dovecot - Apr 2018 - LDAP Homedir location: Needs dovecot restart after change it

Dear group members.

I work with Dovecot and Openldap authentication. Sometimes users  
change departments and we need to alter their homedir location. Every  
time this process is needed, I perform this steps:

1 - Change homedir location in openldap
2 - Move homedir folder to the new location
3 - Re-apply permissions
4 - Remove user index folder

After I do that, users cannot authenticate unless I restart dovecot,  
process that I would like to avoid. Can you guys give a tip on what I  
need to change to avoid this last problematic step? After the restart,  
everything works.

Does the auth_cache feature also store the homedir location?


System: CentOS 7

Versions:

  dovecot-pigeonhole-2.2.10-8.el7.x86_64
  dovecot-2.2.10-8.el7.x86_64

Doveconf -n:

   # 2.2.10: /etc/dovecot/dovecot.conf
   # OS: Linux 3.10.0-693.5.2.el7.x86_64 x86_64 CentOS Linux release  
7.4.1708 (Core)
   auth_cache_negative_ttl = 0
   auth_cache_size = 10 M
   auth_mechanisms = plain login
   auth_username_format = %Ln
   default_client_limit = 1024
   default_process_limit = 1024
   default_vsz_limit = 1 G
   listen = *
   mail_location = maildir:~/Maildir:INDEX=/var/indexes/dovecot/%u
   mail_plugins = " mail_log notify quota"
   mail_temp_dir = /var/tmp
   managesieve_notify_capability = mailto
   managesieve_sieve_capability = fileinto reject envelope  
encoded-character vacation subaddress comparator-i;ascii-numeric  
relational regex imap4flags copy include variables body enotify  
environment mailbox date ihave imapflags notify
   mbox_write_locks = fcntl
   mmap_disable = yes
   namespace inbox {
   ? inbox = yes
   ? location    ? mailbox Drafts {
   ? ? special_use = \Drafts
   ? }
   ? mailbox Junk {
   ? ? special_use = \Junk
   ? }
   ? mailbox Sent {
   ? ? special_use = \Sent
   ? }
   ? mailbox "Sent Messages" {
   ? ? special_use = \Sent
   ? }
   ? mailbox Trash {
   ? ? special_use = \Trash
   ? }
   ? prefix    }
   passdb {
   ? driver = pam
   }
   passdb {
   ? args = /etc/dovecot/dovecot-ldap.conf.ext
   ? driver = ldap
   }
   plugin {
   ? mail_log_events = delete undelete expunge copy mailbox_delete  
mailbox_rename
   ? mail_log_fields = uid box msgid size
   ? quota = maildir
   ? quota_exceeded_message = Cota de armazenamento de e-mails  
excedida. Quota exceeded for mail store.
   ? quota_warning = storage=95%% quota-warning 95 %u
   ? quota_warning2 = storage=85%% quota-warning 85 %u
   ? quota_warning3 = storage=75%% quota-warning 75 %u
   ? sieve = ~/.dovecot.sieve
   ? sieve_before = /var/lib/dovecot/sieve/default.sieve
   ? sieve_default = /var/lib/dovecot/sieve/default.sieve
   ? sieve_dir = ~/sieve
   ? sieve_extensions = +notify +imapflags
   }
   protocols = imap pop3 lmtp sieve
   service anvil {
   ? client_limit = 14100
   ? process_limit = 1
   }
   service auth-worker {
   ? client_limit = 1
   ? process_limit = 50
   ? service_count = 1
   }
   service auth {
   ? client_limit = 15100
   ? process_limit = 1
   }
   service dict {
   ? client_limit = 1
   }
   service imap-login {
   ? inet_listener imap {
   ? ? port = 143
   ? }
   ? inet_listener imaps {
   ? ? port = 993
   ? ? ssl = yes
   ? }
   ? process_limit = 6000
   ? process_min_avail = 10
   ? service_count = 1
   ? vsz_limit = 256 M
   }
   service imap {
   ? process_limit = 3000
   ? vsz_limit = 1 G
   }
   service lmtp {
   ? client_limit = 1
   ? inet_listener lmtp {
   ? ? port = 24
   ? }
   ? unix_listener lmtp {
   ? ? mode = 0666
   ? }
   }
   service managesieve-login {
   ? inet_listener sieve {
   ? ? port = 4190
   ? }
   }
   service pop3-login {
   ? inet_listener pop3 {
   ? ? port = 110
   ? }
   ? inet_listener pop3s {
   ? ? port = 995
   ? ? ssl = yes
   ? }
   ? process_limit = 6000
   ? process_min_avail = 10
   ? service_count = 1
   }
   service pop3 {
   ? process_limit = 3000
   }
   service quota-warning {
   ? executable = script /usr/local/bin/quota-warning.sh
   ? unix_listener quota-warning {
   ? ? mode = 0666
   ? ? user = dovecot
   ? }
   ? user = root
   }
   ssl = required
   ssl_cert = **********
   ssl_key = ***********
   userdb {
   ? driver = passwd
   }
   userdb {
   ? args = /etc/dovecot/dovecot-ldap.conf.ext
   ? driver = ldap
   }
   protocol lmtp {
   ? mail_plugins = " mail_log notify quota sieve quota"
   }
   protocol imap {
   ? mail_plugins = " mail_log notify quota imap_quota"
   }


Thanks
Andre

Hello Andre,

try to flush the auth cache: doveadm auth cache flush user at example.com
or: doveadm auth cache flush

Best regards,
Gerald
> Am 16.04.2018 um 20:39 schrieb Andre Luiz Paiz <andre.paiz at
iqm.unicamp.br>:
> 
> Dear group members.
> 
> I work with Dovecot and Openldap authentication. Sometimes users change
departments and we need to alter their homedir location. Every time this process
is needed, I perform this steps:
> 
> 1 - Change homedir location in openldap
> 2 - Move homedir folder to the new location
> 3 - Re-apply permissions
> 4 - Remove user index folder
> 
> After I do that, users cannot authenticate unless I restart dovecot,
process that I would like to avoid. Can you guys give a tip on what I need to
change to avoid this last problematic step? After the restart, everything works.
> 
> Does the auth_cache feature also store the homedir location?