[Dovecot] Sieve > Pigeonhole > external storage with LDAP or other data source available to dovecot
I am looking at porting and generalizing an old in-house patch that I'm using for the CMU Sieve plugin. It allows sieve script to test & lookup arguments from LDAP.
Before getting too involved in this, I'd like to discuss my goals here in the hopes that someone else also thinks this would be useful. Many heads may make better design?
Goal:
Allows scripts which are still stored on the filesystem to lookup parameters stored in an LDAP directory.
Useful if you provide a global sieve script to implement functions such as "vacation", forwarding to small groups (not a MLM), wish to toggle whether a message is kept in the mailbox after being forwarded, etc.
<example> # determine if we always auto-respond, or if we respond with a more vacation-ish setting of every 30d # # sample LDAP entry: # uid: testuser@domain.com # mailResponderMode: vacation # mailResponderText: "I'm on vacation, far far from the Internet" (base64 encoded string...)
# "always" reply mode, sanitized to once a day if ldap "mailResponderMode" "reply" { vacation :days 1 "ldap@mailResponderText"; }
# traditional "vacation" mode, say reply once every 30d if ldap "mailResponderMode" "vacation" { vacation :days 30 "ldap@mailResponderText"; } </example>
This introduces:
- a new command "ldap", to lookup attributes and their values in an LDAP directory using the user's context
- an extention to the vacation command that looks up the vacation reply text that is triggered by supplying "ldap@ldapAttribute" as the text.
- other actions not shown above which extends redirect and a few other commands to lookup data from LDAP
Related work:
- Pigeonhole low priority TODO would like to implement alternate script storage, eg: LDAP & SQL. I'm not immediately interested in alternate types of script storage, but for what I want to acheive, I need to sanely access at least an LDAP directory.
- draft-ietf-sieve-external-lists (http://tools.ietf.org/html/draft-ietf-sieve-external-lists-01) proposes a mechanism to pull mailing list addresses from external storage mechanisms such as LDAP, ACAP or relational databases. I'm interested in this, but would like to extend this functionality beyond just lists as the example above demonstrates.
- there are security and resource consumption issues with doing this, suggesting that limits should be set, or the use may have to be restricted to global scripts eg: sieve_before or sieve_after
The question:
- do others on this list see value in the functionality described above?
If there's some consensus that this would be useful, I'll flesh out howI think a generalized version of this old patch may behave, then (!) work on an implementation as a plugin to dovecot's sieve.
cheers,
-Martin Foster martin_foster@pacific.net.au martin.foster@pacnet.com
On 5.1.2010, at 10.02, Martin F. Foster wrote:
I am looking at porting and generalizing an old in-house patch that I'm using for the CMU Sieve plugin. It allows sieve script to test & lookup arguments from LDAP. .. Related work:
- Pigeonhole low priority TODO would like to implement alternate script storage, eg: LDAP & SQL. I'm not immediately interested in alternate types of script storage, but for what I want to acheive, I need to sanely access at least an LDAP directory.
- draft-ietf-sieve-external-lists (http://tools.ietf.org/html/draft-ietf-sieve-external-lists-01) proposes a mechanism to pull mailing list addresses from external storage mechanisms such as LDAP, ACAP or relational databases. I'm interested in this, but would like to extend this functionality beyond just lists as the example above demonstrates.
I haven't looked into that draft or thought much about this, but would doing the lookups via Dovecot's lib-dict be ok? That would of course need a dict-ldap backend implemented, but it would be a generic way to solve this, if its API is good enough.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Tue, 5 Jan 2010, Martin F. Foster wrote:
Allows scripts which are still stored on the filesystem to lookup parameters stored in an LDAP directory.
# traditional "vacation" mode, say reply once every 30d if ldap "mailResponderMode" "vacation" { vacation :days 30 "ldap@mailResponderText"; }
How about to mimick the variable extension in such way that the values are first put into variables? I refer to ldap@.. syntex especially.
e.g.
require ["variables", "variables_ldap"];
set :ldap "LDAP query" [ attibute_name1 attribute_name2 ... ]
If "LDAP query" is missing, a default query like "(|(mail=%1)(uid=%1))" is performed.
attribute_name is the variable name, the values is placed in.
((Well, the actual syntax is just a hint))
Dunno, how you can deal with multi-value LDAP attributes.
Regards,
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBS0Xd4L+Vh58GPL/cAQLdcAf/d+C/XJiHofsAXqdbXCvNMDUWEl5UcGTf PVzu1OFpTvTFIVXAomL5WIYeTHQsk3P7TuLhloQUK/+ublh9dzg9S35Hg+j7h3VN AA+/1j8UhrukDFCI/7/LcKPiJQEtrcWsuaCtX0+QpUFTRo/AQMKNIcVFwhJw60IZ ziBF9RhpqDC4n2F7dfJ6EB3zlKPP6GTVPZGlYFeLPGFeHijQ+LZvdZ3Fg7yipuSr 4fW41SCBKy0ihoHzHUahEJKHIwiU7IIpnNn8v+OJ0drwks0V5mKRd9N+LcJ/yWJZ jC/NETAI2Hxk2j4lyM/iKiydSPU2IIYGglSk4BIa8ojDy2q8r9XQGA== =yGmu -----END PGP SIGNATURE-----
Martin F. Foster wrote:
I am looking at porting and generalizing an old in-house patch that I'm using for the CMU Sieve plugin. It allows sieve script to test & lookup arguments from LDAP.
Before getting too involved in this, I'd like to discuss my goals here in the hopes that someone else also thinks this would be useful. Many heads may make better design?
I thought this would be an excellent opportunity to test the new Pigeonhole plugin support and also to do something interesting with the namespace functionality of the variables extension. That is why I gave this a short look, which promptly resulted in a preliminary implementation.
If you want to play around with it, you can download it from:
http://hg.rename-it.nl/pigeonhole-sieve-extdata/
It will compile and run with both Pigeonhole for Dovecot v1.2 and Pigeonhole for Dovecot v2.0, but only with the tip Mercurial revisions (since only those have plugin support).
I swiped together many of the ideas posted here on the mailing list and from those I concocted the following Sieve language extension:
http://hg.rename-it.nl/pigeonhole-sieve-extdata/raw-file/tip/doc/rfc/spec-bo...
Note that - despite its looks - this is not intended as a IETF draft submission, but merely as a internal memo for the specification of this vendor-specific extension (in a familiar format). It could be further extended with an 'extdata_open' command to dynamically link a resource URI to a data store identifier, but thus far I did not bother to write that idea down.
All the necessary installation information should be found in the INSTALL and README files. Note that I have only tested this against a flat file dict and not something like SQL. So that may still be broken somehow.
Tell me what you think.
Regards,
-- Stephan Bosch stephan@rename-it.nl
participants (4)
-
Martin F. Foster
-
Steffen Kaiser
-
Stephan Bosch
-
Timo Sirainen