-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

On Mon, 1 Dec 2014, Ian Allison wrote:

I realize I could expand my LDAP but I'm wary of just importing some random schema.

Well, >>random<< schema ;-) you should know what you are doing. Check what is added to your LDAP and you'll be fine.

           I've had mixed results doing that in the past (the qmail

schema (http://www.zytrax.com/books/ldap/ape/qmail.html) was incompatible with my existing structure, and at the moment I'm using a hacked version of the linux quota project's LDAP schema (http://sourceforge.net/projects/linuxquota/) - I'd rather have something a bit more official). If there is a recommended schema that you guys use which is stable and works well I would like to give that a try.

Nobody registered Dovecot attributes with IANA, because IMHO it is quite implementor-specfic. Because of that, there cannot exist anything "official". How many quota rules do you have? Others may have plenty more, ... . But maybe, an Dovecot arc would help some people.

However, see http://www.openldap.org/doc/admin22/schema.html#Extending%20Schema

"To obtain a registered OID at no cost, apply for an OID under the Internet Assigned Numbers Authority (IANA) maintained Private Enterprise arc. Any private enterprise (organization) may request an OID to be assigned under this arc. Just fill out the IANA form at http://www.iana.org/cgi-bin/enterprise.pl and your official OID will be sent to you usually within a few days. Your base OID will be something like 1.3.6.1.4.1.X where X is an integer.

Note: Don't let the "MIB/SNMP" statement on the IANA page confuse you. OIDs obtained using this form may be used for any purpose including identifying LDAP schema elements.

Alternatively, OID name space may be available from a national authority (e.g., ANSI, BSI).

For private experiments, OIDs under 1.1 may be used. The OID 1.1 arc is regarded as dead name space."

You could define your own attributes and objectclasses in the arc 1.1 or get your own Private Enterprise Number. That way your additions won't conflict with other definitions.

Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBVH1yVHz1H7kL/d9rAQIhlgf/WbiDTTdTeBKgTNgqKmdO3WIT38khLrS3 szEO/GJoj/JRYwsP9z+g1fKuUgx7cJpz+TWbyhK6CcEJCQP+H/sS6BexVWowZgLq Qv+aYsBqI06k6ixgpKwtBU+qQ4j1jUJikbELKl86L/uzpSOGRuyvqYcIZ8Z2cGB8 wCPum+CTgbmZEG2JmfYLzTgldKzEye/CAEJ+BEjV1FtY2jLBWzN5QDWHaJot2XEE pU8JYnSRJ0lip7rdgDSxqcnRbGhjx47RlCDBalHFlZVCuouUsIk7f5P/E03Srsuy /9euLMCKcaZYkTQrFgRjDCEhqvXWxf7HaWqDSvKdK8rcOjP3IotECg== =OMkh -----END PGP SIGNATURE-----

Am 02.12.2014 um 01:02 schrieb Ian Allison <ifallison@gmail.com>:

Hi,

I have an existing (Open)LDAP which I'm using with dovecot and I would like to implement quotas. I have global quotas working, but I would like per user quotas similar to what is described in the wiki (http://wiki2.dovecot.org/Quota/Configuration#LDAP) My problem is that there is no obvious attribute in the schemas shipped in the RHEL/Centos 6 to hold the quota string.

Is it possible to get User database extra fields from an external source? e.g. flat file or MySQL table. I would like to pull everything else from LDAP but just fill out quota_rule from a different source.

I realize I could expand my LDAP but I'm wary of just importing some random schema. I've had mixed results doing that in the past (the qmail schema (http://www.zytrax.com/books/ldap/ape/qmail.html) was incompatible with my existing structure, and at the moment I'm using a hacked version of the linux quota project's LDAP schema (http://sourceforge.net/projects/linuxquota/) - I'd rather have something a bit more official). If there is a recommended schema that you guys use which is stable and works well I would like to give that a try.

You could write your own schema. I have done so for my OpenLDAP. You can make it AUXILIARY and make attributes MAY.

Example from my file:

# RNS - 1.3.6.1.4.1.31612 # LDAP - 1.3.6.1.4.1.31612.1 # Mail 1.3.6.1.4.1.31612.1.2 # Attributes - 1.3.6.1.4.1.31612.1.2.1 # ObjectClasses - 1.3.6.1.4.1.31612.1.2.2

… attributetype ( 1.3.6.1.4.1.31612.1.1.1.6 NAME 'rnsMSQuota' DESC 'An integer that represents the quota on a mailbox' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) …

objectclass ( 1.3.6.1.4.1.31612.1.1.2.2 NAME 'rnsMSDovecotAccount' DESC 'Dovecot account for virtual domain mailboxes' SUP top AUXILIARY MAY ( ... $ rnsMSQuota $ ... $ ) ) …

Christian

Bachelor of Science Informatik Erlenwiese 14, 36304 Alsfeld T: +49 6631 78823400, F: +49 6631 78823409, M: +49 171 9905345 USt-IdNr.: DE225643613, http://www.roessner-network-solutions.com