Problem overriding default quota limit for LDAP users
Rasim Kalimullin
neutrino.vm at gmail.com
Mon Aug 25 10:46:12 UTC 2014
Hi!
I install dovecot from debian-backports:
dovecot --version
2.2.9
Dovecot is configured to multiple authorization:
/etc/dovecot# cat conf.d/10-auth.conf |grep include
#!include auth-deny.conf.ext
!include auth-master.conf.ext
#include auth-system.conf.ext
!include auth-sql.conf.ext
!include auth-ldap.conf.ext
#!include auth-passwdfile.conf.ext
#!include auth-checkpassword.conf.ext
#!include auth-vpopmail.conf.ext
#!include auth-static.conf.ext
/etc/dovecot# grep -v '^ *\(#.*\)\?$' dovecot-sql.conf.ext
driver = mysql
connect = host=127.0.0.1 dbname=postfixadmin user=postfixadmin
password=*****
default_pass_scheme = MD5-CRYPT
password_query = \
SELECT username, domain, password \
FROM mailbox WHERE username = '%u' AND domain = '%d'
user_query = \
SELECT CONCAT('/var/mail/', maildir) AS home, 5000 AS uid, 5000 AS gid,
CONCAT('*:bytes=', quota) AS quota_rule \
FROM mailbox WHERE username = '%u' AND domain = '%d'
iterate_query = SELECT username AS user FROM mailbox
/etc/dovecot# grep -v '^ *\(#.*\)\?$' dovecot-ldap.conf.ext
hosts = ***.***.local ***.***.local
dn = dovecot@***.local
dnpass = ******
auth_bind = yes
ldap_version = 3
base = ou=XXX,dc=***,dc=local
deref = never
scope = subtree
user_attrs = \
=uid=5000, \
=gid=5000, \
=mail=maildir:/var/mail/%d/%{ldap:mail}, \
=home=/var/mail/%d/%u/, \
=quota_rule=*:bytes=%{ldap:quotaMail}
user_filter =
(&(mail=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
pass_attrs = mail=user,userPassword=password
pass_filter =
(&(mail=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
iterate_attrs = mail=user
iterate_filter =
(&(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
default_pass_scheme = CRYPT
quotamail attribute was added to Active Directory.
Enable quota:
/etc/dovecot# grep -v '^ *\(#.*\)\?$' conf.d/90-quota.conf
plugin {
quota_rule = *:storage=2G
quota_rule2 = Trash:storage=+100M
quota_grace = 10%%
}
...
plugin {
quota = maildir:User quota
}
Per-user quota from SQL works fine:
doveadm quota get -u i.ivanov@***.ru
Quota name Type Value Limit
%
User quota STORAGE 8 1000000
0
User quota MESSAGE 14 -
0
Per-user quota from LDAP works too:
doveadm quota get -u testmail@***.ru
Quota name Type Value Limit
%
User quota STORAGE 962 2000
48
User quota MESSAGE 6 -
0
But if you do not set the attribute quotaMail:
doveadm quota get -u e.etc@***.ru
Quota name Type Value Limit
%
User quota STORAGE 0 -
0
User quota MESSAGE 0 -
0
And quota is unlimited.
For comparison:
doveadm user e.etc@***.ru
field value
uid 5000
gid 5000
home /var/mail/***.ru/e.etc@***.ru/
mail maildir:/var/mail/***.ru/e.etc@***.ru
quota_rule *:bytes=
doveadm user testmail@***.ru
field value
uid 5000
gid 5000
home /var/mail/***.ru/testmail@***.ru/
mail maildir:/var/mail/****.ru/testmail@***.ru
quota_rule *:bytes=2048576
Logs:
Aug 25 16:15:40 mail dovecot: auth: Debug: master in: USER#0111#011e.etc@
***.ru#011service=doveadm
Aug 25 16:15:40 mail dovecot: auth-worker(15295): Debug: Loading modules
from directory: /usr/lib/dovecot/modules/auth
Aug 25 16:15:40 mail dovecot: auth-worker(15295): Debug: Module loaded:
/usr/lib/dovecot/modules/auth/libdriver_mysql.so
Aug 25 16:15:40 mail dovecot: auth-worker(15295): Debug: Loading modules
from directory: /usr/lib/dovecot/modules/auth
Aug 25 16:15:40 mail dovecot: auth-worker(15295): Debug: Module loaded:
/usr/lib/dovecot/modules/auth/libauthdb_ldap.so
Aug 25 16:15:40 mail dovecot: auth-worker(15295): Debug: sql(e.etc@***.ru):
SELECT CONCAT('/var/mail/', maildir) AS home, 5000 AS uid, 5000 AS gid,
CONCAT('*:bytes=', quota) AS quota_rule FROM mailbox WHERE username =
'e.etc@***.ru' AND domain = '***.ru'
Aug 25 16:15:40 mail dovecot: auth-worker(15295): sql(e.etc@***.ru):
unknown user
Aug 25 16:15:40 mail dovecot: auth: Debug: ldap(e.etc@***.ru): user search:
base=ou=XXX,dc=***,dc=local scope=subtree
filter=(&(mail=e.etc@***.ru)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
fields=mail,quotaMail
Aug 25 16:15:40 mail dovecot: auth: Debug: ldap(e.etc@***.ru): result:
mail=e.etc@***.ru; mail unused
Aug 25 16:15:40 mail dovecot: auth: Debug: ldap(e.etc@***.ru): result:
mail=e.etc@***.ru; quotaMail missing
Aug 25 16:15:40 mail dovecot: auth: Debug: userdb out: USER#0111#011e.etc@
***.ru#011uid=5000#011gid=5000#011mail=maildir:/var/mail/***.ru/e.etc@
***.ru#011home=/var/mail/***.ru/e.etc@***.ru/#011quota_rule=*:bytes=
Aug 25 16:15:42 mail dovecot: auth: Debug: master in: USER#0111#011testmail@
***.ru#011service=doveadm
Aug 25 16:15:42 mail dovecot: auth-worker(15295): Debug: sql(testmail@***.ru):
SELECT CONCAT('/var/mail/', maildir) AS home, 5000 AS uid, 5000 AS gid,
CONCAT('*:bytes=', quota) AS quota_rule FROM mailbox WHERE username =
'testmail@***.ru' AND domain = '***.ru'
Aug 25 16:15:42 mail dovecot: auth-worker(15295): sql(testmail@***.ru):
unknown user
Aug 25 16:15:42 mail dovecot: auth: Debug: ldap(testmail@***.ru): user
search: base=ou=XXX,dc=***,dc=local scope=subtree
filter=(&(mail=testmail@***.ru)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
fields=mail,quotaMail
Aug 25 16:15:42 mail dovecot: auth: Debug: ldap(testmail@***.ru): result:
mail=testmail@***.ru quotaMail=2048576; mail,quotaMail unused
Aug 25 16:15:42 mail dovecot: auth: Debug: ldap(testmail@***.ru): result:
mail=testmail@***.ru quotaMail=2048576
Aug 25 16:15:42 mail dovecot: auth: Debug: userdb out:
USER#0111#011testmail@
***.ru#011uid=5000#011gid=5000#011mail=maildir:/var/mail/***.ru/testmail@
***.ru#011home=/var/mail/***.ru/testmail@
***.ru/#011quota_rule=*:bytes=2048576
Information from:
http://dovecot.org/list/dovecot/2012-July/084859.html
v2.1.7 2012-05-29 Timo Sirainen
* LDAP: Compatibility fix for v2.0: ldap: If attributes contain
ldapAttr=key=template%$ and ldapAttr *doesn't exist, skip the
key*
instead of using "template" value with empty %$ part for the
key.
OK, if quotaMail not set, shall apply root quota.
Check LDAP:
ldapsearch -x -h ***.***.local -D 'dovecot' -W -b
'OU=XXX,dc=***,dc=local' -s sub
'(&(objectCategory=user)(objectClass=user)(mail=testmail@***.ru*))'|grep
quotaMail
Enter LDAP Password:
quotaMail: 2048576
ldapsearch -x -h ***.***.local -D 'dovecot' -W -b
'OU=XXX,dc=***,dc=local' -s sub
'(&(objectCategory=user)(objectClass=user)(mail=e.etc@***.ru*))'|grep
quotaMail
Enter LDAP Password:
root at mail:/etc/dovecot#
LDAP attribute *doesn't exist. *
But Dovecot thinks that the quota is 0 and disables the quota.
I can to set all the users quotaMail attribute, but a lot of them. Can I
use root quota when the per-user quota is not set? Аnd change a per-user
quota specific users only, if necessary?
I apologize for my English. Thank you!
--
Rasim Kalimullin
More information about the dovecot
mailing list