[Dovecot] Dovecot 2.0.5 - multiple auth processes.
Hi.
On Dovecot 1.2.x it is possible to run multiple auth daemons. Is it possible on dovecot 2.0.x ?
(Setting "process_min_avail" for auth service gives this error message: "doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf: service(auth): process_min_avail is higher than process_limit")
Sample configuration for dovecot 1.2.8: auth default { count = 10 mechanisms = plain passdb ldap { args = /etc/dovecot/dovecot-ldap.conf } userdb ldap { args = /etc/dovecot/dovecot-ldap.conf } user = root } auth lda { mechanisms = plain passdb ldap { args = /etc/dovecot/dovecot-ldap.conf } userdb ldap { args = /etc/dovecot/dovecot-ldap.conf } user = root socket listen { master { path = /var/run/dovecot/auth-master mode = 0666 } } }
On Wed, 2010-10-20 at 16:11 +0200, Marek Miska wrote:
On Dovecot 1.2.x it is possible to run multiple auth daemons. Is it possible on dovecot 2.0.x ?
Not really..
Sample configuration for dovecot 1.2.8: auth default { count = 10
Hmm. Did this really work? I remember there were at least some problems with this .. possibly only when using auth-workers (i.e. with some passdbs/userdbs, but not with e.g. ldap).
The main problem with the current method is that there's no direct connection from imap/pop3 process to the correct auth process. It would only randomly connect to correct auth process. But this could be solved by creating some kind of a "auth proxy" process, which would simply proxy the messages to correct auth process. There's no code for such process yet.
auth lda { socket listen { master { path = /var/run/dovecot/auth-master mode = 0666 } } }
This should be possible. Duplicate service auth {} to service auth-lda {} or something and make only that one have the auth-master socket.
W dniu 20.10.2010 16:35, Timo Sirainen pisze:
On Wed, 2010-10-20 at 16:11 +0200, Marek Miska wrote:
On Dovecot 1.2.x it is possible to run multiple auth daemons. Is it possible on dovecot 2.0.x ? Not really..
Any plan to support it in future? Or at least multiple LDAP connections from one auth process?
Problem of course is with bind requests (they can be send only one at time). It can be problem on a busy server. (2 connections for userdb and passdb is not enough, bind request still go through one connection).
Of course "auth_bind = no" will help, but it lowers security.
Any other idea?
Sample configuration for dovecot 1.2.8: auth default { count = 10 Hmm. Did this really work? I remember there were at least some problems with this .. possibly only when using auth-workers (i.e. with some passdbs/userdbs, but not with e.g. ldap).
It seems to work on 1.2.8.
On 27.10.2010, at 15.47, Marek Miska wrote:
On Dovecot 1.2.x it is possible to run multiple auth daemons. Is it possible on dovecot 2.0.x ? Not really..
Any plan to support it in future?
Maybe, but it's not simple.
Or at least multiple LDAP connections from one auth process?
That's easier to do. I was planning on making LDAP code more flexible anyway at some point.. Maybe for v2.1.
Problem of course is with bind requests (they can be send only one at time). It can be problem on a busy server. (2 connections for userdb and passdb is not enough, bind request still go through one connection).
Right.
On Wed, 2010-10-27 at 15:47 +0200, Marek Miska wrote:
On Dovecot 1.2.x it is possible to run multiple auth daemons. Is it possible on dovecot 2.0.x ? Not really..
Any plan to support it in future?
I'm not sure.
Or at least multiple LDAP connections from one auth process?
That I could do during next LDAP code rewrite. Added to TODO.
participants (2)
-
Marek Miska
-
Timo Sirainen