Re: Authcache and user changing
On 09 Jan 2015, at 12:36, Lazy wrote: > I have atached a dirty hack that fixes the issue for me (username > changes are cached in userdb auth cache). These should also work: http://hg.dovecot.org/dovecot-2.2/rev/08b2f79e8212 http://hg.dovecot.org/dovecot-2.2/rev/635f9c7d5991
Re: Authcache and user changing
2015-01-09 9:16 GMT+01:00 Steffen Kaiser :
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
>
> On Mon, 29 Dec 2014, Lazy wrote:
>
>>
>> I have noticed that during auth cache hits usernames are not updated.
>> (We use ldap backend
>> and change username with
>> user_attrs = uid=user, mailMessageStore=home,
>> mailQuotaSize=quota_rule=*:bytes=%$
>>
>> cold cache
>>
>> lmtp(14414): Debug: auth input: testmon_testmon
>> home=/vmail/te/testmon_testmon quota_rule=*:bytes=104857600
>> lmtp(14414): Debug: changed username to testmon_testmon
>> lmtp(14414): Debug: Added userdb setting:
>> plugin/quota_rule=*:bytes=104857600
>>
>>
>> hot cache
>>
>> lmtp(14715): Debug: auth input: iq...@mon.test.pl
>> home=/vmail/iq/testmon_testmon quota_rule=*:bytes=104857600
>> lmtp(14715): Debug: Added userdb setting:
>> plugin/quota_rule=*:bytes=104857600
>>
>> this kills our dictionary based quota (users have multiple quota
>> instances depending on
>> timing and alias the email was delivered to.
>>
>> Is there a way to force addition of user to the auth cache ?
>
>
> Did you posted your doveconf -n and ldap settings somewhere?
I have atached a dirty hack that fixes the issue for me (username
changes are cached in userdb auth cache).
config follows
dovecot -n
passdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
userdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
dovecot-ldap.conf.ext
debug_level = 32
auth_bind = no
ldap_version = 3
base = ou=accounts,o=test,c=pl
user_attrs = uid=user, mailMessageStore=home,
mailQuotaSize=quota_rule=*:bytes=%$
user_filter =
(&(&(!(accountStatus=deleted))(objectClass=qMailUser))(|(mail=%u)(uid=%u)(mailAlternateAddress=%u)))
pass_attrs = uid=user, userPassword=password
pass_filter =
(&(objectClass=qMailUser)(|(mail=%u)(uid=%u)(mailAlternateAddress=%u)))
iterate_attrs = uid=user
iterate_filter = (&(&(objectClass=qmailUser)(!(accountStatus=deleted
full doveconf -n
# 2.2.15: /etc/dovecot/dovecot.conf
# OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.7
auth_cache_negative_ttl = 5 mins
auth_cache_size = 10 M
auth_cache_ttl = 5 mins
auth_debug = yes
auth_master_user_separator = *
auth_mechanisms = plain login
auth_username_format = %u
auth_verbose = yes
base_dir = /var/run/dovecot/
deliver_log_format = msgid=%m f:%f s:%s %$
disable_plaintext_auth = no
import_environment = TZ
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
lda_original_recipient_header = Delivered-To
listen = 10.0.55.22
login_greeting = Imap ready.
login_trusted_networks = 10.0.55.2/32 10.0.55.3/32
mail_debug = yes
mail_gid = 300
mail_location = maildir:~/Maildir:INDEX=/var/dovecot_indexes%h
mail_plugins = quota expire notify mail_log
mail_uid = 300
maildir_very_dirty_syncs = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave duplicate
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox SPAM {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = /etc/dovecot/master-users
driver = passwd-file
master = yes
pass = yes
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
plugin {
expire = SPAM
expire_dict = redis:host=127.0.0.1:prefix=expire/
last_login_key = %u
mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
mail_log_fields = uid box msgid from subject size
quota = dict:User quota::redis:host=127.0.0.1:prefix=user/
quota_warning = storage=95%% quota-warning 95 %u
quota_warning2 = storage=80%% quota-warning 80 %u
sieve_global_dir = /etc/sieve_global
sieve_max_redirects = 20
}
postmaster_address = postmas...@test.pl
protocols = imap pop3 lmtp sieve
recipient_delimiter =
service auth {
unix_listener auth-userdb {
mode = 0777
}
}
service dict {
unix_listener dict {
group = vmail
user = vmail
}
}
service doveadm {
inet_listener {
port = 4567
}
}
service imap-login {
process_min_avail = 8
service_count = 0
}
service imap {
process_limit = 14000
}
service lmtp {
inet_listener lmtp {
address = dovecot2
port = 24
}
process_min_avail = 5
user = vmail
}
service pop3-login {
process_min_avail = 8
service_count = 0
}
service pop3 {
process_limit = 1
}
service quota-warning {
executable = script /usr/local/bin/quota_warning.sh
unix_listener quota-warning {
user = vmail
}
user = vmail
}
ssl = no
syslog_facility = local2
userdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
verbose_proctitle = yes
protocol lmtp {
auth_username_format = %u
mail_plugins = quota expire notify ma
Re: Authcache and user changing
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 29 Dec 2014, Lazy wrote: I have noticed that during auth cache hits usernames are not updated. (We use ldap backend and change username with user_attrs = uid=user, mailMessageStore=home, mailQuotaSize=quota_rule=*:bytes=%$ cold cache lmtp(14414): Debug: auth input: testmon_testmon home=/vmail/te/testmon_testmon quota_rule=*:bytes=104857600 lmtp(14414): Debug: changed username to testmon_testmon lmtp(14414): Debug: Added userdb setting: plugin/quota_rule=*:bytes=104857600 hot cache lmtp(14715): Debug: auth input: iq...@mon.test.pl home=/vmail/iq/testmon_testmon quota_rule=*:bytes=104857600 lmtp(14715): Debug: Added userdb setting: plugin/quota_rule=*:bytes=104857600 this kills our dictionary based quota (users have multiple quota instances depending on timing and alias the email was delivered to. Is there a way to force addition of user to the auth cache ? Did you posted your doveconf -n and ldap settings somewhere? - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBVK+OWXz1H7kL/d9rAQLCawf/ROHvFecRZorrmGadAUmOk7Nj26m4WBH9 gQVbtOlPN4Vi8An1ldkTtyAqs8M7d67rGp3pW5ncZtd6BbseaaSBSNXaVXomZoBO RwOxrXQ0c7Em+yDegKwz085Iu4h6vTkzlsnDhRl1aiEn4r05U8GSyKTV4hchB1Ej rkfEILSWHK/bzvbeGz4qwxpFRyd4CMabK9IsFz0qiQFhavE8AKnnega4HDk2Vsdr sABB8xI25++DD4yKBKDsAari1PkoPrndzURexdH/chJFGpD/eFbO7t9owtyFnaU9 eNZYH1H81TjkHG8u4Rq2AoTFZt2RnptfHtCbs0lQnhuddrmH6gv8ZQ== =QIur -END PGP SIGNATURE-
Re: Authcache and user changing
2014-12-30 15:04 GMT+01:00 Lazy : > 2014-12-29 12:47 GMT+01:00 Lazy : >> Hi, >> >> >> I have noticed that during auth cache hits usernames are not updated. >> (We use ldap backend >> and change username with >> user_attrs = uid=user, mailMessageStore=home, >> mailQuotaSize=quota_rule=*:bytes=%$ >> >> cold cache >> >> lmtp(14414): Debug: auth input: testmon_testmon >> home=/vmail/te/testmon_testmon quota_rule=*:bytes=104857600 >> lmtp(14414): Debug: changed username to testmon_testmon >> lmtp(14414): Debug: Added userdb setting: plugin/quota_rule=*:bytes=104857600 >> >> >> hot cache >> >> lmtp(14715): Debug: auth input: iq...@mon.test.pl >> home=/vmail/iq/testmon_testmon quota_rule=*:bytes=104857600 >> lmtp(14715): Debug: Added userdb setting: plugin/quota_rule=*:bytes=104857600 > > auth replays are > > > USER\t2\ttestmon_testmon\thome=/vmail/te/testmon_testmon\tquota_rule=*:bytes=104857600\n > on a cache miss > > and > > USER\t3\ttest...@mon.test.pl\thome=/vmail/te/testmon_testmon\tquota_rule=*:bytes=104857600\n > with a cache hit > > > without cache user is rewriten as expected, with cache it isn't requests made by imap or pop3 are always rewriting the usernames is it a bug or is it intentional ? -- Michal Grzedzicki
Re: Authcache and user changing
2014-12-29 12:47 GMT+01:00 Lazy : > Hi, > > > I have noticed that during auth cache hits usernames are not updated. > (We use ldap backend > and change username with > user_attrs = uid=user, mailMessageStore=home, > mailQuotaSize=quota_rule=*:bytes=%$ > > cold cache > > lmtp(14414): Debug: auth input: testmon_testmon > home=/vmail/te/testmon_testmon quota_rule=*:bytes=104857600 > lmtp(14414): Debug: changed username to testmon_testmon > lmtp(14414): Debug: Added userdb setting: plugin/quota_rule=*:bytes=104857600 > > > hot cache > > lmtp(14715): Debug: auth input: iq...@mon.test.pl > home=/vmail/iq/testmon_testmon quota_rule=*:bytes=104857600 > lmtp(14715): Debug: Added userdb setting: plugin/quota_rule=*:bytes=104857600 auth replays are USER\t2\ttestmon_testmon\thome=/vmail/te/testmon_testmon\tquota_rule=*:bytes=104857600\n on a cache miss and USER\t3\ttest...@mon.test.pl\thome=/vmail/te/testmon_testmon\tquota_rule=*:bytes=104857600\n with a cache hit without cache user is rewriten as expected, with cache it isn't -- Michal Grzedzicki
Authcache and user changing
Hi, I have noticed that during auth cache hits usernames are not updated. (We use ldap backend and change username with user_attrs = uid=user, mailMessageStore=home, mailQuotaSize=quota_rule=*:bytes=%$ cold cache lmtp(14414): Debug: auth input: testmon_testmon home=/vmail/te/testmon_testmon quota_rule=*:bytes=104857600 lmtp(14414): Debug: changed username to testmon_testmon lmtp(14414): Debug: Added userdb setting: plugin/quota_rule=*:bytes=104857600 hot cache lmtp(14715): Debug: auth input: iq...@mon.test.pl home=/vmail/iq/testmon_testmon quota_rule=*:bytes=104857600 lmtp(14715): Debug: Added userdb setting: plugin/quota_rule=*:bytes=104857600 this kills our dictionary based quota (users have multiple quota instances depending on timing and alias the email was delivered to. Is there a way to force addition of user to the auth cache ? -- Michal Grzedzicki
