[Dovecot] Can we retrieve Dovecot Proxys 'hostName' from Director instead of LDAP?
We have a Dovecot installation of several nodes that share an NFS mount for the user data. We are trying to configure Dovecot Proxy with Director in order to have Director select the appropriate IMAP server for a given user on behave of Dovecot Proxy. So far all examples I've seen on the dovecot site require the proxy to know the exact mail server to pass the user to by way of an LDAP lookup.
Does anyone know of a way to have Dovecot Proxy pick a server from Directors status list instead of looking it up from LDAP?
Also, how does Director discover that an IMAP server is up or down so that it can adjust in the case of a server failure? Is this something that Director does automatically or do we need to manually change the mail servers vhost count in case of an IMAP node failure?
Thanks
Edward,
-----Original Message----- So far all examples I've seen on the dovecot site require the proxy to know the exact mail server to pass the user to by way of an LDAP lookup.
Does anyone know of a way to have Dovecot Proxy pick a server from Directors status list instead of looking it up from LDAP?
Automatically setting the proxy destination is actually the core function of the Director. It maintains an internal list of available backend servers, and uses a hash algorithm to balance logins across them. All you need to do to enable this is:
director_servers = <list of director nodes> director_mail_servers = <list of mail servers> service director { unix_listener login/director { mode = 0666 } fifo_listener login/proxy-notify { mode = 0666 } } passdb { driver = static args = nopassword=y proxy=y } userdb { driver = static args = uid=dovenull gid=dovenull home=/var/run/dovecot/empty } service imap-login { executable = imap-login director } service pop3-login { executable = pop3-login director }
This tells the login processes to talk to the Director, and the static passdb/userdb tells the Director to proxy all connections and let the backend node handle authentication.
Note that this won't work if specific users need to be on specific servers - the Director makes sure that all of a user's sessions end up the same host, but it does not care which host it is.
Also, how does Director discover that an IMAP server is up or down so that it can adjust in the case of a server failure? Is this something that Director does automatically or do we need to manually change the mail servers vhost count in case of an IMAP node failure?
It does not handle failure on its own. Several of us are using this to detect and react to node failures: http://github.com/brandond/poolmon
-Brad
Thanks Brad!
Adding this to my 10-director.conf fixed it
passdb { driver = static args = nopassword=y proxy=y } userdb { driver = static args = uid=dovenull gid=dovenull home=/var/run/dovecot/empty }
Do I still need "someAttribute=proxy" in pass_attrs?
If I want to use proxy_maybe, is the LDAP value changed from "proxy" to "proxy_maybe" or in pass_attrs "someAttribute=proxy_maybe"?
I'll take a look at poolmon for node failures.
Edward,
-----Original Message-----
Adding this to my 10-director.conf fixed it
passdb { driver = static args = nopassword=y proxy=y } userdb { driver = static args = uid=dovenull gid=dovenull home=/var/run/dovecot/empty }
Do I still need "someAttribute=proxy" in pass_attrs?
I believe that having it in the static passdb is sufficient.
If I want to use proxy_maybe, is the LDAP value changed from "proxy"
to
"proxy_maybe" or in pass_attrs "someAttribute=proxy_maybe"?
The Director does not support proxy_maybe. When using it, all logins are proxied.
Additionally, you can get rid of any other passdb/userdb sections you've got on the Directors; the LDAP directory should not be queried at all since the Director can just proxy everything through to the backends and let them figure out whether or not the user/pass are valid.
I'll take a look at poolmon for node failures.
Let me know how it works for you, or if there are any enhancements you'd find useful.
-Brad
On Wed, 2010-09-29 at 11:46 -0700, Brad Davidson wrote:
userdb { driver = static args = uid=dovenull gid=dovenull home=/var/run/dovecot/empty }
This shouldn't be necessary.
Thanks again!
Everything working properly with proxy and director now once I moved passdb out of 10-director.conf and into auth-static.conf.ext (and switched to it in 10-auth.conf)
Timo was correct, userdb wasn't needed.
poolmon is working great as well!
-----Original Message----- From: Timo Sirainen [mailto:tss@iki.fi]
On Wed, 2010-09-29 at 11:46 -0700, Brad Davidson wrote:
userdb { driver = static args = uid=dovenull gid=dovenull home=/var/run/dovecot/empty }
This shouldn't be necessary.
Which bit? The args, or the whole userdb? What happens if I don't have a userdb at all? The mailservers use PAM, but I wasn't sure what to use on the Director proxies.
-Brad
On Wed, 2010-09-29 at 14:11 -0700, Brad Davidson wrote:
-----Original Message----- From: Timo Sirainen [mailto:tss@iki.fi]
On Wed, 2010-09-29 at 11:46 -0700, Brad Davidson wrote:
userdb { driver = static args = uid=dovenull gid=dovenull home=/var/run/dovecot/empty }
This shouldn't be necessary.
Which bit? The args, or the whole userdb? What happens if I don't have a userdb at all? The mailservers use PAM, but I wasn't sure what to use on the Director proxies.
The whole userdb. Director doesn't do userdb lookups at all. (Also if there is no userdb defined, Dovecot actually creates a default static userdb with empty args.)
Timo,
-----Original Message----- From: Timo Sirainen [mailto:tss@iki.fi]
The whole userdb. Director doesn't do userdb lookups at all. (Also if there is no userdb defined, Dovecot actually creates a default static userdb with empty args.)
Awesome, good to know.
-Brad
participants (3)
-
Brad Davidson
-
Edward Carraro
-
Timo Sirainen