Re: SASL: encoded packet size too big
That's right. GSS-API is not used anywhere else. Do you like to inspect my full configuration? I can dump connection session and send pcap file here. On August 15, 2019 7:27:20 AM GMT+03:00, Aki Tuomi wrote: >> On 15/08/2019 00:34 Eugene via dovecot wrote: >> >> >> The next combination of parameters makes 100% LDAP connections >unsuccessful (the log snippet form the previous mail). >> sasl_bind = yes >> sasl_mech = gssapi >> tls = yes >> >> Looks like this combination is utterly incorrect and should be >prohibited (tls must not be used when mech is gssapi). >> >https://lists.fedorahosted.org/archives/list/sssd-us...@lists.fedorahosted.org/message/G7S2TOFDCM62ZUHIBWYVZIEVYXO3KYAI/ >> >> With `tls = no` errors `encoded packet size too big` becomes >sporadic, but still heart auth orepations performance. >> May be there are two different problems. >> > >Does the "encoded packet size too big" coincide with LDAP server >connection failure? > >Aki > >> Has someone encountered this problem before? >> How can I help to facilitate the issue debugging? >> >> [I] net-mail/dovecot >> Installed versions: 2.3.7.1(01:58:12 08/14/19)(bzip2 caps ipv6 >kerberos ldap libressl lua lz4 lzma pam postgres sieve sqlite tcpd zlib >-argon2 -doc -lucene -managesieve -mysql -selinux -solr -static-libs >-suid -textcat -vpopmail) >> >> On 8/15/19 12:01 AM, Eugene wrote: >> > Hello! >> > >> > Dovecot uses it's own SASL implementation, doesn't it? >> > >> >Aug 14 23:45:23 example.com auth[10428]: GSSAPI client step 1 >> >Aug 14 23:45:23 example.com auth[10428]: encoded packet size too >big (813804546 > 65536) >> >Aug 14 23:45:23 example.com dovecot[10085]: auth-worker(10428): >Error: LDAP: Can't connect to server: ldap://ipa2.example.com >> >Aug 14 23:45:23 example.com dovecot[10085]: auth: Error: auth >worker: Aborted USER request for eugene: Lookup timed out >> >Aug 14 23:45:23 example.com dovecot[10085]: imap: Error: >auth-master: login: request [3847225345]: Login auth request failed: >Internal auth failure (auth connected 6 msecs ago, request took >6 msecs, client-pid=10362 client-id=1) >> > >> > Looks like cyrus-sasl encountered same problem earlier. >> > >https://lists.andrew.cmu.edu/pipermail/cyrus-sasl/2017-March/003001.html >> > >> > I never have such an issue with ldapsearch. So, I assume there is a >similar problem in Dovecot SASL implementation. >> > >> >> -- >> Eugene Bright >> IT engineer >> Tel: + 79257289622 --- Eugene Bright IT-engineer Tel.: +7 925 728 96 22
RE: Dovecot eBook
One can easily find some PDFs on the net. But all of them looks outdated. http://gen.lib.rus.ec/book/index.php?md5=AB28964F8CB3CC8BC319BBDE25C8B41A * Do not forget to support writers by buying their books. On July 21, 2019 12:09:24 AM GMT+03:00, Peter Fraser via dovecot wrote: >Well, if there’s no other way, I guess I will have to. > >Thanks. > >Sent from Mail for Windows 10 > >From: LuKreme via dovecot >Sent: Saturday, July 20, 2019 3:33 AM >To: Peter Fraser via dovecot >Subject: Re: Dovecot eBook > >On Jul 19, 2019, at 19:29, Peter Fraser via dovecot > wrote: > >I have a strange question. I bought the Dovecot Book off Amazon. I can >easily prove it with a picture and/or my receipt off Amazon. I still >have it o my library but I don’t like to travel around with it. Is >there a way for me to get a PDF copy? I just checked Amazon and there >is still no PDF version available there. > >Tedious, but scan the book. I have done this with my iPhone and it >resulted in a very good copy that was fully OCRed --- Eugene Bright IT-engineer Tel.: +7 925 728 96 22
Re: Authdb NSS module
I use LDAP right now, but local cached sssd queries are much faster and reliable. On July 15, 2019 6:49:18 AM GMT+03:00, Aki Tuomi wrote: > > >On 15/07/2019 02:54 Eugene via dovecot < dovecot@dovecot.org> wrote: > > > >Hello! > > >Upgrading manual tells that authdb [NSS module was removed][1] some >time ago. > > >[1]: https://wiki2.dovecot.org/Upgrading/2.3#line-100 > > >userdb nss was removed. Use userdb passwd instead. > >Can this change be reverted? > >I'd like to use only libnss_sss.so.2 as dovecot userdb source. It's >also essential for me to enable files backend in nsswitch.conf so the >system could use local user db. At the same time dovecot must not see >local users at all. Authdb NSS module could help me there. > >The other solution would be to use another instance of nsswitch.conf >for dovecot authdb passwd module. Is it possible? > > >Thanks! > >-- > >Eugene Bright > >IT engineer > >Tel: + 79257289622 > > >passwd uses getpwent library call which goes thru nssswitch. Your >explanation was strange though. If you don't want system users, why not >use ldap or sql directly? > >--- Aki Tuomi --- Eugene Bright IT-engineer Tel.: +7 925 728 96 22