il sert de serveur de mail , et nextcloud , et les utilisateurs existe dans nextcloud. et c’est celui qui est en prod

srv2 , quant à lui est dans le domaine windows , l’authentification dans nextcloud se fait via le domain controller , j’ai du en peux chercher mais mainteant il me cree bien mes users avec domain\users et non l’uid , par contre ils n’ont pas de boite mail sur ce serveur.

C’est pour cela que je voudrais pouvoir les importer de srv1 , mais sans les certificats ssl , etc …

Share relevant logs or error messages

no log

Hi Stefan1,

Could you try to explain a bit clearer what you mean?

You write about server1 and server2 and importing to a new server (server3?).

Server1 is in Production, server2 is in Windows.

Server2 has users, and you want to import “them” from server1.

What is your goal in the end?

Hi wbk ,

I have a server that is already in production srv1, on its own internet connection, or it is in dmz.
The users who have a mailbox, were created via the yunohost interface.

I am setting up a second server srv2, which is on another internet line, and which has 2 network cards.

One in dmz, the other which is used to connect to the windows domain.

The authentication of nextcloud users is done via the windows domain controller.
They are authenticated with DOMAIN\USER, and not the uid, so they know how to mount external storage

It works as I want

(still some small problems with the webdav from the local network, but not from outside)

On the other hand, the emails, for the moment they are only on srv1, and they know how to access them via imap
but I would like srv2 to really become the secondary mail server of the mail domain that srv1 manages

On srv1, the users were created via yunohost
srv2, they are authenticated via the dc of the windows domain

and I have the names of the users that correspond well, but I don’t really see how to import the mailboxes, to map the user authenticated via the dc to his mailbox on srv2

in french :

J’ai un serveur qui est déja en production srv1 , sur sa propre connexion internet , ou il est en dmz.
Les utilisateurs qui ont une boite maill , ont été crée via l’interface de yunohost.

Je suis entrain de mettre en place un second serveur srv2 , qui est sur une autre ligne internet , et qui lui a 2 cartes réseau.

Une en dmz , l’autre qui sert à se connecter au domaine windows.

L’authentification des utilisateurs de nextcloud se fait via le controlleur du domaine windows.
Ils sont authenthifier avec DOMAIN\USER , et non l’uid , ainsi kils savent monter les stockages externes

Ca fonctionne comme je le desire

( encore des petits soucis avec le webdav depuis le reseau local , mais pas depuis l’exterieur )

Par contre les mails , pour l’instant ils sont uniquement sur le srv1 , et ils savent y acceder via imap
mais j’aimerai que srv2 devienne vraieme’nt le serveur de mail secondaire du domaine de mail que gere srv1

Sur srv1 , les user ont été creer via yunohost
srv2 , ils sont authentifier via le dc duu domaine windows

et j’ai les noms des users qui correspondent bien , mais je vois pas trop comment importer les boites mails , faire le mapping de l’user authentifier via le dc vers sa boite mail du srv2

Hi stefan1,

Thanks for taking time to elaborate!

What is the reason for the secondary mail server? My first guess would be high availability.

I’m in the (somewhat stalled) process of configuring a secondary mail server myself. I “imagined” that by default it would provide full mail services in case my main server goes offline. Unfortunately, the standard feature of a fallback server is making sure that mail can be delivered once the main server is up again.

If you already knew that, you were better informed from the start than I was.

To have two servers in sync is possible, but seems something of a headache, see for example this discussion on serverfault.

The above is not a limitation of Yunohost, but of Postfix itself. Also take in account that mailclients connect to the configured mailserver to fetch mail. If your primary server goes offline for some reason, even if all mail is available on the secondary server, users won’t be able to read their mail until they reconfigured their mail client for the secondary server or until you updated DNS records to have the IP’s for primary and secondary server switched.

If you work on this configuration ‘for fun’, we can try to figure out how to make it work. It will be fun and educational

If it is because the users of the mailserver think they need it, try to figure out if they can live without email access for half a day once a year (or however often you expect the primary server to be unavailable), and then decide on full HA or only secondary MX.

So far for my own server, I know of bounced mails on two occasions over the past 5+ years:

• After a power outage (and difficulty booting afterwards) I spoke someone who asked if my mail address was correct, because they got a delivery error
• The same person asked a few months later whether I had had another power failure. No, but I had been busy configuring my secondary MX. His mail ended up on my fallback server when the accounts were not synced, and got bounced.

Morale of the story: without secondary MX I’d only once had mail go missing, with the secondary mailserver I’d have it happen twice

On re-reading your post, do you mean you want to run svr2 as fallback MX? In that case Postfix on srv2 needs to know of the ‘valid’ email addresses. It does not need to have a (full) copy of the mailbox.

You already managed to link and sync LDAP in Samba (or MS AD?) to srv1? I guess you’d point Postfix’ sender_login_maps to use that info (to be figured out how though…)

862 / 5 000
It’s more for a question of bandwidth.

it is only srv2 that has the link with the AD

srv1, it is not in the domain.

at the beginning, we had an old exchange server in the domain, which I migrated to srv1, outside the domain on another wanip, in order not to have any interruption of the service.

And now that the exchange server is shutdown, srv2 is supposed to take its place …

srv1 not being in the windows domain, clients really access it via internet.

srv2 which is in the domain, the connection is made via the local network which is much faster, Most boxes exceed fews Gb…

they have their emails via imap, and it works in itself, it could stay like that.

My real problem for now, but I’m changing the subject, it’s webdav, from the outside, ok, from the local network, authentication errors, …, in my opinion it’s at the level of my rules on my router , t, or yunohost which would not listen to my second network card for this protocol

I’m under the impression that my limited understanding of the situation becomes less with every post you make

If you have like help on a complex situation, it needs explanation of the complex situation. Not a puzzle with every time a bit more info of not the full picture.

So you have :

• old situation:
  • srvX: prvate; exchange server
  • srv1: empty
  • srv2: non existant
• transition situation
  • srv1: installed YNH, installed Nextclodu, imported mailboxes from Exchange to IMAP (Nice; is that doable? Easy?)
  • srvX removed
• current situation
  • srv1: public; users in YNH LDAP, provides Nextcloud, mail services, nothing else
  • srv2: private; users in Samba or MS AD LDAP, provides Nextcloud, nothing else
  • Nextcloud on srv1 and srv2 are synced?
• desired situation:
  • srv1: public; users in YNH LDAP, provides Nextcloud, nothing else
  • srv2: private; users in Samba or MS AD LDAP, provides Nextcloud, mail services, nothing else

For context: this is not your homeserver for 2-20 people, but a larger deployment? For a home environment, manual management of users would be doable…

Anyway; srv2 is going to be the mailserver?

• You could look into replacing OpenLDAP with your AD provider. That seems most straightforward: Yunohost will talk LDAP as it is used to, unknowingly talking to Samba/MS AD. Everyhting works as it is supposed to, just make sure to document your configuration.
• Alternatively, backup srv1, wipe srv2 and use backup from srv1 instead of postinstall to get all users and mailboxes on srv2, after that reset your configuration to make it srv2 again.
• Or, create the users manually, then run mbsync to synchronize mailboxes

Will srv1 stay ‘in the loop’ or will it be taken offline once mail is migrated?

Perhaps a separate subject is warranted

Is srv2 a YunoHost or another OS ?

I move this topic into advanced used case category.

Note you should be able to backup your ldap ldif (with password hashes), with yunohost backup create -n ldap --system conf_ldap

You can also export it (without password hashes), via

yunohost user export > user.csv

Or even (without password hashes)

yunohost user list --output-as json > user.json