dovecot - Nov 2012 - Dovecot director doveadm with switch "-A" error

Hi,

we have a problem with our director proxy configuration. 
When we run on proxy server the doveadm command with -A switch, fails with the
error:

# doveadm -D quota get -A
doveadm(user1): Debug: auth input: user=user1 proxy starttls=any-cert
doveadm(user1): Error: Proxy is missing destination host
doveadm: Error: Failed to iterate through some users

If we execute the command with a single user, director assigns host  and goes
well,
Example:

# doveadm -D quota get -u user1
doveadm(user1): Debug: auth input: user=user1 proxy starttls=any-cert
host=xx.xx.xx.xx proxy_refresh=450
Quota name Type     Value   Limit                                               
%
User quota STORAGE 159401 2621440                                               
6
User quota MESSAGE    341       -                                               
0


We have tried different configurations and all goes wrong with this
"-A" switch, Timo please, could you tell us if we  have
a missconfiguration or its a possible director bug ??

We really want execute the expire plugin on ours directors and them redirect to
the backends servers of every user.

thanks in advance.

Our doveconf -n:

# dovecot -n
# 2.1.10: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-279.14.1.el6.x86_64 x86_64 CentOS release 6.3 (Final) 
auth_cache_size = 3 k
auth_cache_ttl = 15 mins
auth_debug = yes
auth_verbose = yes
base_dir = /var/run/dovecot/
default_client_limit = 30000
default_process_limit = 5000
dict {
  expire = mysql:/etc/dovecot/dovecot-dict-expire.conf.ext
}
director_doveadm_port = 990
director_mail_servers = mailserver1 mailserver2
director_servers = proxy1
doveadm_proxy_port = 24245
lmtp_proxy = yes
mail_debug = yes
mail_plugins = expire quota
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date ihave
namespace inbox {
  location = 
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix = 
}
passdb {
  args = /etc/dovecot/dovecot-ldap-users.conf.ext
  driver = ldap
}
plugin {
  expire = Trash
  expire2 = Trash/*
  expire_dict = proxy::expire
}
postmaster_address = postmaster<at>company
protocols = imap pop3 lmtp sieve
service auth {
  client_limit = 27048
  unix_listener /var/spool/postfix/private/auth {
    mode = 0666
  }
  unix_listener auth-userdb {
    group = dovecot
    mode = 0660
  }
}
service director {
  fifo_listener login/proxy-notify {
    mode = 0600
    user = $default_login_user
  }
  inet_listener {
    port = 9090
  }
  unix_listener director-userdb {
    mode = 0660
  }
  unix_listener login/director {
    mode = 0666
  }
}
service doveadm {
  executable = doveadm-server director
  inet_listener doveadm-server {
    port = 24245
  }
}
service imap-login {
  executable = imap-login director
  inet_listener imap {
    port = 143
  }
  inet_listener imaps {
    port = 993
    ssl = yes
  }
}
service ipc {
  unix_listener ipc {
    user = dovecot
  }
}
service lmtp {
  client_limit = 1
  inet_listener lmtp {
    port = 30025
  }
}
service managesieve-login {
  executable = managesieve-login director
}
service pop3-login {
  executable = pop3-login director
  inet_listener pop3 {
    port = 110
  }
  inet_listener pop3s {
    port = 995
    ssl = yes
  }
}
ssl = required
ssl_cert = </etc/pki/tls/certs/imap.crt
ssl_key = </etc/pki/tls/private/imap.uib.es_privatekey.pem
syslog_facility = local1
userdb {
  driver = prefetch
}
userdb {
  args = /etc/dovecot/dovecot-ldap-users.conf.ext
  driver = ldap
}
verbose_proctitle = yes
protocol lmtp {
  auth_socket_path = director-userdb
  mail_plugins = expire quota sieve quota
  passdb {
    args = /etc/dovecot/dovecot-ldap-pass.conf.lmtp
    driver = ldap
  }
}
protocol doveadm {
  auth_socket_path = director-userdb
}
protocol imap {
  mail_max_userip_connections = 20
  mail_plugins = expire quota
}
protocol pop3 {
  pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
}
local ip/24/24 {
  doveadm_password = supersecretpassword
}




--
------------------------------------------
  Ramon Frontera Gallardo
  Universitat de les Illes Balears

On 21.11.2012, at 15.05, Ramon Frontera wrote:
> we have a problem with our director proxy configuration. 
> When we run on proxy server the doveadm command with -A switch, fails with
the error:
> 
> # doveadm -D quota get -A
> doveadm(user1): Debug: auth input: user=user1 proxy starttls=any-cert
> doveadm(user1): Error: Proxy is missing destination host
> doveadm: Error: Failed to iterate through some users
Well, I fixed various bugs in doveadm code related to this:

http://hg.dovecot.org/dovecot-2.1/rev/6f19c535110e
http://hg.dovecot.org/dovecot-2.1/rev/275a57b8dc70
http://hg.dovecot.org/dovecot-2.1/rev/0dc3f56e6468
http://hg.dovecot.org/dovecot-2.1/rev/fdc509644d05

But I don't think they fix your specific issue. It looks as if doveadm is
connecting to auth process directly instead of director..  Do:

strace -s 1000 -o log doveadm quota get -A

and send me the log? Note that the log contains the doveadm_password in the
base64 strings.