[Dovecot] noisy auth-worker messages in logs (dovecot 2.1.8 FreeBSD)
Hello,
I don't know if it's been addressed before, but anyway :
In my dovecot setup, I have local and virtual users. So, I need multiple passdb backends. Namely, passwd for the local users and ldap for the virtual users.
passdb { driver = passwd } passdb { args = /usr/local/etc/dovecot/dovecot-ldap.conf driver = ldap } Everything work correctly : when a user logs in (imap/pop3) there's a lookup in passwd and if it fails there's a lookup in ldap (if I understand the process correctly), which eventually succeeds.
Except that every time a virtual user logs in, dovecot logs an error, like :
dovecot: auth-worker(99126): Error: passwd(xxx@domain.org,12.34.254.255): getpwnam() failed: Invalid argument
I guess it's because the login is a full email that getpwnam fails.
Anyway, the user logs in just fine. But I would like to know if/how I can get rid of the messages filling my logs ?
I tried :
auth_debug_passwords = no auth_verbose = no
But no dice.
I used dovecot 1.x before and there was no such messages.
Thanks for any advice.
K.
Kyoko Otonashi's shrine / Le temple de Kyoko Otonashi My tribute to Maison Ikkoku / Mon hommage a Maison Ikkoku Visit http://www.kyoko.org/
On 24.9.2012, at 16.48, Philippe Chevalier wrote:
dovecot: auth-worker(99126): Error: passwd(xxx@domain.org,12.34.254.255): getpwnam() failed: Invalid argument
I guess it's because the login is a full email that getpwnam fails.
So if you log in as nonexistent user "foo.bar" it doesn't log an error, but if you log in as "foo@bar" it does? The attached patch probably fixes it?
On Mon, Sep 24, 2012 at 05:16:06PM +0300, Timo Sirainen wrote:
On 24.9.2012, at 16.48, Philippe Chevalier wrote:
dovecot: auth-worker(99126): Error: passwd(xxx@domain.org,12.34.254.255): getpwnam() failed: Invalid argument
I guess it's because the login is a full email that getpwnam fails.
So if you log in as nonexistent user "foo.bar" it doesn't log an error, but if you log in as "foo@bar" it does? The attached patch probably fixes it?
If I log in as a non-existent user (neither in passwd or ldap), without the domain part, it logs also an error, but this time from ldap :
dovecot: auth: Error: ldap(foo.bar,xx.xx.xx.xx,<bCVDqnPKXQC8pSxD>): ldap_bind() failed: Invalid DN syntax
My bind DN to check the password is :
auth_bind_userdn = dc=%n,dc=%d,ou=Domains,ou=Mail,dc=dspnet,dc=fr
(I have virtual users in multiple domains)
So ldap protests probably because the "domain" part is missing.
If I use a non-existent login "foo@bar", dovecot logs nothing : no error from passwd, no error from ldap, just an authentication error on the client side.
I will apply the patch later today and will let you know the result.
Regards,
K.
Kyoko Otonashi's shrine / Le temple de Kyoko Otonashi My tribute to Maison Ikkoku / Mon hommage a Maison Ikkoku Visit http://www.kyoko.org/
On Mon, Sep 24, 2012 at 05:04:40PM +0200, Philippe Chevalier wrote:
I will apply the patch later today and will let you know the result.
I applied the patch, and obviously, when getpwnam_r sets the result to NULL and returns EINVAL, dovecot do as if the entry was not found and stays mute.
So, thank you, auth is now a lot less noisy.
As for the ldap message, it errors if there's no domain in the login.
In the doc, it says that %d is empty if there's no domain part. So I guess it's an enhancement request : a configuration option to have it filled out with a default domain if there's no one supplied by the client.
Regards,
K.
Kyoko Otonashi's shrine / Le temple de Kyoko Otonashi My tribute to Maison Ikkoku / Mon hommage a Maison Ikkoku Visit http://www.kyoko.org/
On 24.9.2012, at 21.41, Philippe Chevalier wrote:
As for the ldap message, it errors if there's no domain in the login.
In the doc, it says that %d is empty if there's no domain part. So I guess it's an enhancement request : a configuration option to have it filled out with a default domain if there's no one supplied by the client.
Maybe this is enough?
auth_bind_userdn = dc=%Du,ou=Domains,ou=Mail,dc=dspnet,dc=fr
See %D in http://wiki2.dovecot.org/Variables
participants (2)
-
Philippe Chevalier
-
Timo Sirainen