diff --git a/src/appdb.js b/src/appdb.js
index 32e8f136b..2a359cae3 100644
--- a/src/appdb.js
+++ b/src/appdb.js
@@ -621,13 +621,13 @@ function getAddonConfigByAppId(appId, callback) {
     });
 }
 
-function getAppIdByAddonConfigValue(addonId, name, value, callback) {
+function getAppIdByAddonConfigValue(addonId, namePattern, value, callback) {
     assert.strictEqual(typeof addonId, 'string');
-    assert.strictEqual(typeof name, 'string');
+    assert.strictEqual(typeof namePattern, 'string');
     assert.strictEqual(typeof value, 'string');
     assert.strictEqual(typeof callback, 'function');
 
-    database.query('SELECT appId FROM appAddonConfigs WHERE addonId = ? AND name = ? AND value = ?', [ addonId, name, value ], function (error, results) {
+    database.query('SELECT appId FROM appAddonConfigs WHERE addonId = ? AND name LIKE ? AND value = ?', [ addonId, namePattern, value ], function (error, results) {
         if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
         if (results.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
 
diff --git a/src/ldap.js b/src/ldap.js
index 9da6c0948..3d9ea4374 100644
--- a/src/ldap.js
+++ b/src/ldap.js
@@ -560,13 +560,13 @@ function authenticateMailAddon(req, res, next) {
 
         if (addonId === 'recvmail' && !domain.enabled) return next(new ldap.NoSuchObjectError(req.dn.toString()));
 
-        let name;
-        if (addonId === 'sendmail') name = 'MAIL_SMTP_PASSWORD';
-        else if (addonId === 'recvmail') name = 'MAIL_IMAP_PASSWORD';
+        let namePattern; // manifest v2 has a CLOUDRON_ prefix for names
+        if (addonId === 'sendmail') namePattern = '%MAIL_SMTP_PASSWORD';
+        else if (addonId === 'recvmail') namePattern = '%MAIL_IMAP_PASSWORD';
         else return next(new ldap.OperationsError('Invalid DN'));
 
         // note: with sendmail addon, apps can send mail without a mailbox (unlike users)
-        appdb.getAppIdByAddonConfigValue(addonId, name, req.credentials || '', function (error, appId) {
+        appdb.getAppIdByAddonConfigValue(addonId, namePattern, req.credentials || '', function (error, appId) {
             if (error && error.reason !== DatabaseError.NOT_FOUND) return next(new ldap.OperationsError(error.message));
             if (appId) { // matched app password
                 eventlog.add(eventlog.ACTION_APP_LOGIN, { authType: 'ldap', mailboxId: email }, { appId: appId, addonId: addonId });