On Monday 24 of June 2013 23:01:54 Timo Sirainen wrote:
On 24.6.2013, at 16.35, Pavel Herrmann <morpheus.ibis@gmail.com> wrote:
I have a setup where my dovecot (2.0, if that makes a difference) authenticates against an LDAP directory. In my scenario, I have two types of users, lets call them "normal" and "privileged". What I need is for the normal user to have a fixed quota, but for the priviledged to have none. (The users do not exist on the underlying system, so I cant do quota based on FS)
The issue is that my LDAP is actually an AD, and there is a fair amount of new accounts over the time (in other words, I cannot use LDAP attribute for storing quota, because the AD tools don't understand it, and I would have to add it manually for each new account).
The approach I had in mind is using quota based on user group (I do have groups representing both normal and priviledged users), but I cannot find a way to set it up in dovecot. Am I missing something or does dovecot not support LDAP groups as attribute source?
Sounds like you need to do two LDAP lookups and merge them. That requires Dovecot v2.2.
Sure, I am open to upgrading, if it solves the issue.
I would actually need more than 2 requests, as AD supports recursive groups (a group being member of another group), which I do use.
One possible issue is that from what I can see on the wiki does not really work with how groups in LDAP usually work. What I would need is the opposite direction - locate a group that has "member=myUserDn" attribute, look whether it has quota attribute set, if not use the group DN as myUserDn and repeat the search. Granted, AD has a backlink "memberOf" attribute, but I am still left with recursively looking up whether the group has a quota attribute, and whether it is a member of another group (cyclic membership is not possible AFAIK). Is this possible with Dovecot 2.2?
thanks Pavel Herrmann