LDAP Homedir location: Needs dovecot restart after change it
Dear group members.
I work with Dovecot and Openldap authentication. Sometimes users
change departments and we need to alter their homedir location. Every
time this process is needed, I perform this steps:
1 - Change homedir location in openldap 2 - Move homedir folder to the new location 3 - Re-apply permissions 4 - Remove user index folder
After I do that, users cannot authenticate unless I restart dovecot,
process that I would like to avoid. Can you guys give a tip on what I
need to change to avoid this last problematic step? After the restart,
everything works.
Does the auth_cache feature also store the homedir location?
System: CentOS 7
Versions:
dovecot-pigeonhole-2.2.10-8.el7.x86_64 dovecot-2.2.10-8.el7.x86_64
Doveconf -n:
# 2.2.10: /etc/dovecot/dovecot.conf
# OS: Linux 3.10.0-693.5.2.el7.x86_64 x86_64 CentOS Linux release
7.4.1708 (Core)
auth_cache_negative_ttl = 0
auth_cache_size = 10 M
auth_mechanisms = plain login
auth_username_format = %Ln
default_client_limit = 1024
default_process_limit = 1024
default_vsz_limit = 1 G
listen = *
mail_location = maildir:~/Maildir:INDEX=/var/indexes/dovecot/%u
mail_plugins = " mail_log notify quota"
mail_temp_dir = /var/tmp
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave imapflags notify
mbox_write_locks = fcntl
mmap_disable = yes
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
driver = pam
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
plugin {
mail_log_events = delete undelete expunge copy mailbox_delete
mailbox_rename
mail_log_fields = uid box msgid size
quota = maildir
quota_exceeded_message = Cota de armazenamento de e-mails
excedida. Quota exceeded for mail store.
quota_warning = storage=95%% quota-warning 95 %u
quota_warning2 = storage=85%% quota-warning 85 %u
quota_warning3 = storage=75%% quota-warning 75 %u
sieve = ~/.dovecot.sieve
sieve_before = /var/lib/dovecot/sieve/default.sieve
sieve_default = /var/lib/dovecot/sieve/default.sieve
sieve_dir = ~/sieve
sieve_extensions = +notify +imapflags
}
protocols = imap pop3 lmtp sieve
service anvil {
client_limit = 14100
process_limit = 1
}
service auth-worker {
client_limit = 1
process_limit = 50
service_count = 1
}
service auth {
client_limit = 15100
process_limit = 1
}
service dict {
client_limit = 1
}
service imap-login {
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}
process_limit = 6000
process_min_avail = 10
service_count = 1
vsz_limit = 256 M
}
service imap {
process_limit = 3000
vsz_limit = 1 G
}
service lmtp {
client_limit = 1
inet_listener lmtp {
port = 24
}
unix_listener lmtp {
mode = 0666
}
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
}
service pop3-login {
inet_listener pop3 {
port = 110
}
inet_listener pop3s {
port = 995
ssl = yes
}
process_limit = 6000
process_min_avail = 10
service_count = 1
}
service pop3 {
process_limit = 3000
}
service quota-warning {
executable = script /usr/local/bin/quota-warning.sh
unix_listener quota-warning {
mode = 0666
user = dovecot
}
user = root
}
ssl = required
ssl_cert = **********
ssl_key = ***********
userdb {
driver = passwd
}
userdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
protocol lmtp {
mail_plugins = " mail_log notify quota sieve quota"
}
protocol imap {
mail_plugins = " mail_log notify quota imap_quota"
}
Thanks Andre
Hello Andre,
try to flush the auth cache: doveadm auth cache flush user@example.com or: doveadm auth cache flush
Best regards, Gerald
Am 16.04.2018 um 20:39 schrieb Andre Luiz Paiz andre.paiz@iqm.unicamp.br:
Dear group members.
I work with Dovecot and Openldap authentication. Sometimes users change departments and we need to alter their homedir location. Every time this process is needed, I perform this steps:
1 - Change homedir location in openldap 2 - Move homedir folder to the new location 3 - Re-apply permissions 4 - Remove user index folder
After I do that, users cannot authenticate unless I restart dovecot, process that I would like to avoid. Can you guys give a tip on what I need to change to avoid this last problematic step? After the restart, everything works.
Does the auth_cache feature also store the homedir location?
participants (2)
-
Andre Luiz Paiz
-
Gerald Galster