configuration_manual: Update static user/passdb settings and examples

Also add passdb_static_password and userdb_allow_all_users settings.

source/configuration_manual/authentication/allow_nets.rst

@@ -36,7 +36,10 @@ Postfix to verify the email account:
 .. code-block:: none
 
   passdb static {
-    args = password=test allow_nets=local,127.0.0.1/32
+    password = test
+    fields  {
+      allow_nets = local,127.0.0.1/32
+    }
   }
 
 Otherwise, you will see this error in the log:

source/configuration_manual/authentication/domain_lost.rst

@@ -82,7 +82,10 @@ user lookup.
    }
 
    passdb static {
-      args = user=%Ld noauthenticate
+      fields {
+        user = %Ld
+        noauthenticate = yes
+      }
       skip = authenticated
    }
 

source/configuration_manual/authentication/kerberos.rst

@@ -88,7 +88,11 @@ If you only want to use Kerberos ticket-based authentication:
    auth_krb5_keytab = /etc/dovecot/dovecot.keytab
 
    userdb static {
-     args = uid=vmail gid=vmail home=/var/vmail/%u
+    fields {
+       uid = vmail
+       gid = vmail
+       home = /var/vmail/%u
+     }
    }
 
 (In this virtual-hosting example, all mail is stored in

source/configuration_manual/authentication/master_users.rst

@@ -150,7 +150,7 @@ exists and get other extra fields.
 
    # master password passdb
    passdb static {
-      args = password=master-password
+      password = master-password
       result_success = continue
    }
    # primary passdb

source/configuration_manual/authentication/oauth2.rst

@@ -77,7 +77,12 @@ Without proxy authentication
 .. code-block:: none
 
   passdb static {
-    args = nopassword=y proxy=y proxy_mech=%m ...
+    fields {
+      nopassword = yes
+      proxy = yes
+      proxy_mech = %m
+      # ...
+    }
   }
 
 or with proxy authentication, put into ``dovecot-oauth2.conf.ext``

source/configuration_manual/authentication/static_password_database.rst

@@ -6,21 +6,32 @@ Static Password Database
 
 Static password database is typically used only for testing, proxying setups
 and perhaps some other special kind of setups. Static passdb allows all users
-to log in with any username. For password you return either:
+to log in with any username. For password you can either set
+:dovecot_core:ref:`passdb_static_password` or set ``nopassword = yes`` in
+:dovecot_core:ref:`passdb_fields`.
 
-* password=secret: All users have ``secret`` as password.
-* nopassword: Users can log in with any password.
-
-You can return any other :ref:`authentication-password_database_extra_fields`. You can use the
-standard variables everywhere.
+You can return any other :ref:`authentication-password_database_extra_fields`.
+You can use the standard variables everywhere.
 
 Example:
 
 .. code-block:: none
 
+  # Without password
+  passdb static {
+    fields {
+      nopassword = yes
+      proxy = y
+      host = 127.0.0.1
+    }
+  }
+
+.. code-block:: none
+
+  # With password
   passdb static {
-    args = nopassword=y
-    default_fields {
+    password = secret
+    fields {
       proxy = y
       host = 127.0.0.1
     }

source/configuration_manual/authentication/static_user_database.rst

@@ -9,21 +9,29 @@ Static user database can be used when you want to use only single UID and GID va
 .. code-block:: none
 
  userdb static {
-  args = uid=<uid> gid=<gid> home=<dir template>
+  fields {
+    uid = <uid>
+    gid = <gid>
+    home = <dir template>
+  }
  }
 
 The home is optional. You can also return other :ref:`authentication-user_database_extra_fields`. You can use the standard :ref:`config_variables` everywhere.
 
 LDA and passdb lookup for user verification
 ===========================================
 
-Unless your MTA already verifies that the user exists before calling dovecot-lda, you'll most likely want dovecot-lda itself to verify the user's existence. Since dovecot-lda looks up the user only from the userdb, it of course doesn't work with static userdb because there is no list of users. Normally static userdb handles this by doing a passdb lookup instead. This works with most passdbs, with :ref:`authentication-pam` being the most notable exception. If you want to avoid this user verification, you can add ``allow_all_users=yes`` to the args in which case the passdb lookup is skipped.
+Unless your MTA already verifies that the user exists before calling dovecot-lda, you'll most likely want dovecot-lda itself to verify the user's existence. Since dovecot-lda looks up the user only from the userdb, it of course doesn't work with static userdb because there is no list of users. Normally static userdb handles this by doing a passdb lookup instead. This works with most passdbs, with :ref:`authentication-pam` being the most notable exception. If you want to avoid this user verification, you can add :dovecot_core:ref:`userdb_static_allow_all_users = yes <userdb_static_allow_all_users>` to the settings of the userdb in which case the passdb lookup is skipped.
 
 Example
 =======
 
-.. code-block:: none 
+.. code-block:: none
 
  userdb static {
-  args = uid=500 gid=500 home=/home/%u
+  fields {
+    uid = 500
+    gid = 500
+    home = /home/%u
+  }
  }

source/configuration_manual/howto/simple_virtual_install.rst

@@ -56,7 +56,11 @@ If you want to configure SSL, see :ref:`SSL <ssl>`.
      passwd_file_path = /etc/dovecot/passwd
    }
    userdb static {
-     args = uid=vmail gid=vmail home=/home/vmail/%u
+     fields {
+       uid = vmail
+       gid = vmail
+       home = /home/vmail/%u
+     }
    }
 
 /etc/dovecot/passwd

source/configuration_manual/mail_crypt_plugin.rst

@@ -326,7 +326,11 @@ Hence, this is possible:
   }
 
   passdb static {
-    args = password=pass crypt_global_public_key=<content of ecpubkey.pem> crypt_global_private_key/main/private_key=<content of ecprivkey.pem>
+    password = pass
+    fields {
+      crypt_global_public_key = <content of ecpubkey.pem>
+      crypt_global_private_key/main/private_key = <content of ecprivkey.pem>
+    }
   }
 
 Read-only Mode

source/configuration_manual/namespace/index.rst

@@ -306,7 +306,10 @@ given list.
 ::
 
   userdb static {
-    args = namespace+=special namespace/special/mail_path=/var/special/%u namespace/special/prefix=special/
+    fields {
+        namespace+ = special namespace/special/mail_path=/var/special/%{username}
+        namespace/special/mail_path = /var/special/%{username}
+        namespace/special/prefix = special/
   }
 
 Dovecot Support for Shared Mailboxes

source/configuration_manual/shared_mailboxes/cluster_setup_example.rst

@@ -18,15 +18,18 @@ Dovecot Proxy configuration snippet
         passdb db1 {
           driver = static
           master = yes
-          default_fields {
-            proxy = y
-          }
-          args = password=imapcpass
+          password = imapcpass
+          fields {
+	    proxy = yes
+	  }
         }
 
         passdb db2 {
           driver = static
-          args = proxy=y password=masterpass
+          password = masterpass
+          fields {
+	    proxy = yes
+	  }
         }
 
 Dovecot Backend configuration snippet
@@ -63,15 +66,22 @@ Dovecot Backend configuration snippet
 
         passdb db1 {
           # masterpass is the normal users master password
-          args = password=masterpass userdb_imapc_master_user=%{user}
           driver = static
+          password = masterpass
+          fields {
+            userdb_imapc_master_user = %{user}
+          }
         }
 
         passdb db2 {
           driver = static
           master = yes
           # imapcpass is the master password used for master logins (via imapc)
-          args = password=imapcpass userdb_namespace/shared/disabled=yes userdb_acl_user=%{auth_user}
+          password = imapcpass
+          fields {
+            userdb_namespace/shared/disabled = yes
+            userdb_acl_user = %{auth_user}
+          }
         }
 
         dict {

source/configuration_manual/virtual_users.rst

@@ -251,7 +251,11 @@ get Dovecot running is to use the :ref:`static userdb <authentication-static_use
    passdb pam {
    }
    userdb static {
-     args = uid=vmail gid=vmail home=/var/mail/virtual/%d/%n
+     fields {
+        uid = vmail
+        gid = vmail
+        home = /var/mail/virtual/%d/%n
+     }
    }
 
 This makes Dovecot look up the mails from

source/settings/core.rst

@@ -2966,6 +2966,12 @@ See :ref:`settings` for list of all setting groups.
    :ref:`authentication-oauth2`.
 
 
+.. dovecot_core:setting:: passdb_static_password
+   :values: @string
+   :added: 3.0.0
+
+   The static password to be used for all users authenticating using this passdb.
+
 .. dovecot_core:setting:: pop3_client_workarounds
    :todo: Indicate POP3 setting
    :values: @string
@@ -4031,6 +4037,12 @@ See :ref:`settings` for list of all setting groups.
 
      textcat_config_path = /usr/share/libexttextcat/fpdb.conf
 
+.. dovecot_core:setting:: userdb_static_allow_all_users
+   :values: @boolean
+   :added: 3.0.0
+   :default: no
+
+   Skip user existence verification via passdb lookup.
 
 .. dovecot_core:setting:: valid_chroot_dirs
    :values: @string