Dear Sir,
I'm having problems with the implementation of prefetch userdb.
Following the directives from the site (http://wiki2.dovecot.org/UserDatabase/Prefetch), I am unable to avoid the second search to the user backend (ldap).
Could give me any advice or tips to achieve my goal?
Thanks a lot,
Hector M. Jacas
My ldap has the following structure:
search base: ou=Domains,dc=test,dc=local
domains tree:
domain2.com: dc=domain2.com,ou=Domains,dc=test,dc=local
Definition of mailuser1 on domail2.com:
dn: uid=mailuser1,dc=domain2.com,ou=Domains,dc=test,dc=local
uid: mailuser1
cn: User mailuser1
sn: User 1
displayName: User mailuser1
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
mail: mailuser1@domain2.com domain1.com: dc=domain1.com,ou=Domains,dc=test,dc=local
Definition of mailuser1 on domain1.com:
dn: uid=mailuser1,dc=domain1.com,ou=Domains,dc=test,dc=local
uid: mailuser1
cn: User mailuser1
sn: User 1
displayName: User mailuser1
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
mail: mailuser1@domain1.com/etc/dovecot/dovecot-ldap.conf.ext content:
hosts = ldapserver auth_bind = yes ldap_version = 3 tls = no base = ou=Domains,dc=test,dc=local scope = subtree
user_filter = (&(objectclass=inetOrgPerson)(mail=%u)) user_attrs = =home=/var/vmail/mailboxes/%Ld/%Ln/%Ln,=uid=500,=gid=500
default_pass_scheme = CRYPT
pass_filter = (&(objectclass=inetOrgPerson)(mail=%u))
pass_attrs =
uid=user,password=userPassword,=userdb_home=/var/vmail/mailboxes/%Ld/%8Ln/%Ln,
=userdb_uid=500,=userdb_gid=500
iterate_attrs = mail=user iterate_filter = (objectclass=inetOrgPerson)
auth test result for mailuser1@domain2.com:
# doveadm mailuser1@domain2.com password auth test passdb: mailuser1@domain2.com auth succeeded Extra fields: user=mailuser1
And in /var/log/maillog (enabled debug auth options):
Apr 26 14:00:33 nfs-7-00 dovecot: auth: Debug: auth client connected (pid=0)
Apr 26 14:00:33 nfs-7-00 dovecot: auth: Debug: client in: AUTH 1
PLAIN service=doveadm resp=<hidden>
Apr 26 14:00:33 nfs-7-00 dovecot: auth: Debug:
ldap(mailuser1@domain2.com): bind search:
base=ou=Domains,dc=test,dc=local
filter=(&(objectclass=inetOrgPerson)(mail=mailuser1@domain2.com))
Apr 26 14:00:33 nfs-7-00 dovecot: auth: Debug:
ldap(mailuser1@domain2.com): result: uid=mailuser1; uid unused
Apr 26 14:00:33 nfs-7-00 dovecot: auth: Debug:
auth(mailuser1@domain2.com): username changed mailuser1@domain2.com ->
mailuser1
Apr 26 14:00:33 nfs-7-00 dovecot: auth: Debug: ldap(mailuser1): result:
uid=mailuser1
Apr 26 14:00:33 nfs-7-00 dovecot: auth: Debug: client passdb out: OK
1 user=mailuser1
mailuser1@domain2.com doveadm user result:
# doveadm user mailuser1@domain2.com field value uid 500 gid 500 home /var/vmail/mailboxes/domain2.com/mailuser1/mailuser1 maildir mail: /var/vmail/mailboxes/domain2.com/mailuser/mailuser1:INDEX=MEMORY
And in /var/log/maillog (enabled debug auth options):
Apr 26 14:01:19 nfs-7-00 dovecot: auth: Debug: master in: USER 1
mailuser1@domain2.com service=doveadm
Apr 26 14:01:19 nfs-7-00 dovecot: auth: Debug:
prefetch(mailuser1@domain2.com): passdb didn't return userdb entries,
trying the next userdb
Apr 26 14:01:19 nfs-7-00 dovecot: auth: Debug:
ldap(mailuser1@domain2.com): user search:
base=ou=Domains,dc=test,dc=local scope=subtree
filter=(&(objectclass=inetOrgPerson)(mail=mailuser1@domain2.com)) fields=
Apr 26 14:01:19 nfs-7-00 dovecot: auth: Debug:
ldap(mailuser1@domain2.com): result: uid=mailuser1 cn=Usuario mailuser1
sn=Usuario 1 displayName=Usuario mailuser1
objectClass=inetOrgPerson,inetOrgPerson,inetOrgPerson,inetOrgPerson
mail=mailuser1@domain2.com; objectClass,cn,uid,mail,displayName,sn unused
Apr 26 14:01:19 nfs-7-00 dovecot: auth: Debug:
ldap(mailuser1@domain2.com): result: uid=mailuser1 cn=Usuario mailuser1
sn=Usuario 1 displayName=Usuario mailuser1
objectClass=inetOrgPerson,inetOrgPerson,inetOrgPerson,inetOrgPerson
mail=mailuser1@domain2.com; objectClass,cn,uid,mail,displayName,sn unused
Apr 26 14:01:19 nfs-7-00 dovecot: auth: Debug: userdb out: USER 1
mailuser1@domain2.com
home=/var/vmail/mailboxes/domain2.com/mailuser1/mailuser1 uid=500 gid=500
My base system is RHEL7, 24 CPUs and 16GB ram and for LDAP backend, 389 DS 1.2.2 on RHEL 6.6
2.2.10: /etc/dovecot/dovecot.conf # OS: Linux 3.10.0-123.20.1.el7.x86_64 x86_64 Red Hat Enterprise Linux Server release 7.0 (Maipo) nfs4 auth_debug = yes auth_mechanisms = plain login auth_verbose = yes default_client_limit = 50000 disable_plaintext_auth = no listen = * mail_fsync = always mail_gid = 500 mail_location = maildir:/var/vmail/mailboxes/%d/%8n/%n:INDEX=MEMORY mail_nfs_index = yes mail_nfs_storage = yes mail_uid = 500 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave mmap_disable = yes namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } service auth { unix_listener auth-userdb { group = vmail mode = 0640 user = vmail } } service doveadm { inet_listener { port = 24245 } } service imap-login { process_min_avail = 24 service_count = 0 } service imap-urlauth-worker { chroot = client_limit = 1 drop_priv_before_exec = no executable = imap-urlauth-worker extra_groups = group = idle_kill = 0 privileged_group = process_limit = 8192 process_min_avail = 0 protocol = imap service_count = 1 type = unix_listener imap-urlauth-worker { group = mode = 0600 user = $default_internal_user } user = vsz_limit = 18446744073709551615 B } service imap-urlauth { chroot = client_limit = 1 drop_priv_before_exec = no executable = imap-urlauth extra_groups = group = idle_kill = 0 privileged_group = process_limit = 8192 process_min_avail = 0 protocol = imap service_count = 1 type = unix_listener token-login/imap-urlauth { group = mode = 0666 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service imap { process_limit = 8192 } service pop3-login { process_min_avail = 24 } ssl_cert =
This message was processed by Kaspersky Mail Gateway 5.6.28/RELEASE running at host imx3.etecsa.cu Visit our web-site: http://www.kaspersky.com, http://www.viruslist.com