prefetch not working (for me) on ldap user backend
Hector M. Jacas
hector.jacas at etecsa.cu
Sun Apr 26 18:11:40 UTC 2015
Dear Sir,
I'm having problems with the implementation of prefetch userdb.
Following the directives from the site
(http://wiki2.dovecot.org/UserDatabase/Prefetch), I am unable to avoid
the second search to the user backend (ldap).
Could give me any advice or tips to achieve my goal?
Thanks a lot,
Hector M. Jacas
My ldap has the following structure:
search base: ou=Domains,dc=test,dc=local
*******************************
domains tree:
domain2.com: dc=domain2.com,ou=Domains,dc=test,dc=local
Definition of mailuser1 on domail2.com:
dn: uid=mailuser1,dc=domain2.com,ou=Domains,dc=test,dc=local
uid: mailuser1
cn: User mailuser1
sn: User 1
displayName: User mailuser1
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
mail: mailuser1 at domain2.com
*************************************
domain1.com: dc=domain1.com,ou=Domains,dc=test,dc=local
Definition of mailuser1 on domain1.com:
dn: uid=mailuser1,dc=domain1.com,ou=Domains,dc=test,dc=local
uid: mailuser1
cn: User mailuser1
sn: User 1
displayName: User mailuser1
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
mail: mailuser1 at domain1.com
*************************************
/etc/dovecot/dovecot-ldap.conf.ext content:
hosts = ldapserver
auth_bind = yes
ldap_version = 3
tls = no
base = ou=Domains,dc=test,dc=local
scope = subtree
user_filter = (&(objectclass=inetOrgPerson)(mail=%u))
user_attrs = =home=/var/vmail/mailboxes/%Ld/%Ln/%Ln,=uid=500,=gid=500
default_pass_scheme = CRYPT
pass_filter = (&(objectclass=inetOrgPerson)(mail=%u))
pass_attrs =
uid=user,password=userPassword,=userdb_home=/var/vmail/mailboxes/%Ld/%8Ln/%Ln,
\
=userdb_uid=500,=userdb_gid=500
iterate_attrs = mail=user
iterate_filter = (objectclass=inetOrgPerson)
************************************
auth test result for mailuser1 at domain2.com:
# doveadm mailuser1 at domain2.com password auth test
passdb: mailuser1 at domain2.com auth succeeded
Extra fields:
user=mailuser1
And in /var/log/maillog (enabled debug auth options):
Apr 26 14:00:33 nfs-7-00 dovecot: auth: Debug: auth client connected (pid=0)
Apr 26 14:00:33 nfs-7-00 dovecot: auth: Debug: client in: AUTH 1
PLAIN service=doveadm resp=<hidden>
Apr 26 14:00:33 nfs-7-00 dovecot: auth: Debug:
ldap(mailuser1 at domain2.com): bind search:
base=ou=Domains,dc=test,dc=local
filter=(&(objectclass=inetOrgPerson)(mail=mailuser1 at domain2.com))
Apr 26 14:00:33 nfs-7-00 dovecot: auth: Debug:
ldap(mailuser1 at domain2.com): result: uid=mailuser1; uid unused
Apr 26 14:00:33 nfs-7-00 dovecot: auth: Debug:
auth(mailuser1 at domain2.com): username changed mailuser1 at domain2.com ->
mailuser1
Apr 26 14:00:33 nfs-7-00 dovecot: auth: Debug: ldap(mailuser1): result:
uid=mailuser1
Apr 26 14:00:33 nfs-7-00 dovecot: auth: Debug: client passdb out: OK
1 user=mailuser1
*****************************
mailuser1 at domain2.com doveadm user result:
# doveadm user mailuser1 at domain2.com
field value
uid 500
gid 500
home /var/vmail/mailboxes/domain2.com/mailuser1/mailuser1
maildir mail:
/var/vmail/mailboxes/domain2.com/mailuser/mailuser1:INDEX=MEMORY
And in /var/log/maillog (enabled debug auth options):
Apr 26 14:01:19 nfs-7-00 dovecot: auth: Debug: master in: USER 1
mailuser1 at domain2.com service=doveadm
Apr 26 14:01:19 nfs-7-00 dovecot: auth: Debug:
prefetch(mailuser1 at domain2.com): passdb didn't return userdb entries,
trying the next userdb
Apr 26 14:01:19 nfs-7-00 dovecot: auth: Debug:
ldap(mailuser1 at domain2.com): user search:
base=ou=Domains,dc=test,dc=local scope=subtree
filter=(&(objectclass=inetOrgPerson)(mail=mailuser1 at domain2.com)) fields=
Apr 26 14:01:19 nfs-7-00 dovecot: auth: Debug:
ldap(mailuser1 at domain2.com): result: uid=mailuser1 cn=Usuario mailuser1
sn=Usuario 1 displayName=Usuario mailuser1
objectClass=inetOrgPerson,inetOrgPerson,inetOrgPerson,inetOrgPerson
mail=mailuser1 at domain2.com; objectClass,cn,uid,mail,displayName,sn unused
Apr 26 14:01:19 nfs-7-00 dovecot: auth: Debug:
ldap(mailuser1 at domain2.com): result: uid=mailuser1 cn=Usuario mailuser1
sn=Usuario 1 displayName=Usuario mailuser1
objectClass=inetOrgPerson,inetOrgPerson,inetOrgPerson,inetOrgPerson
mail=mailuser1 at domain2.com; objectClass,cn,uid,mail,displayName,sn unused
Apr 26 14:01:19 nfs-7-00 dovecot: auth: Debug: userdb out: USER 1
mailuser1 at domain2.com
home=/var/vmail/mailboxes/domain2.com/mailuser1/mailuser1 uid=500 gid=500
***************************
My base system is RHEL7, 24 CPUs and 16GB ram and for LDAP backend, 389
DS 1.2.2 on RHEL 6.6
2.2.10: /etc/dovecot/dovecot.conf
# OS: Linux 3.10.0-123.20.1.el7.x86_64 x86_64 Red Hat Enterprise Linux
Server release 7.0 (Maipo) nfs4
auth_debug = yes
auth_mechanisms = plain login
auth_verbose = yes
default_client_limit = 50000
disable_plaintext_auth = no
listen = *
mail_fsync = always
mail_gid = 500
mail_location = maildir:/var/vmail/mailboxes/%d/%8n/%n:INDEX=MEMORY
mail_nfs_index = yes
mail_nfs_storage = yes
mail_uid = 500
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave
mmap_disable = yes
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
plugin {
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
}
service auth {
unix_listener auth-userdb {
group = vmail
mode = 0640
user = vmail
}
}
service doveadm {
inet_listener {
port = 24245
}
}
service imap-login {
process_min_avail = 24
service_count = 0
}
service imap-urlauth-worker {
chroot =
client_limit = 1
drop_priv_before_exec = no
executable = imap-urlauth-worker
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 8192
process_min_avail = 0
protocol = imap
service_count = 1
type =
unix_listener imap-urlauth-worker {
group =
mode = 0600
user = $default_internal_user
}
user =
vsz_limit = 18446744073709551615 B
}
service imap-urlauth {
chroot =
client_limit = 1
drop_priv_before_exec = no
executable = imap-urlauth
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 8192
process_min_avail = 0
protocol = imap
service_count = 1
type =
unix_listener token-login/imap-urlauth {
group =
mode = 0666
user =
}
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service imap {
process_limit = 8192
}
service pop3-login {
process_min_avail = 24
}
ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
ssl_key = </etc/pki/dovecot/private/dovecot.pem
userdb {
driver = prefetch
}
userdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
protocol imap {
mail_max_userip_connections = 1000
}
local 172.28.200.0/24/24 {
doveadm_password = secret
}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: hector_jacas.vcf
Type: text/x-vcard
Size: 165 bytes
Desc: not available
URL: <http://dovecot.org/pipermail/dovecot/attachments/20150426/dfcc3ad3/attachment-0001.vcf>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: not available
URL: <http://dovecot.org/pipermail/dovecot/attachments/20150426/dfcc3ad3/attachment-0001.ksh>
More information about the dovecot
mailing list