[Dovecot] Plugin hooks in login process
Hi all; I've setup dovecot (2.1.10) in a cluster configuration. We have two servers acting as frontend which authenticates users and proxy them to other two servers which handles the "real" work.
Users credentials are on a mysql cluster; we have one master, in which read/write queries are processed, and many replicated slave, which process read-only queries.
The frontend servers reads users credentials from the read-only mysql slaves. I'd like to execute a query once the client is verified to update the last login data.
Right now, that query is executed on the backend servers, via a post-login service:
protocols = imap service imap-postlogin { executable = script-login /usr/local/etc/dovecot/postlogin.sh unix_listener imap-postlogin { group = vchkpw mode = 0600 user = vpopmail } } service imap { executable = imap imap-postlogin process_limit = 2048 }
Problem is, if I execute the update on the backend, I miss the information regarding the original IP, as I only see the IP of the proxies.
I haven't been able to launch the postlogin service on the frontend, so I figured that I can try to write a plugin - that also seems to me the cleanest solution.
Looking in the dovecot source code, I noticed that there aren't any hooks in the execution path used by the proxies; I am missing something ? I am the only one missing the presence of this hooks in the auth/proxy process ?
I've also thought of a workaround for this problem. One way is to monitor the dovecot logs on the frontend and execute the update asyncronously. One other way is to query directly the main mysql server of the cluster and adjust the query making it call a stored procedure that updates the information in case of successful login. But I'd really prefer to create a plugin, that I'd be willing to share.
I attach the configuration of the servers (front and back) generated via postfix -n.
Thanks in advance for any help.
-- Simone Lazzaris | Responsabile aree datacenter e VoIP Interactive Network srl | via Roggia Vignola 9, 24047 Treviglio (BG) Tel. 0363 1970352 | Fax 0363.1971971 | www.interactive.eu
On 15.10.2012, at 16.13, Simone Lazzaris wrote:
Problem is, if I execute the update on the backend, I miss the information regarding the original IP, as I only see the IP of the proxies.
This is easy to solve: Set login_trusted_networks setting to point to your proxies, and you'll see the original IP.
Looking in the dovecot source code, I noticed that there aren't any hooks in the execution path used by the proxies; I am missing something ? I am the only one missing the presence of this hooks in the auth/proxy process ?
The login processes aren't really meant to have any plugins.
In data martedì 16 ottobre 2012 03:41:14, Timo Sirainen ha scritto:
On 15.10.2012, at 16.13, Simone Lazzaris wrote:
Problem is, if I execute the update on the backend, I miss the information regarding the original IP, as I only see the IP of the proxies.
This is easy to solve: Set login_trusted_networks setting to point to your proxies, and you'll see the original IP.
Thanks, it works as a charm. Just one more thing. I wasn't be able to find this option in the wiki, and also now that I know the meaning, I can't successfully google for it. Maybe the docs needs some love ? I hate tamper the developers for something I should have found by myself on the first place.
Looking in the dovecot source code, I noticed that there aren't any hooks in the execution path used by the proxies; I am missing something ? I am the only one missing the presence of this hooks in the auth/proxy process ? The login processes aren't really meant to have any plugins.
I see. Well, thanks anyway.
Simone Lazzaris | Responsabile aree datacenter e VoIP Interactive Network srl | via Roggia Vignola 9, 24047 Treviglio (BG) Tel. 0363 1970352 | Fax 0363.1971971 | www.interactive.eu
participants (2)
-
Simone Lazzaris
-
Timo Sirainen