Using Dovecot dict-ldap with Pigeonhole extdata
-----------------------------------------------
Martin Foster, 12 February 2010, martin_foster@netlog.net


What
----------------------
This document describes a way of using the Dovecot secure IMAP server, and the Pigeonhole Sieve engine's Extdata plugin to control auto-responder behaviour from LDAP.


Why
----------------------
Dovecot 1.2.x and Pigeonhole 0.1.x support auto-responders by using the Sieve Vacation extention (RFC 5230).
Control of the autoresponder's behaviour would typically be granted by providing users access to their sieve scripts directly, or via the ManageSieve protocol.

This method allows all mail routing information to be kept in one "place", eg LDAP or SQL, instead of looking at files in one place, LDAP in another, etc.

The benefits of this approach are particularly valuable to large installations:
- users probably won't have the necessary knowledge to write a proper script, which increases support requirements
- enabling managesieve access may not be desirable due to increased user support requirements
- placing mail routing information in user sieve scripts complicates troubleshooting, with dict-ldap + extdata all mail routing information can be kept in LDAP. (or all in SQL with dict-sql)


Requirements
----------------------
1. A mailsystem with Dovecot being used at the mail store.  Dovecot's "deliver" places messages into the mailbox.  Dovecot's IMAP or POP3 interface is used by users to access the messages in their mailbox.
2. An LDAP server, and knowledge of the LDAP protocol.
3. The dict-ldap mechanism enabled in Dovecot, and the extdata plugin available to Pigeonhole


Configuration
----------------------

1. LDAP users:

a) A LDAP record for our sample user, test@domain1.test

dn: serviceID=1000000,ou=id,o=services
serviceID: 1000000
uidNumber: 500
gidNumber: 500
uid: test@domain1.test
mailStoreDirectory: maildir:/services/vmail/mail/1000000/
mailQuota: maildir:storage=5M
homeDirectory: /services/vmail/home/1000000
userPassword: testuserpassword
mailResponderMode: reply
mailResponderText: I'm permanently away from my desk, please email sales@domain.test

to note:
uid: the email address for this user
uidNumber/gidNumer: matches the "mail_uid" and "mail_gid" values in dovecot.conf
mailResponderMode:  an attribute that will be looked up by extdata, will determine the operation of the auto-responder, where:
    reply = "reply to a given sender once per day", vacation = "reply to a given sender once per 30 days"
mailResponderText:  the auto-responder message text.


b) A LDAP DN with permission to read the attributes of interest.
   Here these are: uid, mailResponderMode, mailResponderText

dn: ou=admin1,o=services
dnpass: weakadminpassword


2. dovecot.conf

Enable the dovecot sieve plugin in the "plugins {}" section.
- sieve_global_path:      we set the global sieve script path. This script will be called by Dovecot's "deliver" agent for all messages being delivered to a mailbox.
- sieve_plugin_dir:       set where sieve plugins are stored
- sieve_plugins:          enumerate which sieve plugins to load
- sieve_extdata_dict_uri: set the URI for the extdata plugin, uses the "Dict" format.  "ldap" will call dict-ldap, using configuration file "/etc/dovecot/extdata-ldap.dict"

plugins {
    sieve_global_path = /etc/dovecot/sieve/global.sieve
    sieve_plugin_dir = /usr/local/lib/dovecot/sieve
    sieve_plugins = sieve_extdata
    sieve_extdata_dict_uri = ldap:/etc/dovecot/extdata-ldap.dict
}


3. /etc/dovecot/extdata-ldap.dict

This is the Pigeonhole extdata plugin's configuration file for dict-ldap.  It is similar to dict-sql, except all connection information (server uri, dn, dnpass, etc) is specified per-map.  This allows different LDAP servers to be queried for different map data.

map {
        pattern = priv/responder_mode

        # LDAP server settings
        ldap_version = 3
        uris = ldap://localhost
        base = o=services
        deref = never
        scope = subtree
        dn = ou=admin1,o=services
        dnpass = weakadminpassword
        sasl_bind = no
        tls = no

        # LDAP search settings for this map
        filter = '(uid=%u)'
        attrlist = mailResponderMode
}

map {
        pattern = priv/responder_text

        # LDAP server settings
        ldap_version = 3
        uris = ldap://localhost
        base = o=services
        deref = never
        scope = subtree
        dn = ou=admin1,o=services
        dnpass = weakadminpassword
        sasl_bind = no
        tls = no

        # LDAP search settings for this map
        filter = '(uid=%u)'
        attrlist = mailResponderText
}


4. /etc/dovecot/sieve/global.sieve

The global sieve script
Provides basic auto-responder facility.  On receipt of a message:
- looks up dict-ldap for responder_mode, with the recipient mailbox's username
- if LDAP attribute "mailResponderMode" is "reply", sets the vacation extension to 1 day operation,
  and returns the text in attribute "mailResponderText"
- if LDAP attribute "mailResponderMode" is "vacation", sets the vacation extension to 30 day operation,
  and returns the text in attribute "mailResponderText"
- else nothing is done by the Sieve engine, message is stored in the user's INBOX.
  note that nothing happens if the "mailResponderMode" attribute has any value other than "reply" or "vacation"


require ["variables", "vacation", "vnd.dovecot.extdata"];

if extdata :is "responder_mode" "reply" {
    vacation :days 1 "${extdata.responder_text}";
    keep;
}

if extdata :is "responder_mode" "vacation" {
    vacation :days 30 "${extdata.responder_text}";
    keep;
}