[Dovecot] Migration from v1 to v2 with hashed directory structure
Hi, I want to upgrade to version 2 but I would like to solve a long standing problem with 'flat' directory structure ie we have /var/spool/vmail/mydomain.com/u...@mydomain.com and I want a new server with version 2 to have hashed directory structure like /var/spool/vmail/mydomain.com/u/s/user I was wondering it f there is some better solution then dir hashing or a way to hash a dir other then first two letters. Also any suggestion how to perform this migration from old to new server with hashing on the fly? Thanks in advance.
Re: [Dovecot] Migration from v1 to v2 with hashed directory structure
Thank you Ed, I was referring also to other people experiences regarding migration. Do's and Don'ts, and specially directory hashing strategies others are utilizing. On Fri, Mar 1, 2013 at 12:38 AM, Ed W wrote: > On 28/02/2013 13:59, Pavel Dimow wrote: >> >> Hi, >> >> I want to upgrade to version 2 but I would like to solve a long >> standing problem with 'flat' directory structure ie >> we have /var/spool/vmail/mydomain.com/u...@mydomain.com and I want a >> new server with version 2 to have >> hashed directory structure like /var/spool/vmail/mydomain.com/u/s/user >> I was wondering it f there is some better solution then dir hashing or >> a way to hash a dir other then first two letters. >> Also any suggestion how to perform this migration from old to new >> server with hashing on the fly? >> > > My thought would be that unless you have millions of users, such a rename > process will take only seconds to minutes? Why not just take the server > down for a couple of minutes to do the rename process? > > If you wanted to be really clever, you could do it live using symlinks to > move the dirs, then update the dovecot config? > > Ed W
Re: [Dovecot] Migration from v1 to v2 with hashed directory structure
Tnx will try ;) On Fri, Mar 1, 2013 at 10:41 AM, Steffen Kaiser wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > > On Thu, 28 Feb 2013, Ed W wrote: >> >> On 28/02/2013 13:59, Pavel Dimow wrote: >>> >>> Hi, >>> >>> I want to upgrade to version 2 but I would like to solve a long >>> standing problem with 'flat' directory structure ie >>> we have /var/spool/vmail/mydomain.com/u...@mydomain.com and I want a >>> new server with version 2 to have >>> hashed directory structure like /var/spool/vmail/mydomain.com/u/s/user >>> I was wondering it f there is some better solution then dir hashing or >>> a way to hash a dir other then first two letters. >>> Also any suggestion how to perform this migration from old to new >>> server with hashing on the fly? >>> >> >> My thought would be that unless you have millions of users, such a rename >> process will take only seconds to minutes? Why not just take the server >> down for a couple of minutes to do the rename process? >> >> If you wanted to be really clever, you could do it live using symlinks to >> move the dirs, then update the dovecot config? > > > Yeah: > > for dir in /var/spool/vmail/mydomain.com/*; do > to="$(script_to_map_name "$dir")" > if ! test -d "$(dirname "$to")"; then > # add -m 0555 if needed > mkdir -p "$(dirname "$to")" > fi > # If a new mails arrives or the user access the box > # there will be an error for a (very) short time > mv "$dir" "$to" > ln -s "$to" "$dir" > # no more errors done > > Then update the config, reload Dovecot, wait a bit, remove the symlinks. > > - -- Steffen Kaiser > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.11 (GNU/Linux) > > iQEVAwUBUTB32F3r2wJMiz2NAQK2vgf/V5OCGWdToQJOxCtUlZp+aMslznBpr2Rq > XrjANVYblMUzipd8HFR7YzbHkgJizm/t5k5+OHg9xX1D9YrsxB9/9k1pMRomAuCv > nIBWmb4JTIvq2MJihstXZj8q/z3i5OXbb7Mp5o/YgkZqx9OBfD4IJvSRT6d7vuld > 7xCSc56zF7MlpFfXXN9nBYBFNGXvOEmvgrZNd2BtL6iSWxC7tVZbfkdLfuUS0RKv > FKIcuESPZNkKmr86NxEegpOz8fs7ZdSrvs5ibqNdDN4+oOnKC55EwOPgY1OOhWmB > ZdzmDAdy8ztXauWmuznkAP+FzhZV5jIBXlNJLnkj2xGsT5x20/FTvg== > =nW5U > -END PGP SIGNATURE-
[Dovecot] Dovecot v2 multiple domains
Hello, I would like to have multiple domains on same server (with different ip's) and I want that user logs with username with domain part for every domain, but I can't find any documentation on this. To be more precise I found a post regarding dovecot v1 that suggest making separate init scripts for every domain but it also suggest that dovecot v2 will support this in code. This is the post http://dovecot.org/pipermail/dovecot/2006-April/012455.html Am I missing something or this is not still possible?
Re: [Dovecot] Dovecot v2 multiple domains
Thank you Timo and yes I mean without ;) On Sun, Mar 24, 2013 at 11:08 PM, Timo Sirainen wrote: > On 25.3.2013, at 0.01, Pavel Dimow wrote: > > > Hello, > > > > I would like to have multiple domains on same server (with different > > ip's) and I want that user logs with username with domain part for > > every domain, > > "with"? so people logging in as user@domain? There is nothing you need to > do. Dovecot doesn't care about domains, only how login names match to mail > directories. > > If you really meant "without", then you need to match the IP address with > the username. %l variables expands to the IP in e.g. passdb sql query. > >
[Dovecot] dovecot 2 variables
Hi, I am trying to use separate configurations for ldap authentication thus providing users with the ability to only use username without domain part. Now according to documentation this should be possible http://wiki2.dovecot.org/AuthDatabase/PasswdFile but I keep getting error in my dovecot.log like this auth: Error: Can't open configuration file /etc/dovecot/%l/dovecot-ldap.conf: No such file or directory Why does dovecot does not expand %l to local ip address?
Re: [Dovecot] dovecot 2 variables
Thank you Timo, can you please correct me if I am wrong, but this means that only way to have one dovecot server authenticating users from ldap without domain part is to use %l in ldap query? That imply to have tree like ou=people,o=x.x.x.x.o=mail,dc=acme,dc=com Or there is a better way to do it? On Sun, Apr 7, 2013 at 11:26 PM, Timo Sirainen wrote: > On 7.4.2013, at 23.51, Pavel Dimow wrote: > > > I am trying to use separate configurations for ldap authentication thus > > providing users > > with the ability to only use username without domain part. Now according > to > > documentation this should be possible > > http://wiki2.dovecot.org/AuthDatabase/PasswdFile > > > > but I keep getting error in my dovecot.log like this > > > > auth: Error: Can't open configuration file > > /etc/dovecot/%l/dovecot-ldap.conf: No such file or directory > > > > Why does dovecot does not expand %l to local ip address? > > That expansion works only with passwd-file, not with anything else (such > as ldap). > >
Re: [Dovecot] dovecot 2 variables
Just to be clear my goal is to have multiple domains on multiple addresses but use one dovecot instance and to let users logging without @domain part. On Sun, Apr 7, 2013 at 11:51 PM, Pavel Dimow wrote: > Thank you Timo, can you please correct me if I am wrong, but this means > that only way to have one dovecot server authenticating users from ldap > without domain part is to use %l in ldap query? That imply to have tree > like ou=people,o=x.x.x.x.o=mail,dc=acme,dc=com > Or there is a better way to do it? > > > > On Sun, Apr 7, 2013 at 11:26 PM, Timo Sirainen wrote: > >> On 7.4.2013, at 23.51, Pavel Dimow wrote: >> >> > I am trying to use separate configurations for ldap authentication thus >> > providing users >> > with the ability to only use username without domain part. Now >> according to >> > documentation this should be possible >> > http://wiki2.dovecot.org/AuthDatabase/PasswdFile >> > >> > but I keep getting error in my dovecot.log like this >> > >> > auth: Error: Can't open configuration file >> > /etc/dovecot/%l/dovecot-ldap.conf: No such file or directory >> > >> > Why does dovecot does not expand %l to local ip address? >> >> That expansion works only with passwd-file, not with anything else (such >> as ldap). >> >> >
Re: [Dovecot] dovecot 2 variables
Well that is not very scalable as we always ask first database no matter what. What if I have the same user in both databases (ldap)? On Mon, Apr 8, 2013 at 12:36 AM, Daniel Parthey < daniel.part...@informatik.tu-chemnitz.de> wrote: > Pavel Dimow wrote: > > Just to be clear my goal is to have multiple domains on multiple > addresses > > but use one dovecot instance and to let users logging without @domain > part. > > You might try to use several passdb/userdb sections with driver ldap, > one for each domain: > > http://wiki2.dovecot.org/Authentication/MultipleDatabases > > Regards > Daniel > -- > https://plus.google.com/103021802792276734820 >
Re: [Dovecot] dovecot 2 variables
Thank you Timo, then I guess I will runing two instances of dovecot one for
each domain until
local 1.2.3.4 {
userdb {
..
}
}
becomes ready :)
On Mon, Apr 8, 2013 at 12:14 PM, Timo Sirainen wrote:
> You could put (%l=1.2.3.4) in the ldap filter. But I guess it still gets
> sent to the LDAP server. The best solution would be:
>
> local 1.2.3.4 {
> userdb {
> ..
> }
> }
>
> But that doesn't work yet.
>
> With v2.2 you can do multiple queries. So you could have one query to
> translate IP address to the domain, and then a second lookup to lookup the
> user@domain. http://wiki2.dovecot.org/AuthDatabase/LDAP/Userdb ->
> subqueries.
>
> On 8.4.2013, at 13.07, Pavel Dimow wrote:
>
> > Well that is not very scalable as we always ask first database no matter
> > what. What if I have the same user in both databases (ldap)?
> >
> >
> > On Mon, Apr 8, 2013 at 12:36 AM, Daniel Parthey <
> > daniel.part...@informatik.tu-chemnitz.de> wrote:
> >
> >> Pavel Dimow wrote:
> >>> Just to be clear my goal is to have multiple domains on multiple
> >> addresses
> >>> but use one dovecot instance and to let users logging without @domain
> >> part.
> >>
> >> You might try to use several passdb/userdb sections with driver ldap,
> >> one for each domain:
> >>
> >> http://wiki2.dovecot.org/Authentication/MultipleDatabases
> >>
> >> Regards
> >> Daniel
> >> --
> >> https://plus.google.com/103021802792276734820
> >>
>
>
Re: [Dovecot] dovecot 2 variables
Interesting, but this means that we need to have one tree with all users (where each user have additional attribute containing local ip), instead we now have two separate trees because we use this for other authentication purposes. Thank you for sharing your thoughts Steffen On Mon, Apr 8, 2013 at 2:34 PM, Steffen Kaiser < skdove...@smail.inf.fh-brs.de> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > > On Sun, 7 Apr 2013, Pavel Dimow wrote: > > Just to be clear my goal is to have multiple domains on multiple addresses >> but use one dovecot instance and to let users logging without @domain >> part. >> > > If %l is expanded in the LDAP query, you could add an attribute with the > local IP address, e.g.: > > pass_filter = (&(objectClass=mailUser)(|(**mail=%Lu)(&(localPart=%Lu)(** > localIP=%l > > (check if parenthesis are balanced) Same with user_filter > > The idea: > > mailUserLDAPItem && ( nameWithDomain || ( nameWithoutDomain && localIP ) ) > > So the user could login with domain on any local port and without domain > on one or more local interfaces. > > - -- Steffen Kaiser > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.11 (GNU/Linux) > > iQEVAwUBUWK5PV3r2wJMiz2NAQKNMA**gAovEJQY0nhBwT0E/**d9tEd6wokF5XlVjpc > 15vvc3zbJ9AaQVMz4LHAx1N4Secx+**BP+**UrJLiPPIegGAPbExA4gjI2oC31sEUc**JB > 8iBtRlbVHLn+**pV0DnlG5FBn0KQgIyX1ml+**AafcFrVOq/PcCTQzdWqO0oyLR6PN8a > SGpArMTweVjMpbhiYdR1fqtc5iYEI2**MefO4OjEG0Xxc2KfqzDZqUSZ1H4+**ftPT9a > oA59e2sc3PRjCrjpeA4UbWNC/**ZEDSJFtt01mX3WZ00HVI/+**gMiPZVY7NTeaCC9W4 > rq0dI2J1O/zP2+**yY40KtuZrSt7Kw4b61LXO8Yp/**fJVpGoZzf6HvuWA== > =/+hu > -END PGP SIGNATURE- >
[Dovecot] Dovecot and LDAP - virtual hosting problem
Hello, I have a small ISP and we have a dovecot for virtual mail hosting with a postfix and openldap as backend. Now the problem is that there is one primary domain (example.com) and many other virtual domains with different users. When user from primary domain logs in, he is using username as his username (without domain part) and when user from virtual domain logs in, he uses usern...@virtualdomain as his username. I don't know how to make dovecot-ldap.conf to authenticate both users from the same ldap tree. My ldap tree is organized like: ou=people,o=example.com,dc=acme ou=people,o=somevirtdomain.cp,dc=acme and so on... The only one thing that comes on my mind is something like (default domain) in dovecot.conf (if %d is empty then %d=examle.com, othewise...) I know this option does not exist but is just comes on my mind... Maybe some specific filter_search or something like that? Than you for any help in advance.
