Managing users and home dirs
For those of you using virtual users, and SQL, how are you managing your users and their home dirs ? That is, what process do you use for adding/deleting users, creating their home dirs etc ? I suppose it's easy enough to do manually, inserting rows in the database, creating dirs, chown/chmod yada yada, but there must be a better way to do it ... If you're doing dovecot replication then it gets even more cumbersome, having to duplicate the effort in two places (and make sure it's correct).
I have a nice test setup using Percona XtraDB Clustering in a 3-node cluster which works swimmingly, albeit in VMs only at the moment. A master DB node and two dovecot nodes. Dovecot replication is up and running nicely too, and I almost have all the communications going over ipsec tunnels, so it will be nice and secure.
I'm thinking of something like a cronjob with two tasks, the first would periodically scan the home dirs and compare the users to what's in the database. When it finds a new userdir (plus a file labeled PASSWD) the script would add the user to the database, create the Maildir and whatever else, then delete the PASSWD file. DB replication will push that to the other nodes.
The second task is scanning the user database and comparing to the home dirs - basically opposite of the first cronjob. When it finds a user in the DB that doesn't have a home dir, it would create it and whatever else is needed.
This way, to add a user one would just create a PASSWD file in /var/mail/domain.com/newusername/PASSWD on either of the dovecot replication partner systems. The first cronjob task would discover the newusername dir, create the user in the DB, create the Maildir, chown/chmod etc. and delete the PASSWD file, so it's ready to go on that system. DB replication pushes the user table to the other nodes. The second task on the other dovecot system will discover a new user in the DB that doesn't have a home dir, and do its thing to create it all.
So the whole create-a-new-user process becomes something like this on either dovecot system :
mkdir -p /var/mail/domain.com/newusername ; echo "changeme" > /var/mail/domain.com/newusername/PASSWD
A max of 5 minutes later the user is added to the database, and the home dir/Maildir/etc/etc is created on both dovecot systems.
D.
Just a quick update on the below ... The 3-node setup is working cleanly now. One master/backup DB node, two dovecot nodes, using Percona Xtradb Cluster 5.5. All replication (percona and dovecot dsync) is via ipsec tunnels.
Adding a user or new domain is a matter of creating a /var/mail/newusers.txt file, containing the list of users to be added.
john,doe.com,password,John Doe user
A cronjob on both dovecot nodes scans the user database and the /var/mail dirs. For any new users in the file it adds them to the DB and creates their userdir/Maildir. Any new user in the DB without a userdir, it creates their userdir/Maildir. So it's a max of 5 minutes for a new user to be available on node1, and another 5 minutes to be replicated to node2. Once the users are created, the newusers.txt file is deleted.
It would be nice to use a database trigger to create the userdir/Maildir immediately rather than the cronjob, but I haven't got that figured out yet. I found the lib_mysqludf_sys UDF library, but it doesn't seem to be working. Some issue with the db replication I think.
Any ideas for creating a directory from a mysql trigger ?
On 2014-06-21 11:12, deano-dovecot@areyes.com wrote:
For those of you using virtual users, and SQL, how are you managing your users and their home dirs ? That is, what process do you use for adding/deleting users, creating their home dirs etc ? I suppose it's easy enough to do manually, inserting rows in the database, creating dirs, chown/chmod yada yada, but there must be a better way to do it ... If you're doing dovecot replication then it gets even more cumbersome, having to duplicate the effort in two places (and make sure it's correct).
I have a nice test setup using Percona XtraDB Clustering in a 3-node cluster which works swimmingly, albeit in VMs only at the moment. A master DB node and two dovecot nodes. Dovecot replication is up and running nicely too, and I almost have all the communications going over ipsec tunnels, so it will be nice and secure.
D.
On 6/22/14, deano-dovecot@areyes.com deano-dovecot@areyes.com wrote:
For those of you using virtual users, and SQL, how are you managing your users and their home dirs ? That is, what process do you use for adding/deleting users, creating their home dirs etc ? I suppose it's easy enough to do manually, inserting rows in the database, creating dirs, chown/chmod yada yada, but there must be a better way to do it ... If you're doing dovecot replication then it gets even more cumbersome, having to duplicate the effort in two places (and make sure it's correct).
Simple perl script called directly, or even from control panel or hosting management software that can call hooks to call the script.
but it adds them into the user DB, the mail DB, the http-auth DB and creates their own DB (we give users 1 mysql DB each)
you have a base path (say /var/vmail) you can use variables, substr, and so on to simplify it , once in the DB dovecot LDA automatically creates the users home dir based on mail location and things ;like that
IOW, spending 10 mins to write teh script saves years of manual pain
participants (2)
-
deano-dovecot@areyes.com
-
Nick Edwards