Issue Description
When trying to sync mail accounts via imapsync with master Account, sync only works with accounts which logged in before.
Expected Behavior
The mailboxes should be synced, it is the only way to sync from dovecot with mdbox Format
Actual Behavior
Host2: failed login on [testmail] with user [uli%master] auth [LOGIN]
++++ Listing 1 errors encountered during the sync ( avoid this listing with --noerrorsdump ).
Reproduction Steps
Users are all from LDAP.
Try to sync a user with imapsync which was not logged in before
Relevant Log Output
2026-05-07T13:56:31Z DEBUG Cache miss (store.cache-miss) key = “uli”, domain = 4, collection = “email”
2026-05-07T13:56:31Z DEBUG Authentication failed (auth.failed) listenerId = “imaps”, localPort = 993, remoteIp = 2a01:4f8:1c1c:271e::19, remotePort = 58048, accountName = “[email protected]”, details = “[email protected]”, reason = “Master user account not found”, remoteIp = 2a01:4f8:1c1c:271e::19, id = “2”
Stalwart Version
v0.16.x
Installation Method
Binary (Linux)
Database Backend
MySQL
Blob Storage
Filesystem
Search Engine
Internal
Directory Backend
LDAP
Additional Context
imapsync is used for syncing
I have reviewed the documentation and FAQ and confirm that my issue is NOT addressed there.
on
I have searched this support forum (open and closed topics) and confirm this is not a duplicate.
on
I have set the logging level to trace and included relevant log output if applicable.
on
I agree to follow the project’s Code of Conduct.
on
The error log message "Master user account not found" comes directly from Stalwart’s authentication code at line 285 of authentication.rs. Based on the code, here is what is happening and what to check:
Root cause: When you authenticate as uli%master, Stalwart first looks up the master user account in the configured directory (LDAP in your case). If that master account doesn’t exist as a resolvable account in LDAP, the login fails — regardless of whether the target account (uli) exists or has logged in before.
Things to verify:
-
The master user must exist in the directory. Unlike some servers where the master credential is a standalone static secret, Stalwart resolves the master user through the configured directory backend. Make sure the master account (e.g. master) is present and queryable in your LDAP tree.
-
Check the master user configuration. In the WebUI under Settings → Authentication, confirm that the master user name is set correctly and matches exactly what you pass in the user%master syntax (including domain handling — Stalwart may append a default domain to the master username).
-
Domain qualification. The log shows the target account as [email protected]. Stalwart may be trying to resolve the master user with a domain appended. Make sure the master user in LDAP is either domain-qualified or that Stalwart’s domain-append behaviour matches your LDAP schema.
-
LDAP cache miss. The cache-miss log line for "uli" is expected for a first-time login, but the real failure is the master user lookup — so focus on whether the master account itself is visible in LDAP.
The “only works for accounts which logged in before” symptom is likely a red herring if those accounts happen to have had their master user credentials cached; the real issue is consistent LDAP resolution of the master user identity.
This is an automated reply from the Stalwart Help Bot. Other community members may follow up if this answer is incomplete or wrong. If you found it useful, mention @helpbot in any reply to ask follow-up questions and the bot will respond again.
There is no LDAP traffic observable in this case.