[Dovecot] Syntax for doveadm auth cache
Angel L. Mateo
amateo at um.es
Tue Oct 2 11:41:51 EEST 2012
Hello,
I've been doing some more tests with this problem I have (I need to
solve it because I'm planning to migrate mailboxes from maildir to mdbox
and I need to change mail_location for my users without rebooting the
server).
I think I have found the source of the problem, although I don't know
how to fix it. The problem is that I have different results if I ask for
user information with just the login or with the whole email:
root at myotis30:/etc/dovecot/conf.d# doveadm user angel.luis at um.es
userdb: angel.luis at um.es
mail :
mdbox:/home/alumnos/46/113246/mdbox:INDEX=/var/indexes/mdbox/angel.luis
home : /home/alumnos/46/113246
uid : 113246
gid : 1001
quota_rule: *:storage=10G
root at myotis30:/etc/dovecot/conf.d# doveadm user angel.luis
userdb: angel.luis
home : /home/alumnos/46/113246
uid : 113246
gid : 1001
quota_rule: *:storage=10G
I guess I'm using different keys depending the user database used. I
have configured three user databases, one for master-password, one for a
ldap server and the other with pam (I need it because my webmail users
authenticate in my SSO system through PAM).
This is my config:
passdb {
driver = passwd-file
master = yes
args = /etc/dovecot/master-users
# Unless you're using PAM, you probably still want the destination
user to
# be looked up from passdb that it really exists. pass=yes does that.
pass = yes
}
passdb {
driver = pam
# [session=yes] [setcred=yes] [failure_show_msg=yes] [max_requests=<n>]
# [cache_key=<key>] [<service name>]
#args = dovecot
args = session=yes cache_key=%n dovecot
}
passdb {
driver = ldap
# Path for LDAP configuration file, see
example-config/dovecot-ldap.conf.ext
args = /etc/dovecot/dovecot-ldap.conf.ext
}
# "prefetch" user database means that the passdb already provided the
# needed information and there's no need to do a separate userdb lookup.
# <doc/wiki/UserDatabase.Prefetch.txt>
userdb {
driver = prefetch
}
userdb {
driver = ldap
args = /etc/dovecot/dovecot-ldap.conf.ext
# Default fields can be used to specify defaults that LDAP may override
#default_fields = home=/home/virtual/%u
}
In my ldap configuration, I have a filter that looks for the uid of the
user or the hole email:
user_filter = (&(<other requirements>)(|(uid=%u)(mail=%u)))
I need this, because I have users that authenticate with just his/her
login, not the complete email address.
How can I unify those entries, so they use always just the login as key?
El 18/09/12 18:31, Timo Sirainen escribió:
> On 18.9.2012, at 9.59, Angel L. Mateo wrote:
>
>>>> So I'm running this command. Whenever I run it, I get the message that 3 (sometimes, is 4) entries are removed, but user information isn't really reloaded and I doubt it is really removed from cache (I have the user in a passwd-file and information used by imap processes is still the old one, no the new one, changed before the flush)
>>>
>>> Works in my tests.
>>>
>> Is this cache the same than the user information cache?
>
> Yes.
>
>> The parameter of the user I want to change is his quota, so I have modified quota value in my ldap diretory, then I run:
>>
>> doveadm auth cache flush <myuser>
>
> What is your doveconf -n output and the dovecot-ldap.conf contents? Is <myuser> with or without @domain? Also try this:
>
> doveadm auth cache flush foo # make sure it isn't there
> doveadm user foo
> doveadm auth cache flush foo
>
> Does the second flush return 1 or 0 entries? If 0, then there's a problem. If 1, then it really should have worked.
>
> You could try also if disabling userdb prefetch makes any difference. And if you still have multiple userdb try with only one.
>
-------------- next part --------------
# 2.1.9: /etc/dovecot/dovecot.conf
# OS: Linux 3.4.0-030400-generic x86_64 Ubuntu 12.04.1 LTS
auth_cache_size = 20 M
auth_cache_ttl = 1 days
auth_debug = yes
auth_master_user_separator = *
auth_verbose = yes
default_process_limit = 1000
disable_plaintext_auth = no
log_timestamp = %Y-%m-%d %H:%M:%S
login_trusted_networks = 155.54.211.176/28
mail_debug = yes
mail_location = maildir:~/Maildir:INDEX=/var/indexes/%n
mail_plugins = quota
mail_privileged_group = mail
maildir_very_dirty_syncs = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave imapflags
mdbox_rotate_size = 20 M
namespace {
inbox = yes
location =
prefix =
separator = .
}
namespace {
hidden = yes
list = no
location = maildir:~/Maildir/expunged
prefix = BORRADOS.
separator = .
}
passdb {
args = /etc/dovecot/master-users
driver = passwd-file
master = yes
pass = yes
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
passdb {
args = session=yes cache_key=%n dovecot
driver = pam
}
plugin {
lazy_expunge = BORRADOS.
quota = dict:User quota::file:%h/Maildir/dovecot.quota
quota_exceeded_message = El mensaje no se ha entregado porque el destinatario del mismo tiene el buzón lleno.
quota_rule = *:storage=20G
quota_rule2 = Trash:storage=+1G
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
sieve_extensions = +imapflags
sieve_max_redirects = 15
zlib_save = gz
zlib_save_level = 6
}
postmaster_address = postmaster at um.es
protocols = imap pop3 lmtp sieve
service anvil {
client_limit = 2003
}
service auth {
client_limit = 3000
unix_listener auth-userdb {
mode = 0666
}
}
service doveadm {
inet_listener {
port = 24245
}
}
service imap {
process_limit = 5120
process_min_avail = 2
vsz_limit = 512 M
}
service ipc {
unix_listener ipc {
user = dovecot
}
}
service lmtp {
inet_listener lmtp {
port = 24
}
process_min_avail = 10
vsz_limit = 512 M
}
service pop3 {
process_min_avail = 2
}
ssl = no
ssl_cert = </etc/ssl/certs/dovecot.pem
ssl_key = </etc/ssl/private/dovecot.pem
userdb {
driver = prefetch
}
userdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
protocol lda {
mail_plugins = quota sieve
}
protocol imap {
mail_plugins = quota imap_quota
}
protocol lmtp {
mail_plugins = quota sieve
}
protocol pop3 {
pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, in=%i, out=%o
}
local 155.54.211.160/27/27 {
doveadm_password = <password>
}
More information about the dovecot
mailing list