proxy, userdb and passdb

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

proxy, userdb and passdb

Jogi Hofmüller
Dear all,

We are getting closer to the migration of our mailsystem.  Now I have a
special question.  We are successfully using

passdb {
  driver = pam
}

and that is good.  Now, how would I tell dovecot to proxy certain users
(the ones not yet migrated) to the old server?  My attempts to configure
an additional userdb failed since this seems to override the passdb setting.

Grateful for any hints!

Cheers,
--
j.hofmüller

Optimism doesn't alter the laws of physics.         - Subcommander T'Pol


signature.asc (237 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: proxy, userdb and passdb

Steffen Kaiser-9
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 18 Oct 2013, Jogi Hofmüller wrote:

> We are getting closer to the migration of our mailsystem.  Now I have a
> special question.  We are successfully using
>
> passdb {
>  driver = pam
> }
>
> and that is good.  Now, how would I tell dovecot to proxy certain users
> (the ones not yet migrated) to the old server?  My attempts to configure
> an additional userdb failed since this seems to override the passdb setting.
see http://wiki2.dovecot.org/PasswordDatabase/ExtraFields

However, a userdb does never override passdb setting (as I understand your
wording), because the userdb kicks in later, you should post your config.

- --
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBUmYx2F3r2wJMiz2NAQIOYwf/aylycKboWUL9rTep6u0wzfC+e5ZVLHec
oZSzF3Kths+dC6IOwEyCBlMuDdk+3Wol1enFzpFVonV11dJ8r55dpUcDqKEhVgS/
Jmx9B/e2+T5aHNZ/VjFxO9rLA+eVasR5g8SQqyjOxN7s71qgrxeGdLfFqt6PoZ5Y
7ZLawGee0wjDblPsG6lpxfCbnJDKF2ooqkIOQ3SQm43bHd5hBHUprJYjXdI4vbFR
I2yMNGbAbyuHgzJcPV1/W1GX1UUbFp53DUENFvg3C4Q9rxHAtzDu3JgirkRxhOQ0
qgZ0Uklmddviqp0KgVGulv0jJe0kk03hI689vfwIkddP5LwESwd4Rw==
=kIXe
-----END PGP SIGNATURE-----
Reply | Threaded
Open this post in threaded view
|

Re: proxy, userdb and passdb

Jogi Hofmüller
Hi Steffen,

Am 2013-10-22 10:05, schrieb Steffen Kaiser:

> see http://wiki2.dovecot.org/PasswordDatabase/ExtraFields

Did, thanks.  The errors I mentioned in my previous post are gone.
Still, proxying does not work as expected.  Instead I get strange warnings:

   Oct 22 12:06:51 server dovecot: auth-worker(PID): Warning: userdb
passwd: Move templates args to override_fields setting

This is the proxy-userdb file's content (I removed the UID and IP address):

user:::::::proxy=y host=IP-ADDRESS starttls=y nopassword=y

> However, a userdb does never override passdb setting (as I understand
> your wording), because the userdb kicks in later, you should post your
> config.

Here it comes:

# 2.1.17: /etc/dovecot/dovecot.conf
# OS: Linux 3.10-3-amd64 x86_64 Debian jessie/sid
mail_location = maildir:~/Maildir
mail_plugins = acl
namespace {
   list = children
   location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u
   prefix = shared/%%u/
   subscriptions = no
   type = shared
}
namespace inbox {
   hidden = yes
   inbox = yes
   list = no
   location =
   mailbox Drafts {
     auto = subscribe
     special_use = \Drafts
   }
   mailbox Junk {
     special_use = \Junk
   }
   mailbox Sent {
     auto = subscribe
     special_use = \Sent
   }
   mailbox "Sent Messages" {
     auto = subscribe
     special_use = \Sent
   }
   mailbox Trash {
     auto = subscribe
     special_use = \Trash
   }
   prefix =
   subscriptions = yes
   type = private
}
passdb {
   args = session=yes
   driver = pam
}
plugin {
   sieve = ~/.dovecot.sieve
   sieve_dir = ~/sieve
}
protocols = " imap lmtp pop3"
ssl_cert = </etc/dovecot/dovecot.pem
ssl_key = </etc/dovecot/private/dovecot.pem
userdb {
   args = /etc/dovecot/proxy-userdb
   driver = passwd
}
protocol imap {
   mail_plugins = acl autocreate imap_acl
}

Thanks for any hints/suggestions!
--
j.hofmüller

mur.sat -- a space art project                        http://sat.mur.at/
Reply | Threaded
Open this post in threaded view
|

Re: proxy, userdb and passdb

Timo Sirainen
On 22.10.2013, at 13.13, Jogi Hofmüller <[hidden email]> wrote:

> Hi Steffen,
>
> Am 2013-10-22 10:05, schrieb Steffen Kaiser:
>
>> see http://wiki2.dovecot.org/PasswordDatabase/ExtraFields
>
> Did, thanks.  The errors I mentioned in my previous post are gone. Still, proxying does not work as expected.  Instead I get strange warnings:
>
>  Oct 22 12:06:51 server dovecot: auth-worker(PID): Warning: userdb passwd: Move templates args to override_fields setting
>
> This is the proxy-userdb file's content (I removed the UID and IP address):
>
> user:::::::proxy=y host=IP-ADDRESS starttls=y nopassword=y
> passdb {
>  args = session=yes
>  driver = pam
> }
> userdb {
>  args = /etc/dovecot/proxy-userdb
>  driver = passwd
> }

1) Use passwd-file, not passwd

2) userdb has no effect on proxying, it must be passdb.

If you really want to keep using PAM, you need to use Dovecot v2.2 with an additional passdb configuring the proxying for the users. http://wiki2.dovecot.org/PasswordDatabase#Passdb_settings explains more. It can’t be done with v2.1.

Reply | Threaded
Open this post in threaded view
|

Re: proxy, userdb and passdb

alexwanderley
In reply to this post by Jogi Hofmüller
Hello Jogi,

Did you happen to have this working? Could you share how?

Thanks,

Alex
Reply | Threaded
Open this post in threaded view
|

Re: proxy, userdb and passdb

Jogi Hofmüller
Dear Alex et al

> Did you happen to have this working? Could you share how?

So far it's not working yet.  We are currently exploring more recent
dovecot versions (2.2.9 AFAIR) but had to do some other work to keep the
mailsystem running.  Now we have more time to work on migration and will
post any useful results (or more questions, whatever comes first).

Cheers!
--
j.hofmüller

Optimism doesn't alter the laws of physics.         - Subcommander T'Pol


signature.asc (237 bytes) Download Attachment