Hi Timo,
attached is the log with auth_debug=true from the starting process and running "doveadm auth test ralfimaptest@egroupware.org" and one other regular passdb lookup.
I replaced passwords and the customer email with XXXXXX.
I also run "doveadm user '*'" to test the iteration, which worked.
Ralf
Hi Timo, > > Am 20.06.22 um 12:17 schrieb Timo Sirainen: >> On 20. Jun 2022, at 10.03, Ralf Becker rb@egroupware.org wrote: >>>> Fixes: Panic: file userdb-blocking.c: line 125 >>>> (userdb_blocking_iter_next): assertion failed: (ctx->conn != >>>> NULL) >>> As the above Panic is fixed I tried again (see my attached mail >>> to the 2.3.19 release) and I can confirm to no longer get the >>> Panic, BUT authentication is NOT working either :( >>> >>> Reverting back to a container with Dovecot 2.3.16, get's >>> everything working again. >>> >>> We use a hourly updated local SQLight database and a dict for >>> user- and passdb. >>> >>> Is the usage of multiple backends no longer supported, or did >>> something in that regard changed between 2.3.16 and 2.3.19.1? >> We have lots of tests using multiple backends for authentication, >> and lots of people are using many passdbs/userdbs in production. I >> was only aware of iteration being broken with multiple userdbs, >> since that's not used so much. And we added a test to verify that >> multiple userdb iteration is actually returning results from both >> userdbs, so that shouldn't be completely broken either. >> >> So I'd need more details of what exactly goes wrong and how. Is it >> the authentication or the iteration that is now broken? > > I only seen authentication errors in doveadm log errors and our > montioring trying to access the backend with user credentials.
Logs with auth_debug=yes would likely help. > > I will get you the logs tonight, don't want to switch (one leg of) > the production system during daytime. I can then also try eg. doveadm > user -A to check the iteration. > >> Also: >> >>> Here's the relevant part of my config (full doveadm config -n is >>> attached): >>> >>> userdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } >>> userdb { args = /etc/dovecot/dovecot-dict-auth.conf driver = >>> dict } passdb { args = /etc/dovecot/dovecot-dict-master-auth.conf driver = dict master = yes } passdb { args = /etc/dovecot/dovecot-dict-auth.conf driver = dict } >> What do these external conf files contain? > > /etc/dovecot/dovecot-sql.conf: > > driver = sqlite connect = /etc/dovecot/users.sqlite > > #password_query = SELECT userid AS username, domain, password \ # > FROM users WHERE userid = '%n' AND domain = '%d' #user_query = SELECT > home, uid, gid FROM users WHERE userid = '%n' AND domain = '%d' # > return no userdb, as db contains only user-names #user_query = SELECT > home,NULL AS uid,NULL AS gid FROM users WHERE userid = '%n' AND > domain = '%d' user_query = SELECT home,NULL AS uid,NULL AS gid, \ > '*:bytes='||(quota*1048576) AS quota_rule, \ userid||'@'||domain AS > master_user, \ LOWER(REPLACE(groups||',', ',', '@'||domain||',')) AS > acl_groups \ FROM users WHERE userid = '%n' AND domain = '%d' > > # For using doveadm -A: iterate_query = SELECT userid AS username, > domain FROM users > > /etc/dovecot/dovecot-dict-auth.conf: > > uri =
Am 20.06.22 um 13:32 schrieb Ralf Becker: proxy:/var/run/dovecot_auth_proxy/socket:somewhere #uri = > proxy:10.44.99.180:2001:somewhere > > password_key = passdb/%u/%w user_key = userdb/%u iterate_disable = > yes #iterate_disable = no #iterate_prefix = userdb/ > default_pass_scheme = md5 > > /etc/dovecot/dovecot-dict-master-auth.conf: > > uri = proxy:/var/run/dovecot_auth_proxy/socket:somewhere #uri = > proxy:10.44.99.180:2001:somewhere > > #password_key = master/%{login_domain}/%u/%w password_key = > master/%{login_user}/%u/%w iterate_disable = yes default_pass_scheme > = md5 > > Thanks :) > > Ralf >
Ralf Becker EGroupware GmbH [www.egroupware.org] Handelsregister HRB Kaiserslautern 3587 Geschäftsführer Birgit und Ralf Becker Leibnizstr. 17, 67663 Kaiserslautern, Germany Telefon +49 631 31657-0