Authcache and user changing

Lazy lazy404 at gmail.com
Fri Jan 9 10:36:04 UTC 2015


2015-01-09 9:16 GMT+01:00 Steffen Kaiser <skdovecot at smail.inf.fh-brs.de>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> On Mon, 29 Dec 2014, Lazy wrote:
>
>>
>> I have noticed that during auth cache hits usernames are not updated.
>> (We use ldap backend
>> and change username with
>> user_attrs = uid=user, mailMessageStore=home,
>> mailQuotaSize=quota_rule=*:bytes=%$
>>
>> cold cache
>>
>> lmtp(14414): Debug: auth input: testmon_testmon
>> home=/vmail/te/testmon_testmon quota_rule=*:bytes=104857600
>> lmtp(14414): Debug: changed username to testmon_testmon
>> lmtp(14414): Debug: Added userdb setting:
>> plugin/quota_rule=*:bytes=104857600
>>
>>
>> hot cache
>>
>> lmtp(14715): Debug: auth input: iqmon at mon.test.pl
>> home=/vmail/iq/testmon_testmon quota_rule=*:bytes=104857600
>> lmtp(14715): Debug: Added userdb setting:
>> plugin/quota_rule=*:bytes=104857600
>>
>> this kills our dictionary based quota (users have multiple quota
>> instances depending on
>> timing and alias the email was delivered to.
>>
>> Is there a way to force addition of user to the auth cache ?
>
>
> Did you posted your doveconf -n and ldap settings somewhere?


I have atached a dirty hack that fixes the issue for me (username
changes are cached in userdb auth cache).

config follows

dovecot -n

passdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}

userdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}

dovecot-ldap.conf.ext

debug_level = 32
auth_bind = no
ldap_version = 3
base = ou=accounts,o=test,c=pl

user_attrs = uid=user, mailMessageStore=home,
mailQuotaSize=quota_rule=*:bytes=%$
user_filter = (&(&(!(accountStatus=deleted))(objectClass=qMailUser))(|(mail=%u)(uid=%u)(mailAlternateAddress=%u)))

pass_attrs = uid=user, userPassword=password
pass_filter = (&(objectClass=qMailUser)(|(mail=%u)(uid=%u)(mailAlternateAddress=%u)))

iterate_attrs = uid=user
iterate_filter = (&(&(objectClass=qmailUser)(!(accountStatus=deleted))))


full doveconf -n

# 2.2.15: /etc/dovecot/dovecot.conf
# OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.7
auth_cache_negative_ttl = 5 mins
auth_cache_size = 10 M
auth_cache_ttl = 5 mins
auth_debug = yes
auth_master_user_separator = *
auth_mechanisms = plain login
auth_username_format = %u
auth_verbose = yes
base_dir = /var/run/dovecot/
deliver_log_format = msgid=%m f:%f s:%s %$
disable_plaintext_auth = no
import_environment = TZ
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
lda_original_recipient_header = Delivered-To
listen = 10.0.55.22
login_greeting = Imap ready.
login_trusted_networks = 10.0.55.2/32 10.0.55.3/32
mail_debug = yes
mail_gid = 300
mail_location = maildir:~/Maildir:INDEX=/var/dovecot_indexes%h
mail_plugins = quota expire notify mail_log
mail_uid = 300
maildir_very_dirty_syncs = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave duplicate
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox SPAM {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix =
}
passdb {
  args = /etc/dovecot/master-users
  driver = passwd-file
  master = yes
  pass = yes
}
passdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
plugin {
  expire = SPAM
  expire_dict = redis:host=127.0.0.1:prefix=expire/
  last_login_key = %u
  mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
  mail_log_fields = uid box msgid from subject size
  quota = dict:User quota::redis:host=127.0.0.1:prefix=user/
  quota_warning = storage=95%% quota-warning 95 %u
  quota_warning2 = storage=80%% quota-warning 80 %u
  sieve_global_dir = /etc/sieve_global
  sieve_max_redirects = 20
}
postmaster_address = postmaster at test.pl
protocols = imap pop3 lmtp sieve
recipient_delimiter =

service auth {
  unix_listener auth-userdb {
    mode = 0777
  }
}
service dict {
  unix_listener dict {
    group = vmail
    user = vmail
  }
}
service doveadm {
  inet_listener {
    port = 4567
  }
}
service imap-login {
  process_min_avail = 8
  service_count = 0
}
service imap {
  process_limit = 14000
}
service lmtp {
  inet_listener lmtp {
    address = dovecot2
    port = 24
  }
  process_min_avail = 5
  user = vmail
}
service pop3-login {
  process_min_avail = 8
  service_count = 0
}
service pop3 {
  process_limit = 10000
}
service quota-warning {
  executable = script /usr/local/bin/quota_warning.sh
  unix_listener quota-warning {
    user = vmail
  }
  user = vmail
}
ssl = no
syslog_facility = local2
userdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
verbose_proctitle = yes
protocol lmtp {
  auth_username_format = %u
  mail_plugins = quota expire notify mail_log sieve
  syslog_facility = local3
}
protocol lda {
  mail_plugins = quota expire notify mail_log sieve
  syslog_facility = local3
}
protocol imap {
  mail_max_userip_connections = 30
  mail_plugins = quota expire notify mail_log imap_quota last_login
}
protocol sieve {
  plugin {
    sieve = ~/.dovecot.sieve
    sieve_max_script_size = 50K
    sieve_quota_max_scripts = 5
    sieve_quota_max_storage = 500K
    sieve_storage = ~/sieve/
  }
}
protocol pop3 {
  mail_plugins = quota expire notify mail_log last_login
  pop3_client_workarounds = outlook-no-nuls
  pop3_fast_size_lookups = yes
  pop3_uidl_format = %f
}

--
Michal Grzedzicki
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cache_user.patch
Type: application/octet-stream
Size: 2248 bytes
Desc: not available
URL: <http://dovecot.org/pipermail/dovecot/attachments/20150109/aacc9403/attachment.obj>


More information about the dovecot mailing list