v2.3.19.1 released

Ralf Becker rb at egroupware.org
Mon Jun 20 11:32:42 UTC 2022


Hi Timo,

Am 20.06.22 um 12:17 schrieb Timo Sirainen:
> On 20. Jun 2022, at 10.03, Ralf Becker <rb at egroupware.org> wrote:
>>>    Fixes: Panic: file userdb-blocking.c: line 125 (userdb_blocking_iter_next): assertion failed: (ctx->conn != NULL)
>> As the above Panic is fixed I tried again (see my attached mail to the 2.3.19 release) and I can confirm to no longer get the Panic, BUT authentication is NOT working either :(
>>
>> Reverting back to a container with Dovecot 2.3.16, get's everything working again.
>>
>> We use a hourly updated local SQLight database and a dict for user- and passdb.
>>
>> Is the usage of multiple backends no longer supported, or did something in that regard changed between 2.3.16 and 2.3.19.1?
> We have lots of tests using multiple backends for authentication, and lots of people are using many passdbs/userdbs in production. I was only aware of iteration being broken with multiple userdbs, since that's not used so much. And we added a test to verify that multiple userdb iteration is actually returning results from both userdbs, so that shouldn't be completely broken either.
>
> So I'd need more details of what exactly goes wrong and how. Is it the authentication or the iteration that is now broken?

I only seen authentication errors in doveadm log errors and our 
montioring trying to access the backend with user credentials.

> Logs with auth_debug=yes would likely help.

I will get you the logs tonight, don't want to switch (one leg of) the 
production system during daytime.
I can then also try eg. doveadm user -A to check the iteration.

> Also:
>
>> Here's the relevant part of my config (full doveadm config -n is attached):
>>
>> userdb {
>>   args = /etc/dovecot/dovecot-sql.conf
>>   driver = sql
>> }
>> userdb {
>>   args = /etc/dovecot/dovecot-dict-auth.conf
>>   driver = dict
>> }
>> passdb {
>>   args = /etc/dovecot/dovecot-dict-master-auth.conf
>>   driver = dict
>>   master = yes
>> }
>> passdb {
>>   args = /etc/dovecot/dovecot-dict-auth.conf
>>   driver = dict
>> }
> What do these external conf files contain?

/etc/dovecot/dovecot-sql.conf:

driver = sqlite
connect = /etc/dovecot/users.sqlite

#password_query = SELECT userid AS username, domain, password \
#  FROM users WHERE userid = '%n' AND domain = '%d'
#user_query = SELECT home, uid, gid FROM users WHERE userid = '%n' AND 
domain = '%d'
# return no userdb, as db contains only user-names
#user_query = SELECT home,NULL AS uid,NULL AS gid FROM users WHERE 
userid = '%n' AND domain = '%d'
user_query = SELECT home,NULL AS uid,NULL AS gid, \
         '*:bytes='||(quota*1048576) AS quota_rule, \
         userid||'@'||domain AS master_user, \
         LOWER(REPLACE(groups||',', ',', '@'||domain||',')) AS acl_groups \
         FROM users WHERE userid = '%n' AND domain = '%d'

# For using doveadm -A:
iterate_query = SELECT userid AS username, domain FROM users

/etc/dovecot/dovecot-dict-auth.conf:

uri = proxy:/var/run/dovecot_auth_proxy/socket:somewhere
#uri = proxy:10.44.99.180:2001:somewhere

password_key = passdb/%u/%w
user_key = userdb/%u
iterate_disable = yes
#iterate_disable = no
#iterate_prefix = userdb/
default_pass_scheme = md5

/etc/dovecot/dovecot-dict-master-auth.conf:

uri = proxy:/var/run/dovecot_auth_proxy/socket:somewhere
#uri = proxy:10.44.99.180:2001:somewhere

#password_key = master/%{login_domain}/%u/%w
password_key = master/%{login_user}/%u/%w
iterate_disable = yes
default_pass_scheme = md5

Thanks :)

Ralf

-- 
Ralf Becker
EGroupware GmbH [www.egroupware.org]
Handelsregister HRB Kaiserslautern 3587
Geschäftsführer Birgit und Ralf Becker
Leibnizstr. 17, 67663 Kaiserslautern, Germany
Telefon +49 631 31657-0



More information about the dovecot mailing list