dovecot - Apr 2015 - prefetch not working (for me) on ldap user backend

Dear Sir,

I'm having problems with the implementation of prefetch userdb.

Following the directives from the site 
(http://wiki2.dovecot.org/UserDatabase/Prefetch), I am unable to avoid 
the second search to the user backend (ldap).

Could give me any advice or tips to achieve my goal?


Thanks a lot,

Hector M. Jacas



My ldap has the following structure:

search base: ou=Domains,dc=test,dc=local

*******************************
domains tree:

     domain2.com: dc=domain2.com,ou=Domains,dc=test,dc=local

     Definition of mailuser1 on domail2.com:

        dn: uid=mailuser1,dc=domain2.com,ou=Domains,dc=test,dc=local
        uid: mailuser1
        cn: User mailuser1
        sn: User 1
        displayName: User mailuser1
        objectClass: inetOrgPerson
        objectClass: organizationalPerson
        objectClass: person
        objectClass: top
        mail: mailuser1 at domain2.com

*************************************
     domain1.com: dc=domain1.com,ou=Domains,dc=test,dc=local

     Definition of mailuser1 on domain1.com:

        dn: uid=mailuser1,dc=domain1.com,ou=Domains,dc=test,dc=local
        uid: mailuser1
        cn: User mailuser1
        sn: User 1
        displayName: User mailuser1
        objectClass: inetOrgPerson
        objectClass: organizationalPerson
        objectClass: person
        objectClass: top
        mail: mailuser1 at domain1.com

*************************************
/etc/dovecot/dovecot-ldap.conf.ext content:

hosts = ldapserver
auth_bind = yes
ldap_version = 3
tls = no
base = ou=Domains,dc=test,dc=local
scope = subtree

user_filter = (&(objectclass=inetOrgPerson)(mail=%u))
user_attrs = =home=/var/vmail/mailboxes/%Ld/%Ln/%Ln,=uid=500,=gid=500

default_pass_scheme = CRYPT

pass_filter = (&(objectclass=inetOrgPerson)(mail=%u))
pass_attrs = 
uid=user,password=userPassword,=userdb_home=/var/vmail/mailboxes/%Ld/%8Ln/%Ln, 
\
            =userdb_uid=500,=userdb_gid=500

iterate_attrs = mail=user
iterate_filter = (objectclass=inetOrgPerson)

************************************
auth test result for mailuser1 at domain2.com:

# doveadm mailuser1 at domain2.com password auth test
passdb: mailuser1 at domain2.com auth succeeded
Extra fields:
   user=mailuser1

And in /var/log/maillog (enabled debug auth options):

Apr 26 14:00:33 nfs-7-00 dovecot: auth: Debug: auth client connected (pid=0)
Apr 26 14:00:33 nfs-7-00 dovecot: auth: Debug: client in: AUTH 1    
PLAIN    service=doveadm    resp=<hidden>
Apr 26 14:00:33 nfs-7-00 dovecot: auth: Debug: 
ldap(mailuser1 at domain2.com): bind search: 
base=ou=Domains,dc=test,dc=local 
filter=(&(objectclass=inetOrgPerson)(mail=mailuser1 at domain2.com))
Apr 26 14:00:33 nfs-7-00 dovecot: auth: Debug: 
ldap(mailuser1 at domain2.com): result: uid=mailuser1; uid unused
Apr 26 14:00:33 nfs-7-00 dovecot: auth: Debug: 
auth(mailuser1 at domain2.com): username changed mailuser1 at domain2.com -> 
mailuser1
Apr 26 14:00:33 nfs-7-00 dovecot: auth: Debug: ldap(mailuser1): result: 
uid=mailuser1
Apr 26 14:00:33 nfs-7-00 dovecot: auth: Debug: client passdb out: OK    
1    user=mailuser1


*****************************
mailuser1 at domain2.com doveadm user result:

# doveadm user mailuser1 at domain2.com
field value
uid 500
gid 500
home /var/vmail/mailboxes/domain2.com/mailuser1/mailuser1
maildir mail: 
/var/vmail/mailboxes/domain2.com/mailuser/mailuser1:INDEX=MEMORY

And in /var/log/maillog (enabled debug auth options):

Apr 26 14:01:19 nfs-7-00 dovecot: auth: Debug: master in: USER 1    
mailuser1 at domain2.com    service=doveadm
Apr 26 14:01:19 nfs-7-00 dovecot: auth: Debug: 
prefetch(mailuser1 at domain2.com): passdb didn't return userdb entries, 
trying the next userdb
Apr 26 14:01:19 nfs-7-00 dovecot: auth: Debug: 
ldap(mailuser1 at domain2.com): user search: 
base=ou=Domains,dc=test,dc=local scope=subtree 
filter=(&(objectclass=inetOrgPerson)(mail=mailuser1 at domain2.com))
fieldsApr 26 14:01:19 nfs-7-00 dovecot: auth: Debug:
ldap(mailuser1 at domain2.com): result: uid=mailuser1 cn=Usuario mailuser1 
sn=Usuario 1 displayName=Usuario mailuser1 
objectClass=inetOrgPerson,inetOrgPerson,inetOrgPerson,inetOrgPerson 
mail=mailuser1 at domain2.com; objectClass,cn,uid,mail,displayName,sn unused
Apr 26 14:01:19 nfs-7-00 dovecot: auth: Debug: 
ldap(mailuser1 at domain2.com): result: uid=mailuser1 cn=Usuario mailuser1 
sn=Usuario 1 displayName=Usuario mailuser1 
objectClass=inetOrgPerson,inetOrgPerson,inetOrgPerson,inetOrgPerson 
mail=mailuser1 at domain2.com; objectClass,cn,uid,mail,displayName,sn unused
Apr 26 14:01:19 nfs-7-00 dovecot: auth: Debug: userdb out: USER 1    
mailuser1 at domain2.com 
home=/var/vmail/mailboxes/domain2.com/mailuser1/mailuser1 uid=500    gid=500


***************************
My base system is RHEL7, 24 CPUs and 16GB ram and for LDAP backend, 389 
DS 1.2.2 on RHEL 6.6

  2.2.10: /etc/dovecot/dovecot.conf
# OS: Linux 3.10.0-123.20.1.el7.x86_64 x86_64 Red Hat Enterprise Linux 
Server release 7.0 (Maipo) nfs4
auth_debug = yes
auth_mechanisms = plain login
auth_verbose = yes
default_client_limit = 50000
disable_plaintext_auth = no
listen = *
mail_fsync = always
mail_gid = 500
mail_location = maildir:/var/vmail/mailboxes/%d/%8n/%n:INDEX=MEMORY
mail_nfs_index = yes
mail_nfs_storage = yes
mail_uid = 500
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope 
encoded-character vacation subaddress comparator-i;ascii-numeric 
relational regex imap4flags copy include variables body enotify 
environment mailbox date ihave
mmap_disable = yes
namespace inbox {
   inbox = yes
   location    mailbox Drafts {
     special_use = \Drafts
   }
   mailbox Junk {
     special_use = \Junk
   }
   mailbox Sent {
     special_use = \Sent
   }
   mailbox "Sent Messages" {
     special_use = \Sent
   }
   mailbox Trash {
     special_use = \Trash
   }
   prefix }
passdb {
   args = /etc/dovecot/dovecot-ldap.conf.ext
   driver = ldap
}
plugin {
   sieve = ~/.dovecot.sieve
   sieve_dir = ~/sieve
}
service auth {
   unix_listener auth-userdb {
     group = vmail
     mode = 0640
     user = vmail
   }
}
service doveadm {
   inet_listener {
     port = 24245
   }
}
service imap-login {
   process_min_avail = 24
   service_count = 0
}
service imap-urlauth-worker {
   chroot    client_limit = 1
   drop_priv_before_exec = no
   executable = imap-urlauth-worker
   extra_groups    group    idle_kill = 0
   privileged_group    process_limit = 8192
   process_min_avail = 0
   protocol = imap
   service_count = 1
   type    unix_listener imap-urlauth-worker {
     group      mode = 0600
     user = $default_internal_user
   }
   user    vsz_limit = 18446744073709551615 B
}
service imap-urlauth {
   chroot    client_limit = 1
   drop_priv_before_exec = no
   executable = imap-urlauth
   extra_groups    group    idle_kill = 0
   privileged_group    process_limit = 8192
   process_min_avail = 0
   protocol = imap
   service_count = 1
   type    unix_listener token-login/imap-urlauth {
     group      mode = 0666
     user    }
   user = $default_internal_user
   vsz_limit = 18446744073709551615 B
}
service imap {
   process_limit = 8192
}
service pop3-login {
   process_min_avail = 24
}
ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
ssl_key = </etc/pki/dovecot/private/dovecot.pem
userdb {
   driver = prefetch
}
userdb {
   args = /etc/dovecot/dovecot-ldap.conf.ext
   driver = ldap
}
protocol imap {
   mail_max_userip_connections = 1000
}
local 172.28.200.0/24/24 {
   doveadm_password = secret
}



-------------- next part --------------
A non-text attachment was scrubbed...
Name: hector_jacas.vcf
Type: text/x-vcard
Size: 165 bytes
Desc: not available
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20150426/dfcc3ad3/attachment-0001.vcf>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: not available
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20150426/dfcc3ad3/attachment-0001.ksh>