Hi,
I have noticed that during auth cache hits usernames are not updated. (We use ldap backend and change username with user_attrs = uid=user, mailMessageStore=home, mailQuotaSize=quota_rule=*:bytes=%$
cold cache
lmtp(14414): Debug: auth input: testmon_testmon home=/vmail/te/testmon_testmon quota_rule=*:bytes=104857600 lmtp(14414): Debug: changed username to testmon_testmon lmtp(14414): Debug: Added userdb setting: plugin/quota_rule=*:bytes=104857600
hot cache
lmtp(14715): Debug: auth input: iqmon@mon.test.pl home=/vmail/iq/testmon_testmon quota_rule=*:bytes=104857600 lmtp(14715): Debug: Added userdb setting: plugin/quota_rule=*:bytes=104857600
this kills our dictionary based quota (users have multiple quota instances depending on timing and alias the email was delivered to.
Is there a way to force addition of user to the auth cache ?
-- Michal Grzedzicki
2014-12-29 12:47 GMT+01:00 Lazy lazy404@gmail.com:
Hi,
I have noticed that during auth cache hits usernames are not updated. (We use ldap backend and change username with user_attrs = uid=user, mailMessageStore=home, mailQuotaSize=quota_rule=*:bytes=%$
cold cache
lmtp(14414): Debug: auth input: testmon_testmon home=/vmail/te/testmon_testmon quota_rule=*:bytes=104857600 lmtp(14414): Debug: changed username to testmon_testmon lmtp(14414): Debug: Added userdb setting: plugin/quota_rule=*:bytes=104857600
hot cache
lmtp(14715): Debug: auth input: iqmon@mon.test.pl home=/vmail/iq/testmon_testmon quota_rule=*:bytes=104857600 lmtp(14715): Debug: Added userdb setting: plugin/quota_rule=*:bytes=104857600
auth replays are
USER\t2\ttestmon_testmon\thome=/vmail/te/testmon_testmon\tquota_rule=*:bytes=104857600\n on a cache miss
and
USER\t3\ttestmon@mon.test.pl\thome=/vmail/te/testmon_testmon\tquota_rule=*:bytes=104857600\n with a cache hit
without cache user is rewriten as expected, with cache it isn't
-- Michal Grzedzicki
2014-12-30 15:04 GMT+01:00 Lazy lazy404@gmail.com:
2014-12-29 12:47 GMT+01:00 Lazy lazy404@gmail.com:
Hi,
I have noticed that during auth cache hits usernames are not updated. (We use ldap backend and change username with user_attrs = uid=user, mailMessageStore=home, mailQuotaSize=quota_rule=*:bytes=%$
cold cache
lmtp(14414): Debug: auth input: testmon_testmon home=/vmail/te/testmon_testmon quota_rule=*:bytes=104857600 lmtp(14414): Debug: changed username to testmon_testmon lmtp(14414): Debug: Added userdb setting: plugin/quota_rule=*:bytes=104857600
hot cache
lmtp(14715): Debug: auth input: iqmon@mon.test.pl home=/vmail/iq/testmon_testmon quota_rule=*:bytes=104857600 lmtp(14715): Debug: Added userdb setting: plugin/quota_rule=*:bytes=104857600
auth replays are
USER\t2\ttestmon_testmon\thome=/vmail/te/testmon_testmon\tquota_rule=*:bytes=104857600\n on a cache miss
and
USER\t3\ttestmon@mon.test.pl\thome=/vmail/te/testmon_testmon\tquota_rule=*:bytes=104857600\n with a cache hit
without cache user is rewriten as expected, with cache it isn't
requests made by imap or pop3 are always rewriting the usernames
is it a bug or is it intentional ?
-- Michal Grzedzicki
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Mon, 29 Dec 2014, Lazy wrote:
I have noticed that during auth cache hits usernames are not updated. (We use ldap backend and change username with user_attrs = uid=user, mailMessageStore=home, mailQuotaSize=quota_rule=*:bytes=%$
cold cache
lmtp(14414): Debug: auth input: testmon_testmon home=/vmail/te/testmon_testmon quota_rule=*:bytes=104857600 lmtp(14414): Debug: changed username to testmon_testmon lmtp(14414): Debug: Added userdb setting: plugin/quota_rule=*:bytes=104857600
hot cache
lmtp(14715): Debug: auth input: iqmon@mon.test.pl home=/vmail/iq/testmon_testmon quota_rule=*:bytes=104857600 lmtp(14715): Debug: Added userdb setting: plugin/quota_rule=*:bytes=104857600
this kills our dictionary based quota (users have multiple quota instances depending on timing and alias the email was delivered to.
Is there a way to force addition of user to the auth cache ?
Did you posted your doveconf -n and ldap settings somewhere?
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBVK+OWXz1H7kL/d9rAQLCawf/ROHvFecRZorrmGadAUmOk7Nj26m4WBH9 gQVbtOlPN4Vi8An1ldkTtyAqs8M7d67rGp3pW5ncZtd6BbseaaSBSNXaVXomZoBO RwOxrXQ0c7Em+yDegKwz085Iu4h6vTkzlsnDhRl1aiEn4r05U8GSyKTV4hchB1Ej rkfEILSWHK/bzvbeGz4qwxpFRyd4CMabK9IsFz0qiQFhavE8AKnnega4HDk2Vsdr sABB8xI25++DD4yKBKDsAari1PkoPrndzURexdH/chJFGpD/eFbO7t9owtyFnaU9 eNZYH1H81TjkHG8u4Rq2AoTFZt2RnptfHtCbs0lQnhuddrmH6gv8ZQ== =QIur -----END PGP SIGNATURE-----
2015-01-09 9:16 GMT+01:00 Steffen Kaiser skdovecot@smail.inf.fh-brs.de:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Mon, 29 Dec 2014, Lazy wrote:
I have noticed that during auth cache hits usernames are not updated. (We use ldap backend and change username with user_attrs = uid=user, mailMessageStore=home, mailQuotaSize=quota_rule=*:bytes=%$
cold cache
lmtp(14414): Debug: auth input: testmon_testmon home=/vmail/te/testmon_testmon quota_rule=*:bytes=104857600 lmtp(14414): Debug: changed username to testmon_testmon lmtp(14414): Debug: Added userdb setting: plugin/quota_rule=*:bytes=104857600
hot cache
lmtp(14715): Debug: auth input: iqmon@mon.test.pl home=/vmail/iq/testmon_testmon quota_rule=*:bytes=104857600 lmtp(14715): Debug: Added userdb setting: plugin/quota_rule=*:bytes=104857600
this kills our dictionary based quota (users have multiple quota instances depending on timing and alias the email was delivered to.
Is there a way to force addition of user to the auth cache ?
Did you posted your doveconf -n and ldap settings somewhere?
I have atached a dirty hack that fixes the issue for me (username changes are cached in userdb auth cache).
config follows
dovecot -n
passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap }
userdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap }
dovecot-ldap.conf.ext
debug_level = 32 auth_bind = no ldap_version = 3 base = ou=accounts,o=test,c=pl
user_attrs = uid=user, mailMessageStore=home, mailQuotaSize=quota_rule=*:bytes=%$ user_filter = (&(&(!(accountStatus=deleted))(objectClass=qMailUser))(|(mail=%u)(uid=%u)(mailAlternateAddress=%u)))
pass_attrs = uid=user, userPassword=password pass_filter = (&(objectClass=qMailUser)(|(mail=%u)(uid=%u)(mailAlternateAddress=%u)))
iterate_attrs = uid=user iterate_filter = (&(&(objectClass=qmailUser)(!(accountStatus=deleted))))
full doveconf -n
# 2.2.15: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.7 auth_cache_negative_ttl = 5 mins auth_cache_size = 10 M auth_cache_ttl = 5 mins auth_debug = yes auth_master_user_separator = * auth_mechanisms = plain login auth_username_format = %u auth_verbose = yes base_dir = /var/run/dovecot/ deliver_log_format = msgid=%m f:%f s:%s %$ disable_plaintext_auth = no import_environment = TZ lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes lda_original_recipient_header = Delivered-To listen = 10.0.55.22 login_greeting = Imap ready. login_trusted_networks = 10.0.55.2/32 10.0.55.3/32 mail_debug = yes mail_gid = 300 mail_location = maildir:~/Maildir:INDEX=/var/dovecot_indexes%h mail_plugins = quota expire notify mail_log mail_uid = 300 maildir_very_dirty_syncs = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave duplicate namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox SPAM { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /etc/dovecot/master-users driver = passwd-file master = yes pass = yes } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { expire = SPAM expire_dict = redis:host=127.0.0.1:prefix=expire/ last_login_key = %u mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid from subject size quota = dict:User quota::redis:host=127.0.0.1:prefix=user/ quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u sieve_global_dir = /etc/sieve_global sieve_max_redirects = 20 } postmaster_address = postmaster@test.pl protocols = imap pop3 lmtp sieve recipient_delimiter =
service auth { unix_listener auth-userdb { mode = 0777 } } service dict { unix_listener dict { group = vmail user = vmail } } service doveadm { inet_listener { port = 4567 } } service imap-login { process_min_avail = 8 service_count = 0 } service imap { process_limit = 14000 } service lmtp { inet_listener lmtp { address = dovecot2 port = 24 } process_min_avail = 5 user = vmail } service pop3-login { process_min_avail = 8 service_count = 0 } service pop3 { process_limit = 10000 } service quota-warning { executable = script /usr/local/bin/quota_warning.sh unix_listener quota-warning { user = vmail } user = vmail } ssl = no syslog_facility = local2 userdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } verbose_proctitle = yes protocol lmtp { auth_username_format = %u mail_plugins = quota expire notify mail_log sieve syslog_facility = local3 } protocol lda { mail_plugins = quota expire notify mail_log sieve syslog_facility = local3 } protocol imap { mail_max_userip_connections = 30 mail_plugins = quota expire notify mail_log imap_quota last_login } protocol sieve { plugin { sieve = ~/.dovecot.sieve sieve_max_script_size = 50K sieve_quota_max_scripts = 5 sieve_quota_max_storage = 500K sieve_storage = ~/sieve/ } } protocol pop3 { mail_plugins = quota expire notify mail_log last_login pop3_client_workarounds = outlook-no-nuls pop3_fast_size_lookups = yes pop3_uidl_format = %f }
-- Michal Grzedzicki
On 09 Jan 2015, at 12:36, Lazy lazy404@gmail.com wrote:
I have atached a dirty hack that fixes the issue for me (username changes are cached in userdb auth cache).
These should also work:
http://hg.dovecot.org/dovecot-2.2/rev/08b2f79e8212 http://hg.dovecot.org/dovecot-2.2/rev/635f9c7d5991
participants (3)
-
Lazy
-
Steffen Kaiser
-
Timo Sirainen