how to make user iteration work (with active directory ldap)
We received no replies to this email that we sent a few days ago. We're not sure why. If we miss something that is obvious to everybody, kindly point it out. We ẃould like to get iteration working, to be able to mass-delete specific emails from all mailboxes, in case of for example received virusses...
Here is my question again:
Hi,
User iteration doesn't work, we're getting:
auth: Error: Trying to iterate users, but userdbs don't support it
The way I understand it, I need to set iterate_attrs and iterate_filter for iteration to work. I have set it (see configs below) and yet dovecot says "userdbs don't support it". What else do I need to do to enable it?
Our config is against samba Active Directory ldap and generally works fine. Can anyone here take a quick look at the configs below, and tell me how to make doveadm user -u "*" work?
Below are our configs. Any tips would be appreciated...!
MJ
root@dovetest:/etc/dovecot# doveconf -n # 2.2.26.0 (23d1de6): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.16 (fed8554) # OS: Linux 3.16.0-4-amd64 x86_64 Debian 8.7 xfs auth_debug = yes auth_debug_passwords = yes auth_failure_delay = 400 secs auth_master_user_separator = * auth_mechanisms = plain login auth_username_format = %Ln auth_verbose = yes auth_verbose_passwords = plain debug_log_path = /var/log/dovecot/dovecot.debug deliver_log_format = %f | %s | msgid=%m: %$ disable_plaintext_auth = no info_log_path = /var/log/dovecot/dovecot.info lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes log_path = /var/log/dovecot/dovecot.err login_greeting = Dovecot ready. mail_gid = vmail mail_location = maildir:/var/vmail/%Ln/Maildir:LAYOUT=fs:DIRNAME=mAildir mail_plugins = acl lazy_expunge zlib quota mail_log notify mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace { list = children location = maildir:/var/vmail/%%u/Maildir:LAYOUT=fs:DIRNAME=mAildir:INDEX=/var/vmail/%u/shared/%%u prefix = shared/%%n/ separator = / subscriptions = no type = shared } namespace inbox { inbox = yes location = mailbox "Deleted items" { special_use = \Trash } mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent items" { special_use = \Sent } mailbox Trash { special_use = \Trash } mailbox inbox { auto = subscribe } prefix = separator = / type = private } passdb { args = /etc/dovecot/master-users driver = passwd-file master = yes } passdb { args = failure_show_msg=yes dovecot driver = pam } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap skip = authenticated } plugin { acl = vfile acl_shared_dict = file:/var/lib/dovecot/db/shared-mailboxes.db mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename append mail_log_fields = uid box msgid from subject quota = maildir quota_rule = ?:storage=5G quota_rule2 = Trash:storage=+100M quota_warning = storage=97%% quota-warning 97 %u quota_warning2 = storage=95%% quota-warning 95 %u quota_warning3 = storage=90%% quota-warning 90 %u quota_warning4 = storage=85%% quota-warning 85 %u quota_warning5 = storage=80%% quota-warning 80 %u quota_warning6 = -storage=100%% quota-warning below %u sieve = ~/.dovecot.sieve sieve_default = /var/lib/dovecot/default.sieve sieve_dir = ~/sieve } protocols = imap lmtp sieve service auth { unix_listener /var/spool/postfix/private/auth { mode = 0666 } unix_listener auth-userdb { group = vmail mode = 0666 user = vmail } } service imap-login { process_limit = 500 process_min_avail = 2 } service quota-warning { executable = script /usr/local/bin/quota-warning.sh unix_listener quota-warning { user = vmail } user = dovecot } ssl_ca = </etc/ssl/comodo/chain.crt ssl_cert = </etc/ssl/comodo/server.crt ssl_key = # hidden, use -P to show it ssl_protocols = !SSLv2 !SSLv3 userdb { args = uid=vmail gid=vmail home=/var/vmail/%n allow_all_users=yes driver = static } verbose_proctitle = yes protocol lda { mail_plugins = acl lazy_expunge zlib quota mail_log notify sieve quota } protocol imap { imap_max_line_length = 2 M mail_max_userip_connections = 30 mail_plugins = acl lazy_expunge zlib quota mail_log notify imap_quota imap_acl }
and dovecot-ldap.conf.ext:
hosts = 127.0.0.1:391 dn = cn=search,cn=users,dc=company,dc=com dnpass = secret tls = no debug_level = 0 auth_bind = yes base = CN=Users, DC=samba, DC=cmpany, DC=com scope = subtree user_attrs = =home=/var/vmail/%n/Maildir:LAYOUT=fs:DIRNAME=mAildir:INDEX=/var/vmail/%n/shared/%n,=mail=maildir:/var/vmail/%n/Maildir:LAYOUT=fs:DIRNAME=mAildir:INDEX=/var/vmail/%n/shared/%n user_filter = (&(objectclass=person)(sAMAccountName=%n)(!(userAccountControl=514))) pass_filter = (&(objectclass=person)(sAMAccountName=%n)(!(userAccountControl=514))) iterate_attrs = sAMAccountName=user iterate_filter = (objectClass=person)
On 07.07.2017 10:33, mj wrote:
We received no replies to this email that we sent a few days ago. We're not sure why. If we miss something that is obvious to everybody, kindly point it out. We ẃould like to get iteration working, to be able to mass-delete specific emails from all mailboxes, in case of for example received virusses...
Here is my question again:
Hi,
User iteration doesn't work, we're getting:
auth: Error: Trying to iterate users, but userdbs don't support it
The way I understand it, I need to set iterate_attrs and iterate_filter for iteration to work. I have set it (see configs below) and yet dovecot says "userdbs don't support it". What else do I need to do to enable it?
Our config is against samba Active Directory ldap and generally works fine. Can anyone here take a quick look at the configs below, and tell me how to make doveadm user -u "*" work?
Below are our configs. Any tips would be appreciated...!
MJ
userdb { args = uid=vmail gid=vmail home=/var/vmail/%n allow_all_users=yes driver = static }
This needs to use driver = ldap, static userdb's are not iteratable.
Aki
Hi Aki,
Wow that was a quick reply! :-)
userdb { args = uid=vmail gid=vmail home=/var/vmail/%n allow_all_users=yes driver = static }
This needs to use driver = ldap, static userdb's are not iteratable.
Did that, and after changing args to point to a filename, everything popped into place :-)
Thanks for your assistance!
MJ
participants (2)
-
Aki Tuomi
-
mj