I am using Dovecot 2.2.13, which doesn't yet seem to have the $auth_cache_negative parameter. Should the negative cache value honor $auth_cache_ttl then?
I had a problem where some of our ldap systems were reinitialized. Some users, presumably those who tried to login while their records were returning a failure, became unable to login after the records were once again returning normally.
I currently have: auth_cache_size = 5 M auth_cache_ttl = 5 mins # Not yet implemented #auth_cache_negative = 2 mins
yet the problem seemed to persist for more than an hour.
Also, how can I flush the cache for a non-default instance's cache using doveadm -- "doveadm auth cache flush" doesn't seem to have an '-a' option AFAICT.
# doveadm auth usage: doveadm [-Dv] [-f <formatter>] auth <command> [<args>] cache flush
w
Am 19.09.2014 um 02:09 schrieb Will Yardley:
I am using Dovecot 2.2.13, which doesn't yet seem to have the $auth_cache_negative parameter. Should the negative cache value honor $auth_cache_ttl then?
I had a problem where some of our ldap systems were reinitialized. Some users, presumably those who tried to login while their records were returning a failure, became unable to login after the records were once again returning normally.
I currently have: auth_cache_size = 5 M auth_cache_ttl = 5 mins # Not yet implemented #auth_cache_negative = 2 mins
yet the problem seemed to persist for more than an hour.
Also, how can I flush the cache for a non-default instance's cache using doveadm -- "doveadm auth cache flush" doesn't seem to have an '-a' option AFAICT.
# doveadm auth usage: doveadm [-Dv] [-f <formatter>] auth <command> [<args>] cache flush
just hard restart dovecot
the auth cache is not persistent
On Fri, Sep 19, 2014 at 02:34:34AM +0200, Reindl Harald wrote:
Am 19.09.2014 um 02:09 schrieb Will Yardley:
Also, how can I flush the cache for a non-default instance's cache using doveadm -- "doveadm auth cache flush" doesn't seem to have an '-a' option AFAICT.
# doveadm auth usage: doveadm [-Dv] [-f <formatter>] auth <command> [<args>] cache flush
just hard restart dovecot
the auth cache is not persistent
Yes, that's how I've solved the problem so far.
But since the problem doesn't affect all users, I'd obviously prefer not to do a hard restart of Dovecot just to fix it if there's a command that will clear the auth cache only.
w
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Thu, 18 Sep 2014, Will Yardley wrote:
Also, how can I flush the cache for a non-default instance's cache using doveadm -- "doveadm auth cache flush" doesn't seem to have an '-a' option AFAICT.
# doveadm auth usage: doveadm [-Dv] [-f <formatter>] auth <command> [<args>] cache flush
mhm: -a does not have no relationship to (Dovecot) "instance".
doveadm auth cache flush
flushes all the auth cache, no selection of an user possible, no need for
- -a.
doveadm -i instance_name auth cache flush
should flush all the auth cache of the specified instance. Note the "-i" preceeds the command.
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBVBvLf3z1H7kL/d9rAQKNiggAiNDAsp6rsiaG/UYT3hsQi8zwjTNUtfcy 3e2Joe6nRo+7ie9Uuy3P3qqY63q113cEaPEjhu+bGPyNHkMeLOAw7/l3RB+YomJo DMqke+Yyb5I3GlZOHmWtZlFDSN9qW/B7YFu8YhXSRy4+g4hWzJl/zTbcmx4uBZnM Ii0Cy5qN1BLqXKhmsYeY4YQibVHvRslxRxLKXU/aLokARin9M4eUocZ79gvG9MIu BM2PmvArvNtCE9+lafkDgr8rqVxfdh5nt2pWVdswtNra/5OWrUH0U3ks2+/WZ2lw U+0iLsL4gnadYY7cBGo0XexGUX7ZlU1+Nb1+I9Oj+HJPx2C9IF1h0Q== =Wmo2 -----END PGP SIGNATURE-----
On Fri, Sep 19, 2014 at 08:21:51AM +0200, Steffen Kaiser wrote:
On Thu, 18 Sep 2014, Will Yardley wrote:
Also, how can I flush the cache for a non-default instance's cache using doveadm -- "doveadm auth cache flush" doesn't seem to have an '-a' option AFAICT.
mhm: -a does not have no relationship to (Dovecot) "instance".
doveadm auth cache flush
flushes all the auth cache, no selection of an user possible, no need for
- -a.
doveadm -i instance_name auth cache flush
should flush all the auth cache of the specified instance. Note the "-i" preceeds the command.
That doesn't give an error, but strace shows this:
[...] connect(8, {sa_family=AF_FILE, path="/var/run/dovecot-director/auth-master"}, 110) = 0
(is it connecting to the wrong instance's auth socket? the path to the 'main' instance's auth socket is /var/run/dovecot-main/auth-master)
and then I see # doveadm -i main auth cache flush 0 cache entries flushed
(strace shows this, which is the same thing I see from the director instance). write(1, "0 cache entries flushed\n", 240 cache entries flushed ) = 24
The 'main' instance should definitely have plenty of auth cache entries these are fairly busy systems, and the cache TTL is 5 minutes.
Also, while I'd seen the use of the '-i flag, I didn't realize it was supported in this version, as '-i' doesn't seem to be listed in doveadm(1) or in the usage for doveadm.
w
On Thu, Sep 18, 2014 at 11:41:14PM -0700, Will Yardley wrote:
(is it connecting to the wrong instance's auth socket? the path to the 'main' instance's auth socket is /var/run/dovecot-main/auth-master)
and then I see # doveadm -i main auth cache flush 0 cache entries flushed
Seems that the problem was that I had a symlink (for convenience) of /var/run/dovecot to /var/run/dovecot-director (so that I don't have to specify the instance name for common operations, which mostly involve the director).
If I remove that symlink, and run the command with '-i main'
# doveadm -i main auth cache flush 904 cache entries flushed
The relevant code is something like: if (auth_socket_path == NULL) { auth_socket_path = t_strconcat(doveadm_settings->base_dir, "/auth-master", NULL);
I'm guessing that auth_socket_path isn't null for some reason, and thus the auth_socket_path isn't constructed correctly in this case, even though the instance is being specified?
# doveadm instance list
path name last used running
/var/run/dovecot-director director 2014-09-18 20:01:12 yes
/var/run/dovecot-main main 2014-09-18 20:01:12 yes
# doveconf -i main base_dir base_dir = /var/run/dovecot-main
w
participants (3)
-
Reindl Harald
-
Steffen Kaiser
-
Will Yardley