[Dovecot] Authenfication on 2 databases
Hello,
I have 2 databases MySQL. I would like to do that:
If the user does not existe in the first base, it goes in the second database.
my configuration
auth default { mechanisms = plain passdb sql { args = /etc/dovecot-sql-1.conf }
passdb sql {
args = /etc/dovecot-sql-2.conf
}
userdb sql {
args = /etc/dovecot-sql-1.conf
}
userdb sql {
args = /etc/dovecot-sql-2.conf
}}
but it don't work, my version est 1.0.alpha1
if you not understand this message, i am sorry, my english is bad
On Fri, Sep 09, 2005 at 01:06:42PM +0200, LeeJaY wrote:
Hello,
I have 2 databases MySQL. I would like to do that:
If the user does not existe in the first base, it goes in the second database.
my configuration
auth default { mechanisms = plain passdb sql { args = /etc/dovecot-sql-1.conf }
passdb sql { args = /etc/dovecot-sql-2.conf } userdb sql { args = /etc/dovecot-sql-1.conf } userdb sql { args = /etc/dovecot-sql-2.conf }}
but it don't work
One could wish for more details . . . does the daemon start, is the only passdb used the first one or is it that can nobody log in, are there error messages in the logs . . . just for starters.
my version est 1.0.alpha1
On my 1.0 (logs "Dovecot v1.0-stable starting up")
auth default { mechanisms = plain passdb = sql /etc/dovecot/dovecot-sql.conf passdb = sql /etc/dovecot/dovecot-sql-crypt.conf userdb = sql /etc/dovecot/dovecot-sql.conf }
works as expected and desired.
if you not understand this message, i am sorry, my english is bad
Mais tout à fait compréhensible :-)
HTH
Lorens a écrit :
On Fri, Sep 09, 2005 at 01:06:42PM +0200, LeeJaY wrote:
Hello,
I have 2 databases MySQL. I would like to do that:
If the user does not existe in the first base, it goes in the second database.
my configuration
auth default { mechanisms = plain passdb sql { args = /etc/dovecot-sql-1.conf }
passdb sql { args = /etc/dovecot-sql-2.conf } userdb sql { args = /etc/dovecot-sql-1.conf } userdb sql { args = /etc/dovecot-sql-2.conf }}
but it don't work
One could wish for more details . . . does the daemon start, is the only passdb used the first one or is it that can nobody log in, are there error messages in the logs . . . just for starters.
Ok, the log
Sep 9 18:34:16 localhost dovecot: auth(default): client in: AUTH^I1^IPLAIN^Iservice=POP3^Isecured^Ilip=^Irip=^Iresp=AGxlZWpheUBsaWJyZWFzc28ubmV0AGxlZWpheTU5 Sep 9 18:34:16 localhost dovecot: auth-worker(default): sql (xxx@xxxx.net,84.xx.xxx.xxx): query: SELECT passwd AS password FROM comptes WHERE email = 'xxx@xxxx.net' Sep 9 18:34:16 spider dovecot: auth-worker(default): sql (xxx@xxx.net,84.98.233.181): unknown user
The users is in second database and he's not valide.
my version est 1.0.alpha1
On my 1.0 (logs "Dovecot v1.0-stable starting up")
auth default { mechanisms = plain passdb = sql /etc/dovecot/dovecot-sql.conf passdb = sql /etc/dovecot/dovecot-sql-crypt.conf userdb = sql /etc/dovecot/dovecot-sql.conf }
works as expected and desired.
Why there is one userdb = and two passdb ?
if you not understand this message, i am sorry, my english is bad
Mais tout à fait compréhensible :-)
Mon accent sonne si français que ça ou les headers du mail vous ont aidé ?
Si vous comprennez le français, c'est plus simple pour exposer mon problème.
J'ai deux bases de données avec des comptes emails differents, je veux juste faire en sorte que si il ne trouve dans la première, il va dans voir dans la deuxième et ça se fonctionne pas sur ma configuration
Thank/Merci
On Fri, Sep 09, 2005 at 06:41:10PM +0200, LeeJaY wrote:
On Fri, Sep 09, 2005 at 01:06:42PM +0200, LeeJaY wrote:
Hello,
I have 2 databases MySQL. I would like to do that:
On my 1.0 (logs "Dovecot v1.0-stable starting up")
auth default { mechanisms = plain passdb = sql /etc/dovecot/dovecot-sql.conf passdb = sql /etc/dovecot/dovecot-sql-crypt.conf userdb = sql /etc/dovecot/dovecot-sql.conf }
works as expected and desired.
Why there is one userdb = and two passdb ?
I have a database with mixed MD5 and crypt passwords, this worked with Courier and not with dovecot, so I tell dovecot to look in two databases, one containing md5 and the other crypt, but the SQL databases are the same, only the password encryption definition in the dovecot config file changes.
Mon accent sonne si français que ça ou les headers du mail vous ont aidé ?
:-)
If the user does not existe in the first base, it goes in the second ^^^^^^ my version est 1.0.alpha1 ^^^
- libremail, plus I did check the headers when I decided to throw in some French :-)
Si vous comprennez le français, c'est plus simple pour exposer mon problème.
It was perfectly comprehensible first time around :-) (I hope my English is as comprehensible to you, it feels unnatural to me to write French on an English-language mailing-list).
The thing is that if it isn't a syntax problem, then I don't know. It seems from the logs as if there is only one sql request made, when there should be two, but the fact that an sql request *is* made means that the file is parsed correctly.
If I were you I'd play with it: logs show only one SQL request, but is that because the second is not taken into account by dovecot, or because the secod definition is wrong in some way? Do users in the first database (db1) authenticate correctly? If so, what happens when you invert the lines, so db2 is before db1? If users in db1 continue to authenticate correctly that means that the problem is in the definition of db2, if users in db1 do not auth OK any more but users in db2 do auth OK that means the problem is with dovecot only taking first database.
In the second case, you *did* take the example direct from the docs, so . . . Anybody have any ideas?
By the way, do you *have* to have two distinct database definitions? Select from union, select join?
I've been testing Dovecot 1.0 alpha1 on Solaris 9 using maildirs and I haven't seen any major issues yet. However, I want to use Dovecot on a production mail server. I'd like to know which version of Dovecot is most stable for this application. I'd also like to know when the next stable release will be available and if it isn't too far in the future if I should wait for a future release before going production.
I run 1.0 alpha1 on production servers, and have no problems.
On Fri, 09 Sep 2005 17:58:24 -0600 Andy Cravens acravens@uen.org wrote:
: I've been testing Dovecot 1.0 alpha1 on Solaris 9 using maildirs and : I haven't seen any major issues yet. However, I want to use Dovecot : on a production mail server. I'd like to know which version of : Dovecot is most stable for this application. I'd also like to know : when the next stable release will be available and if it isn't too : far in the future if I should wait for a future release before going : production.
-- Millions long for immortality who do not know what to do with themselves on a rainy Sunday afternoon. -- Susan Ertz
I'm running 1.0alpha1 on Solaris 9 in production mode for imap only and it has been working very well. Yes, I've been reporting various asserts and core dumps to the list, but these issues have not affected the overall (excellent) performance of dovecot. I'm just trying to help further improve alpha code.
Jeff Earickson Colby College
On Fri, 9 Sep 2005, Andy Cravens wrote:
Date: Fri, 09 Sep 2005 17:58:24 -0600 From: Andy Cravens acravens@uen.org Cc: dovecot@dovecot.org Subject: [Dovecot] Which Dovecot version most stable?
I've been testing Dovecot 1.0 alpha1 on Solaris 9 using maildirs and I haven't seen any major issues yet. However, I want to use Dovecot on a production mail server. I'd like to know which version of Dovecot is most stable for this application. I'd also like to know when the next stable release will be available and if it isn't too far in the future if I should wait for a future release before going production.
Lorens a écrit :
I have a database with mixed MD5 and crypt passwords, this worked with Courier and not with dovecot, so I tell dovecot to look in two databases, one containing md5 and the other crypt, but the SQL databases are the same, only the password encryption definition in the dovecot config file changes.
Ok, but for me, the databases 1 and 2 are different (schemas, cell). But the password encryption are the same.
Mon accent sonne si français que ça ou les headers du mail vous ont aidé ?
:-)
If the user does not existe in the first base, it goes in the second ^^^^^^ my version est 1.0.alpha1 ^^^
- libremail, plus I did check the headers when I decided to throw in some French :-)
I sorry for french words :)
Si vous comprennez le français, c'est plus simple pour exposer mon problème.
It was perfectly comprehensible first time around :-) (I hope my English is as comprehensible to you, it feels unnatural to me to write French on an English-language mailing-list).
I understands and I continue has to write in English. I will perfect my English at the same time.
If I were you I'd play with it: logs show only one SQL request, but is that because the second is not taken into account by dovecot, or because the secod definition is wrong in some way? Do users in the first database (db1) authenticate correctly? If so, what happens when you invert the lines, so db2 is before db1? If users in db1 continue to authenticate correctly that means that the problem is in the definition of db2, if users in db1 do not auth OK any more but users in db2 do auth OK that means the problem is with dovecot only taking first database.
The two databases are correct syntax. If in config, I put that the base 1, it works. if i change base for the base 2, it works too. thus is not a problem of syntax or configuration, but more the impression that dovecot will not check the user who does not exist in the first base in the second. Bug ?? I don't know
By the way, do you *have* to have two distinct database definitions? Select from union, select join?
Yes and the two database aren't in the same server, thus impossible use union.
On Sat, Sep 10, 2005 at 12:26:17PM +0200, LeeJaY wrote:
The two databases are correct syntax. If in config, I put that the base 1, it works. if i change base for the base 2, it works too. thus is not a problem of syntax or configuration, but more the impression that dovecot will not check the user who does not exist in the first base in the second. Bug ?? I don't know
So, to summarize:
You use dovecot 1.0alpha1
You want to use the authentificaton described at
But when you write :
auth default { mechanisms = plain passdb sql { args = /etc/dovecot-sql-1.conf }
passdb sql {
args = /etc/dovecot-sql-2.conf
}
userdb sql {
args = /etc/dovecot-sql-1.conf
}
userdb sql {
args = /etc/dovecot-sql-2.conf
}}
then only users described by dovecot-sql-1.conf succeed in authenticating, and when you write
auth default { mechanisms = plain passdb sql { args = /etc/dovecot-sql-2.conf } passdb sql { args = /etc/dovecot-sql-1.conf }
userdb sql {
args = /etc/dovecot-sql-2.conf
}
userdb sql {
args = /etc/dovecot-sql-1.conf
}}
then only users described by dovecot-sql-2.conf succeed in authenticating.
No idea. Can someone with a 1.0alpha1 test this? I suspect a bug somewhere...
Lorens a écrit :
On Sat, Sep 10, 2005 at 12:26:17PM +0200, LeeJaY wrote:
The two databases are correct syntax. If in config, I put that the base 1, it works. if i change base for the base 2, it works too. thus is not a problem of syntax or configuration, but more the impression that dovecot will not check the user who does not exist in the first base in the second. Bug ?? I don't know
So, to summarize:
You use dovecot 1.0alpha1
You want to use the authentificaton described at
But when you write :
auth default { mechanisms = plain passdb sql { args = /etc/dovecot-sql-1.conf }
passdb sql { args = /etc/dovecot-sql-2.conf } userdb sql { args = /etc/dovecot-sql-1.conf } userdb sql { args = /etc/dovecot-sql-2.conf }}
then only users described by dovecot-sql-1.conf succeed in authenticating, and when you write
auth default { mechanisms = plain passdb sql { args = /etc/dovecot-sql-2.conf } passdb sql { args = /etc/dovecot-sql-1.conf }
userdb sql { args = /etc/dovecot-sql-2.conf } userdb sql { args = /etc/dovecot-sql-1.conf }}
then only users described by dovecot-sql-2.conf succeed in authenticating.
No idea. Can someone with a 1.0alpha1 test this? I suspect a bug somewhere...
OK, If it's a bug in this version, I test with another version? But it which?
On Fri, 2005-09-09 at 13:06 +0200, LeeJaY wrote:
I have 2 databases MySQL. I would like to do that:
If the user does not existe in the first base, it goes in the second database.
Unfortunately this isn't possible currently. I just thought about fixing it, but looks like it'd need some larger changes to the code. Maybe later..
Timo Sirainen a écrit :
On Fri, 2005-09-09 at 13:06 +0200, LeeJaY wrote:
I have 2 databases MySQL. I would like to do that:
If the user does not existe in the first base, it goes in the second database.
Unfortunately this isn't possible currently. I just thought about fixing it, but looks like it'd need some larger changes to the code. Maybe later..
Ok no problem, I will wait, thank a lot
On Sun, Sep 11, 2005 at 04:02:52PM +0300, Timo Sirainen wrote:
On Fri, 2005-09-09 at 13:06 +0200, LeeJaY wrote:
I have 2 databases MySQL. I would like to do that:
If the user does not existe in the first base, it goes in the second database.
Unfortunately this isn't possible currently. I just thought about fixing it, but looks like it'd need some larger changes to the code. Maybe later..
What is it then that is described at
http://wiki.dovecot.org/moin.cgi/MultipleAuth?
Is the difference that users have to exist in both databases? That is certainly the way *I* use it, and it is the way that is suggested by the sentence "if password doesn't match in the first database, it checks the next one".
However, the sentence "This can be useful if you want to easily support having both local system users in /etc/passwd but also virtual users" seems to say that the userbases are different, and the example given certainly implies that?
For the original poster, I suggest configuring two instances of dovecot, with different configurations, listening on different IPs, and telling users to use the IP corresponding to their database.
Or, much better, unify the databases :-0 Either put all the users into one system, which should have lots of other advantages, or maybe replicate the databases between the servers so that one statement can query the two datasources.
HTH.
On Sun, 2005-09-11 at 21:09 +0200, Lorens wrote:
On Sun, Sep 11, 2005 at 04:02:52PM +0300, Timo Sirainen wrote:
On Fri, 2005-09-09 at 13:06 +0200, LeeJaY wrote:
I have 2 databases MySQL. I would like to do that:
If the user does not existe in the first base, it goes in the second database.
Unfortunately this isn't possible currently. I just thought about fixing it, but looks like it'd need some larger changes to the code. Maybe later..
What is it then that is described at
It's possible to use multiple different userdb/passdbs, but not the same ones multiple times. For example it's possible to use sql+ldap+passwd combination, but not any of them twice (with different configuration parameters).
Timo Sirainen a écrit :
On Sun, 2005-09-11 at 21:09 +0200, Lorens wrote:
On Sun, Sep 11, 2005 at 04:02:52PM +0300, Timo Sirainen wrote:
On Fri, 2005-09-09 at 13:06 +0200, LeeJaY wrote:
I have 2 databases MySQL. I would like to do that:
If the user does not existe in the first base, it goes in the second database.
Unfortunately this isn't possible currently. I just thought about fixing it, but looks like it'd need some larger changes to the code. Maybe later..
What is it then that is described at
It's possible to use multiple different userdb/passdbs, but not the same ones multiple times. For example it's possible to use sql+ldap +passwd combination, but not any of them twice (with different configuration parameters).
Ok, I see. I will try with SQL and PAM who use libpam-mysql for the db2.
On Sun, Sep 11, 2005 at 10:32:15PM +0300, Timo Sirainen wrote:
It's possible to use multiple different userdb/passdbs, but not the same ones multiple times. For example it's possible to use sql+ldap+passwd combination, but not any of them twice (with different configuration parameters).
Ah OK -- but I feel sure that my
auth default { mechanisms = plain passdb = sql /etc/dovecot/dovecot-sql.conf passdb = sql /etc/dovecot/dovecot-sql-crypt.conf userdb = sql /etc/dovecot/dovecot-sql.conf }
works as desired! The only difference is the
default_pass_scheme = SMD5 default_pass_scheme = CRYPT
Lorens a écrit :
For the original poster, I suggest configuring two instances of dovecot, with different configurations, listening on different IPs, and telling users to use the IP corresponding to their database.
Yes, if i use two config, the first (db1) with port 110 and the second (db2) with port 111, it's work.
participants (6)
-
Andy Cravens
-
Jeff A. Earickson
-
LeeJaY
-
Lorens
-
Peter Hessler
-
Timo Sirainen