you mean i should define another, "fallback" userdb service if prefetch doesn't work for some reason?

is it the problem that it's a chicken and egg scenario and with LMTP address verification (from postfix) there is no login beforehand so then dovecot needs to consult the userdb once again and having no fallback mechanism, it gives up? i can understand that, but then it would need to be emphasized in either the prefetch document or the lmtp document on the wiki.

i've tried it and now it works, thank you ever so much. (but please make a mental note to add this info on the wiki.)

cheers,
a


2018. 08. 02. 1:10 keltezéssel, Aki Tuomi írta:
applies for ldap too if you use prefetch.



---
Aki Tuomi
Dovecot oy

-------- Original message --------
From: Andras Kemeny <pdx@pdx.hu>
Date: 02/08/2018 01:59 (GMT+02:00)
To: dovecot@dovecot.org
Subject: Re: LMTP error, mysterious

ah well, but i'm not using sql at all.

here's doveconf -n:

# 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.16 (fed8554)
# OS: Linux 4.9.0-4-amd64 x86_64 Debian 9.4
auth_cache_negative_ttl = 0
auth_mechanisms = plain login
hostname = rhyno.tech
mail_debug = yes
mail_location = maildir:~/mail
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix =
}
passdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
protocols = " imap lmtp pop3"
service auth-worker {
  user = $default_internal_user
}
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix
  }
}
service imap-login {
  inet_listener imap {
    port = 143
  }
  inet_listener imaps {
    port = 993
    ssl = yes
  }
}
service lmtp {
  process_min_avail = 5
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
    group = postfix
    mode = 0600
    user = postfix
  }
}
service pop3-login {
  inet_listener pop3 {
    port = 0
  }
  inet_listener pop3s {
    port = 0
  }
}
ssl_cert = </etc/letsencrypt/live/wc-rhyno.tech/fullchain.pem
ssl_key =  # hidden, use -P to show it
submission_host = localhost:25
userdb {
  driver = prefetch
}
protocol lmtp {
  mail_plugins = sieve
}
protocol lda {
  mail_plugins = sieve
}
protocol imap {
  imap_client_workarounds = tb-extra-mailbox-sep
}


2018. 08. 02. 0:48 keltezéssel, Aki Tuomi írta:
protocol lmtp {
    userdb {
       driver = sql
       args = /path/to/dovecot-sql.conf.ext
    }
}



---
Aki Tuomi
Dovecot oy

-------- Original message --------
From: Andras Kemeny <pdx@pdx.hu>
Date: 02/08/2018 01:35 (GMT+02:00)
To: dovecot@dovecot.org
Subject: LMTP error, mysterious

hi (especially to you, Aki),

so to solve the previous UID issue, i went the full LMTP route. however,
i seem to be having problems with the prefetch userdb (i'm trying to
minimize load on the LDAP server). namely, the log says:

Aug  2 00:15:35 rhyno postfix/submission/smtpd[21158]: 5EEF35C05C5:
client=localhost[127.0.0.1], sasl_method=login, sasl_username=aik
Aug  2 00:15:40 rhyno postfix/cleanup[22201]: 5EEF35C05C5:
message-id=<20180801221535.5EEF35C05C5@beach.rhyno.tech>
Aug  2 00:15:40 rhyno postfix/qmgr[17437]: 5EEF35C05C5:
from=<pdx@pdx.hu>, size=295, nrcpt=1 (queue active)
Aug  2 00:15:40 rhyno dovecot: lmtp(20321): Connect from local
Aug  2 00:15:40 rhyno dovecot: auth: Error: prefetch(aik@rhyno.tech):
userdb lookup not possible with only userdb prefetch
Aug  2 00:15:40 rhyno dovecot: lmtp(aik@rhyno.tech): Error: user
aik@rhyno.tech: Auth USER lookup failed
Aug  2 00:15:41 rhyno postfix/lmtp[22211]: 5EEF35C05C5:
to=<aik@rhyno.tech>, relay=beach.rhyno.tech[private/dovecot-lmtp],
delay=13, delays=13/0.01/0/0.03, dsn=4.3.0, status=deferred (host
beach.rhyno.tech[private/dovecot-lmtp] said: 451 4.3.0 <aik@rhyno.tech>
Internal error occurred. Refer to server log for more information. (in
reply to RCPT TO command))
Aug  2 00:15:41 rhyno dovecot: lmtp(20321): Disconnect from local:
Successful quit
Aug  2 00:15:42 rhyno postfix/submission/smtpd[21158]: disconnect from
localhost[127.0.0.1] ehlo=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=6

(the above is a transcript of a full session i've done over telneting to
localhost 587 and auth login-ing with valid credentials)

so, i've tested the actual login process, and it works flawlessly, and
it looks like IMAP is up and running:

Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
0 login aik@rhyno.tech ofCourseThisIsN0TtheRealPassword
0 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS
THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN
NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH
ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE
SPECIAL-USE] Logged in
1 list "" "%"
* LIST (\HasNoChildren \Sent) "." Sent
* LIST (\HasNoChildren \Trash) "." Trash
* LIST (\HasNoChildren) "." INBOX
1 OK List completed (0.000 + 0.000 secs).
2 status INBOX (MESSAGES)
* STATUS INBOX (MESSAGES 2)
2 OK Status completed (0.000 + 0.000 secs).

this is how i send the test mails:

Connected to localhost.
Escape character is '^]'.
220 beach.rhyno.tech mail server
ehlo x
250-beach.rhyno.tech
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 SMTPUTF8
auth login
334 VXNlcm5hbWU6
***obviously_masked***
334 UGFzc3dvcmQ6
***obviously_masked***
235 2.7.0 Authentication successful
mail from:<pdx@pdx.hu>
250 2.1.0 Ok
rcpt to:<aik@rhyno.tech>
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
test
.
250 2.0.0 Ok: queued as 5EEF35C05C5
quit
221 2.0.0 Bye
Connection closed by foreign host.

my concern is these two:

Aug  2 00:15:40 rhyno dovecot: auth: Error: prefetch(aik@rhyno.tech):
userdb lookup not possible with only userdb prefetch
Aug  2 00:15:40 rhyno dovecot: lmtp(aik@rhyno.tech): Error: user
aik@rhyno.tech: Auth USER lookup failed

10-auth.conf has these settings:

passdb {
  driver = ldap
  args = /etc/dovecot/dovecot-ldap.conf.ext
}
userdb {
  driver = prefetch
}

dovecot-ldap.conf.ext has these settings (only the relevant ones)

dn = ***whatever, it works***
dnpass = ***whatever, it works***
auth_bind = no
base = dc=rhyno,dc=tech
pass_attrs = \
  =user=%{ldap:uid}, \
  =password=%{ldap:userPassword}, \
  =userdb_home=%{ldap:homeDirectory}, \
  =userdb_uid=%{ldap:uidNumber}, \
  =userdb_gid=%{ldap:gidNumber}
pass_filter =
(&(objectclass=postfixUser)(mailacceptinggeneralid=%n)(mailacceptinggeneralid=@%d))

so what am i missing? also, this format of setting variables
(=<output_field>=%{<whatever_special_result_field>}) is never explained
on the wiki (or am i just blind?)

thanks in advance,
a