On 25.6.2013, at 0.05, Pavel Herrmann <morpheus.ibis@gmail.com> wrote:
Sounds like you need to do two LDAP lookups and merge them. That requires Dovecot v2.2.
Sure, I am open to upgrading, if it solves the issue.
I would actually need more than 2 requests, as AD supports recursive groups (a group being member of another group), which I do use.
One possible issue is that from what I can see on the wiki does not really work with how groups in LDAP usually work. What I would need is the opposite direction - locate a group that has "member=myUserDn" attribute, look whether it has quota attribute set, if not use the group DN as myUserDn and repeat the search. Granted, AD has a backlink "memberOf" attribute, but I am still left with recursively looking up whether the group has a quota attribute, and whether it is a member of another group (cyclic membership is not possible AFAIK). Is this possible with Dovecot 2.2?
http://wiki2.dovecot.org/AuthDatabase/LDAP/Userdb -> "Subqueries and pointers" does what you need I think. My head can't really follow LDAP stuff well enough to say for sure.