On 22.03.2017 10:17, Leon Kyneur wrote: > > > On Wed, Mar 22, 2017, at 01:04 AM, Aki Tuomi wrote: >> On 22.03.2017 10:03, Leon Kyneur wrote: >>> Hi >>> >>> I am trying to configure the last_login plugin with LDAP dictionary >>> which is causing dict service to crash. Not sure if this is a bug or >>> some configuration parameter I'm getting wrong? >>> >>> Running latest dovecot but was having the same problem in earlier >>> version 2.2.25 >>> >>> # dovecot --version >>> 2.2.28 (bed8434) >>> >>> I have configured dovecot like so: >>> >>> dovecot.conf (before conf.d/*.conf: >>> dict { >>> #quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext >>> #expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext >>> lastlogin = ldap:/etc/dovecot/dovecot-ldap-dict.conf.ext >>> } >>> >>> conf.d/10-master.conf >>> service dict { >>> # If dict proxy is used, mail processes should have access to its >>> socket. >>> # For example: mode=0660, group=vmail and global >>> mail_access_groups=vmail >>> unix_listener dict { >>> mode = 0660 >>> user = vmail >>> group = vmail >>> } >>> } >>> >>> >>> conf.d/20-imap.conf: >>> protocol imap { >>> # Space separated list of plugins to load (default is global >>> mail_plugins). >>> mail_plugins = $mail_plugins last_login >>> >>> # Maximum number of IMAP connections allowed for a user from each IP >>> address. >>> # NOTE: The username is compared case-sensitively. >>> #mail_max_userip_connections = 10 >>> } >>> >>> >>> >>> 90-plugins.conf >>> plugin { >>> #setting_name = value >>> #last_login_dict = proxy::lastlogin >>> last_login_dict = proxy:dict:lastlogin >>> zlib_save = gz >>> zlib_save_level = 6 >>> } >>> >>> >>> dovecot-ldap-dict.conf.ext: >>> uri = ldap://ldap.internal >>> bind_dn = cn=Manager,dc=mail,dc=com >>> password = XXXX >>> tls = no >>> debug = 1 >>> >>> map { >>> pattern = last-login/$user >>> filter = (&(mail=%{user})(objectClass=mailUser)) # the () is required >>> base_dn = o=domains,dc=mail,dc=com >>> username_attribute = mail >>> value_attribute = lastLoginTime >>> fields { >>> mail=$user >>> } >>> } >>> >>> I don't see dovecot ever making a connection to the LDAP server I've >>> configured in the dovecot-ldap-dict.conf.ext file. >>> >>> Log shows >>> >>> ==> /var/log/dovecot.log <== >>> Mar 22 07:49:30 imap-login: Info: Login: user=<l...@mail.com>, >>> method=PLAIN, rip=X.X.X.X, lip=X.X.X.X, mpid=36105, secured, >>> session=<o0Lu/0xL4N3LhgGR> >>> Mar 22 07:49:30 dict: Fatal: master: service(dict): child 36107 killed >>> with signal 11 (core dumped) >>> Mar 22 07:49:30 imap(l...@mail.com): Error: dict-client: Commit may have >>> failed: Connection closed (reply took 0.015 secs) >>> Mar 22 07:49:30 imap(l...@mail.com): Error: last_login_dict: Write was >>> unconfirmed (timeout or disconnect) for user l...@mail.com >>> >>> Backtrace: >>> # gdb /var/core/36107 >>> GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-94.el7 >>> Copyright (C) 2013 Free Software Foundation, Inc. >>> License GPLv3+: GNU GPL version 3 or later >>> <http://gnu.org/licenses/gpl.html> >>> This is free software: you are free to change and redistribute it. >>> There is NO WARRANTY, to the extent permitted by law. Type "show >>> copying" >>> and "show warranty" for details. >>> This GDB was configured as "x86_64-redhat-linux-gnu". >>> For bug reporting instructions, please see: >>> <http://www.gnu.org/software/gdb/bugs/>... >>> [New LWP 36107] >>> Reading symbols from /usr/libexec/dovecot/dict...Reading symbols from >>> /usr/lib/debug/usr/libexec/dovecot/dict.debug...done. >>> done. >>> Missing separate debuginfo for >>> Try: yum --enablerepo='*debug*' install >>> /usr/lib/debug/.build-id/b0/07fede01895dec1aca9d8b8993fe27d70a3a20 >>> [Thread debugging using libthread_db enabled] >>> Using host libthread_db library "/lib64/libthread_db.so.1". >>> Core was generated by `dovecot/dict'. >>> Program terminated with signal 11, Segmentation fault. >>> #0 0x0000000000000000 in ?? () >>> (gdb) bt full >>> #0 0x0000000000000000 in ?? () >>> No symbol table info available. >>> #1 0x00007fbcf11bd04f in cmd_begin (cmd=0x7fbcf2c02910, line=<optimized >>> out>) at dict-commands.c:365 >>> trans = 0x7fbcf2c029a0 >>> id = 1 >>> #2 0x00007fbcf11bdef8 in dict_command_input >>> (conn=conn@entry=0x7fbcf2bf24d0, line=line@entry=0x7fbcf2bf48cb "B1") at >>> dict-commands.c:625 >>> cmd_func = 0x7fbcf13c85c0 <cmds+32> >>> cmd = 0x7fbcf2c02910 >>> ret = <optimized out> >>> #3 0x00007fbcf11bc6ee in dict_connection_input_more >>> (conn=0x7fbcf2bf24d0) at dict-connection.c:117 >>> _data_stack_cur_id = 3 >>> line = 0x7fbcf2bf48cb "B1" >>> ret = <optimized out> >>> #4 0x00007fbcf11bc7d2 in dict_connection_input (conn=0x7fbcf2bf24d0) at >>> dict-connection.c:167 >>> line = <optimized out> >>> conn = 0x7fbcf2bf24d0 >>> #5 0x00007fbcf0d1b2d2 in io_loop_call_io (io=0x7fbcf2bf2890) at >>> ioloop.c:599 >>> ioloop = 0x7fbcf2be0740 >>> t_id = 2 >>> __FUNCTION__ = "io_loop_call_io" >>> #6 0x00007fbcf0d1c95f in io_loop_handler_run_internal >>> (ioloop=ioloop@entry=0x7fbcf2be0740) at ioloop-epoll.c:223 >>> ctx = 0x7fbcf2beded0 >>> events = <optimized out> >>> list = 0x7fbcf2bf28f0 >>> io = <optimized out> >>> tv = {tv_sec = 2147483, tv_usec = 0} >>> events_count = <optimized out> >>> msecs = <optimized out> >>> ret = 1 >>> i = 0 >>> call = <optimized out> >>> __FUNCTION__ = "io_loop_handler_run_internal" >>> #7 0x00007fbcf0d1b36c in io_loop_handler_run >>> (ioloop=ioloop@entry=0x7fbcf2be0740) at ioloop.c:648 >>> No locals. >>> #8 0x00007fbcf0d1b528 in io_loop_run (ioloop=0x7fbcf2be0740) at >>> ioloop.c:623 >>> __FUNCTION__ = "io_loop_run" >>> #9 0x00007fbcf0ca4603 in master_service_run (service=0x7fbcf2be05e0, >>> callback=callback@entry=0x7fbcf11be150 <client_connected>) at >>> master-service.c:641 >>> No locals. >>> #10 0x00007fbcf11bbff9 in main (argc=1, argv=0x7fbcf2be0390) at >>> main.c:161 >>> set_roots = {0x7fbcf13c88a0 <dict_setting_parser_info>, 0x0} >>> error = 0x0 >> LDAP writes are not supported in LDAP dict module yet. It should not >> crash though. >> >> Aki > Thanks Aki > > Couldn't see mention of which backends support write on the wiki - > http://wiki2.dovecot.org/Dictionary. Are there others I should avoid? > > Regards > > Leon
All the other should support writing. Aki