Hello, I am settiing up a dovecot (imap, pop, sieve, lda) + openldap infrastructure. I need to store the timestamp of the last login of each user in an attribute of its corresponding ldap object. I could not find a way of doing this through configuration options so I am thinking of coding this task into the dovecot-auth source code, maybe in the passdb-ldap.c file. What do you recomend about this? Thanks.
__________ Information from ESET Mail Security, version of virus signature database 8278 (20130429) __________
The message was checked by ESET Mail Security. http://www.eset.com
Am 29.04.2013 16:50, schrieb Oscar A. Jara:>
Hello, I am settiing up a dovecot (imap, pop, sieve, lda) + openldap infrastructure. I need to store the timestamp of the last login of each user in an attribute of its corresponding ldap object. I could not find a way of doing this through configuration options so I am thinking of coding this task into the dovecot-auth source code, maybe in the passdb-ldap.c file. What do you recomend about this? Thanks.
It's very easy to use post-login-scripting as described on
http://wiki2.dovecot.org/PostLoginScripting
You just have to code the LDAP-updates in bash.
But: We have done this in the past, but we realized, that those many user-logins (~15.000 to ~20.000 active users simultaneously) had been a measureable impact on our LDAP. Okay, not very suprising...
We decided to use the simple way of touching ~/.lastlogin.
It should be easy to set up a second script that updates the LDAP-records once per night. Normally there shouldn't been a reason to have lastlogin updated "realtime" in LDAP many time per hour.
Peer
-- Heinlein Support GmbH Schwedter Str. 8/9b, 10119 Berlin
http://www.heinlein-support.de
Tel: 030 / 405051-42 Fax: 030 / 405051-19
Zwangsangaben lt. §35a GmbHG: HRB 93818 B / Amtsgericht Berlin-Charlottenburg, Geschäftsführer: Peer Heinlein -- Sitz: Berlin
Am 29.04.2013 17:03, schrieb Peer Heinlein:
Am 29.04.2013 16:50, schrieb Oscar A. Jara:>
Hello, I am settiing up a dovecot (imap, pop, sieve, lda) + openldap infrastructure. I need to store the timestamp of the last login of each user in an attribute of its corresponding ldap object. I could not find a way of doing this through configuration options so I am thinking of coding this task into the dovecot-auth source code, maybe in the passdb-ldap.c file. What do you recomend about this? Thanks.
It's very easy to use post-login-scripting as described on
http://wiki2.dovecot.org/PostLoginScripting
You just have to code the LDAP-updates in bash.
But: We have done this in the past, but we realized, that those many user-logins (~15.000 to ~20.000 active users simultaneously) had been a measureable impact on our LDAP. Okay, not very suprising...
We decided to use the simple way of touching ~/.lastlogin.
It should be easy to set up a second script that updates the LDAP-records once per night. Normally there shouldn't been a reason to have lastlogin updated "realtime" in LDAP many time per hour.
Peer
doing touch method may slow down your i.e cluster filesystem, database etc specially with high frequent logins, related how/what you need such timestamps you can get them from logs too, to get an idea
look
http://sys4.de/de/blog/2013/02/02/monitoring-dovecot-last-login-rsyslog/
to get an idea ,what i mean
Best Regards MfG Robert Schetterer
-- [*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Am 29.04.2013 18:01, schrieb Robert Schetterer:
doing touch method may slow down your i.e cluster filesystem, database etc specially with high frequent logins, related how/what you need such timestamps you can get them from logs too, to get an idea
If a system's breaking down by touching one file per login this system should never host users, that receive more then 20 mails per day.
EVERY single stupid e-mail generates MUCH more I/O then touching last-login. Every log line generates as much I/O, als touching this file.
Anyway, I never believed that cluster filesystems are a usable storage system for mailservers. I don't like and recommend cluster filesystems for that.
But, sure, your way with cron saves some I/O, that's right.
I just remembered, that in our LDAP-lastlogin-script we simply built in a check that READ lastlogin befor updating it and that just updated lastlogin, if lastlogin differs from the actual date. In that case every user generates just one LDAP-write per day, which was quite okay.
Peer
- Heinlein Support GmbH Schwedter Str. 8/9b, 10119 Berlin
http://www.heinlein-support.de
Tel: 030 / 405051-42 Fax: 030 / 405051-19
Zwangsangaben lt. §35a GmbHG: HRB 93818 B / Amtsgericht Berlin-Charlottenburg, Geschäftsführer: Peer Heinlein -- Sitz: Berlin
Am 29.04.2013 18:23, schrieb Peer Heinlein:
Am 29.04.2013 18:01, schrieb Robert Schetterer:
doing touch method may slow down your i.e cluster filesystem, database etc specially with high frequent logins, related how/what you need such timestamps you can get them from logs too, to get an idea
If a system's breaking down by touching one file per login this system should never host users, that receive more then 20 mails per day.
please read and understand what "high frequent logins" means, i am talking about i.e 2000 pop3 tls logins per second
EVERY single stupid e-mail generates MUCH more I/O then touching last-login. Every log line generates as much I/O, als touching this file.
dont tell ,instead measure ,try i.e with high pop3 rates on drbd ocfs2 cluster and maildir
Anyway, I never believed that cluster filesystems are a usable storage system for mailservers. I don't like and recommend cluster filesystems for that.
i dont remember asking that, however i have that up and running and many others have too, we done tests about different filesystems if done right , its an absolut working power solution,
plugin believing is not part of dovecot *g
But, sure, your way with cron saves some I/O, that's right.
its not meant to be the holy grail, but may use as simple workaround everyone needs to have logs ( i.e in big setups you have central logging ), so why not use it for this job too, instead of figure around with filestamps, database , ldap logins , change dovecot config etc
I just remembered, that in our LDAP-lastlogin-script we simply built in a check that READ lastlogin befor updating it and that just updated lastlogin, if lastlogin differs from the actual date. In that case every user generates just one LDAP-write per day, which was quite okay.
i did not say yor solution is wrong or bad, but however there are many ways to goal last login target
Peer
- Heinlein Support GmbH Schwedter Str. 8/9b, 10119 Berlin
http://www.heinlein-support.de
Tel: 030 / 405051-42 Fax: 030 / 405051-19
Zwangsangaben lt. §35a GmbHG: HRB 93818 B / Amtsgericht Berlin-Charlottenburg, Geschäftsführer: Peer Heinlein -- Sitz: Berlin
Best Regards MfG Robert Schetterer
-- [*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
I guess I don't have such a high load so I will try Peer's recomendation about using PostLoginScripting first and measure the impact. I will try the log monitoring technique if the impact is significant. Thank you very much.
El 29.04.2013 13:47, Robert Schetterer escribió:
Am 29.04.2013 18:23, schrieb Peer Heinlein:
Am 29.04.2013 18:01, schrieb Robert Schetterer:
doing touch method may slow down your i.e cluster filesystem, database etc specially with high frequent logins, related how/what you need such timestamps you can get them from logs too, to get an idea If a system's breaking down by touching one file per login this system should never host users, that receive more then 20 mails per day.
please read and understand what "high frequent logins" means, i am talking about i.e 2000 pop3 tls logins per second
EVERY single stupid e-mail generates MUCH more I/O then touching last-login. Every log line generates as much I/O, als touching this file.
dont tell ,instead measure ,try i.e with high pop3 rates on drbd ocfs2 cluster and maildir Anyway, I never believed that cluster filesystems are a usable storage system for mailservers. I d
i have that up and running and many others have too, we done tests about different filesystems if done right , its an absolut working power solution elieving is not part of dovecot *g But, sure, your way with cron saves some I/O, that's right.
its not meant to be the holy grail, but may use as simple workaround everyone needs to have logs ( i.e in big setups you hav> , ldap logins , change dovecot config etc " style="padding-left:5px; border-left:#1010ff 2px solid; margin-left:5px; width:100%">I just remembered, that in our LDAP-lastlogin-script we simply built in a check that READ lastlogin befor updating it and that just updated lastlogin, if lastlogin differs from the actual date. In that case every user generates just one LDAP-write per day, which was quite okay.
i did not say y> pe="cite" style="padding-left:5px; border-left:#1010ff 2px solid; margin-left:5px; width:100%">Peer - Heinlein Support GmbH Schwedter Str. 8/9b, 10119 Berlin http://www.heinlein-support.de [1] Tel: 030 / 405051-42 Fax: 030 / 405051-19 Zw t. §35a GmbHG: HRB 93818 B / Amtsgericht Berlin-Charlottenburg, Geschäftsführer: Peer Heinlein -- Sitz: Berlin
Best Regards MfG Robert Schetterer
-- [*] sys4 AG
http://s> ünchen, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein __________ Information from ESET Mail Security, version of virus signature database 8279 (20130429) __________ The message was checked by ESET Mail Sec
ef="http://www.eset.com">http://www.eset.com
Links:
[1] http://www.heinlein-support.de
__________ Information from ESET Mail Security, version of virus signature database 8279 (20130429) __________
The message was checked by ESET Mail Security. http://www.eset.com
Am 29.04.2013 19:14, schrieb oajara@frsf.utn.edu.ar:
I guess I don't have such a high load so I will try Peer's recomendation about using PostLoginScripting first and measure the impact. I will try the log monitoring technique if the impact is significant. Thank you very much.
for low/middle traffic servers PostLoginScripting touch method as described in the dove wiki is absolut ok, i decide changing it ,about getting over 1000 logins per second on a 4000 Users systems loadbalanced
Best Regards MfG Robert Schetterer
-- [*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Em 29/04/2013 14:54, Robert Schetterer escreveu:
Am 29.04.2013 19:14, schrieb oajara@frsf.utn.edu.ar:
I guess I don't have such a high load so I will try Peer's recomendation about using PostLoginScripting first and measure the impact. I will try the log monitoring technique if the impact is significant. Thank you very much. for low/middle traffic servers PostLoginScripting touch method as described in the dove wiki is absolut ok, i decide changing it ,about getting over 1000 logins per second on a 4000 Users systems loadbalanced
Best Regards MfG Robert Schetterer
Hi.
My aproach is just find the oldest message in the folder mailbase/domain/user/Maildir/new/ for every user once a day. If there are message older then 90 days, put in an on-hold dir compressed archive and block all messages to that user, if not claimed in 180 days delete all.
There are a simple shell script that i made whith mysql backend (iredmail):
http://www.psi.com.br/~julio/postfix/MailUserOld.sh.
Regards,
--
_ Julio Cesar Covolato
0v0 <julio@psi.com.br>
/(_)\ F: 55-11-3129-3366 ^ ^ PSI INTERNET
Am 30.04.2013 00:40, schrieb Julio Cesar Covolato:
My aproach is just find the oldest message in the folder mailbase/domain/user/Maildir/new/ for every user once a day
yes that works too, used this years ago, but i think its not working with mdbox etc
Best Regards MfG Robert Schetterer
-- [*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Oscar A. Jara <oajara@frsf.utn.edu.ar> wrote:
Hello, I am settiing up a dovecot (imap, pop, sieve, lda) + openldap infrastructure. I need to store the timestamp of the last login of each user in an attribute of its corresponding ldap object. I could not find a way of doing this through configuration options so I am thinking of coding this task into the dovecot-auth source code, maybe in the passdb-ldap.c file. What do you recomend about this? Thanks.
I don't think this is a wise idea. LDAP does not like to be written to.
With approach like you envision you will certainly kill your LDAP server instantly. If you have any replicated slaves, the write load you will be creating will kill them a second later.
Either use post-login scripting to store that value in a SQL database, or better, just touch a file in the users $HOME.
Question: why do you need this las-login timestamp information? Maybe there is a better way to solve your problem/need.
Grüße, Sven.
-- Sigmentation fault. Core dumped.
participants (6)
-
Julio Cesar Covolato
-
oajara@frsf.utn.edu.ar
-
Oscar A. Jara
-
Peer Heinlein
-
Robert Schetterer
-
Sven Hartge