Hi all!
I have been reading http://wiki2.dovecot.org/Quota/Configuration over and over for the last two days, but something totally escapes my brain right now:
How does
user_attrs = homeDirectory=home,quotaBytes=quota_rule=*:bytes=%$
get the quota from LDAP into dovecot? What are the LDAP attributes used and what does %$ mean? It is not in the variable list at http://wiki2.dovecot.org/Variables
I am feeling very stupid and dense right now, as I am absolutely sure I am missing something very obvious and totally simple.
Grüße, Sven.
-- Sig lost. Core dumped.
On 23.2.2011, at 0.17, Sven Hartge wrote:
user_attrs = homeDirectory=home,quotaBytes=quota_rule=*:bytes=%$
get the quota from LDAP into dovecot? What are the LDAP attributes used
quotaBytes is the LDAP attribute name which contains the quota limit in bytes.
and what does %$ mean?
It's the value of quotaBytes LDAP attribute. So the idea is that you have:
ldap-attribute-name=dovecot-setting-name=dovecot-setting-value
In some future version hopefully I'll make this simpler.
It is not in the variable list at http://wiki2.dovecot.org/Variables
Yeah, it only works for LDAP, it's not a generic variable.
Timo Sirainen tss@iki.fi wrote:
On 23.2.2011, at 0.17, Sven Hartge wrote:
user_attrs = homeDirectory=home,quotaBytes=quota_rule=*:bytes=%$
get the quota from LDAP into dovecot? What are the LDAP attributes used
quotaBytes is the LDAP attribute name which contains the quota limit in bytes.
Argh. I _knew_ it. It was too simple ;)
and what does %$ mean?
It's the value of quotaBytes LDAP attribute. So the idea is that you have:
ldap-attribute-name=dovecot-setting-name=dovecot-setting-value
So, %$ ist always the value of the referenced attribute? What if there are multiple values, by accident or by design?
From the above I read, I can not have the storage size _and_ the max number of message in two LDAP attributes, right? Because I cannot import two different attributes into the same dovecot-setting-name.
This would have to look like
user_attrs = homeDirectory=home,quotaBytes,quotaMessages=quota_rule=*:bytes=%$:messages=%$
which of course does not work (I think).
In some future version hopefully I'll make this simpler.
Yeah, the current "backward" notation is mighty confusing, at least for me.
I would have expected something like
user_attrs = home=homeDirectory,quota_rule=*:bytes=quotaBytes
or
user_attrs = home=homeDirectory,quota_rule=quotaRule
(if I have the complete quota_rule in an attribute instead of just the number)
Grüße, Sven
-- Sig lost. Core dumped.
On 23.2.2011, at 0.38, Sven Hartge wrote:
and what does %$ mean?
It's the value of quotaBytes LDAP attribute. So the idea is that you have:
ldap-attribute-name=dovecot-setting-name=dovecot-setting-value
So, %$ ist always the value of the referenced attribute?
Yeah.
What if there are multiple values, by accident or by design?
Won't work right now.
From the above I read, I can not have the storage size _and_ the max number of message in two LDAP attributes, right? Because I cannot import two different attributes into the same dovecot-setting-name.
This would have to look like
user_attrs = homeDirectory=home,quotaBytes,quotaMessages=quota_rule=*:bytes=%$:messages=%$
which of course does not work (I think).
You'll get quotaBytes set to quotaBytes's value, which won' t do anything useful. %$ gets expanded to quotaMessages's value in both cases.
In some future version hopefully I'll make this simpler.
Yeah, the current "backward" notation is mighty confusing, at least for me.
I would have expected something like
user_attrs = home=homeDirectory,quota_rule=*:bytes=quotaBytes
or
user_attrs = home=homeDirectory,quota_rule=quotaRule
(if I have the complete quota_rule in an attribute instead of just the number)
I was planning on something like:
user_attrs { home = %{homeDirectory} quota_rule = *:bytes=%{quotaBytes} }
And of course you would be able to mix and match the %{whatever-ldap-value} attributes.
Timo Sirainen tss@iki.fi wrote:
On 23.2.2011, at 0.38, Sven Hartge wrote:
and what does %$ mean?
It's the value of quotaBytes LDAP attribute. So the idea is that you have:
ldap-attribute-name=dovecot-setting-name=dovecot-setting-value
So, %$ ist always the value of the referenced attribute? What if there are multiple values, by accident or by design?
Won't work right now.
Will it cause the mail to be bounced or just deferred? Or just ignored and the first/last/random multi-value used? (I would try this for myself, but I have no test-VM right now to do so.)
In some future version hopefully I'll make this simpler.
I was planning on something like:
user_attrs { home = %{homeDirectory} quota_rule = *:bytes=%{quotaBytes} }
And of course you would be able to mix and match the %{whatever-ldap-value} attributes.
Would be very nice. I could do the following then:
user_attrs { home = %{homeDirectory} quota_rule = *:bytes=%{quotaBytes}:messages=%{quotaMessages} quota_rule2 = %{quotaRule2} }
Without sounding to "pushy": Do you have a timeline for this?
Grüße, Sven.
-- Sig lost. Core dumped.
On 23.2.2011, at 1.27, Sven Hartge wrote:
So, %$ ist always the value of the referenced attribute? What if there are multiple values, by accident or by design?
Won't work right now.
Will it cause the mail to be bounced or just deferred? Or just ignored and the first/last/random multi-value used? (I would try this for myself, but I have no test-VM right now to do so.)
%$ will simply be expanded to the same value however many times you use it (within the same , .., parameter).
I was planning on something like:
user_attrs { home = %{homeDirectory} quota_rule = *:bytes=%{quotaBytes} }
And of course you would be able to mix and match the %{whatever-ldap-value} attributes.
Would be very nice. I could do the following then:
user_attrs { home = %{homeDirectory} quota_rule = *:bytes=%{quotaBytes}:messages=%{quotaMessages} quota_rule2 = %{quotaRule2} }
Yeah.
Without sounding to "pushy": Do you have a timeline for this?
No. I added it to my TODO list about 2-3 years ago.
Timo Sirainen tss@iki.fi wrote:
On 23.2.2011, at 1.27, Sven Hartge wrote:
So, %$ ist always the value of the referenced attribute? What if there are multiple values, by accident or by design?
Won't work right now.
Will it cause the mail to be bounced or just deferred? Or just ignored and the first/last/random multi-value used? (I would try this for myself, but I have no test-VM right now to do so.)
%$ will simply be expanded to the same value however many times you use it (within the same , .., parameter).
OK, my question was worded badly. I will rephrase is with an example:
Given the following object:
dn: uid=foo,ou=bar quotaBytes: 100000000 quotaBytes: 10000000
What happens with
user_attrs = homeDirectory=home,quotaBytes=quota_rule=*:bytes=%$
in this case?
Some programms throw an error, exim4 for example defers the mail, if it encounters an illegal combination of attributes and ldap lookup (e.g. searching for a DN and the LDAP servers returns two or more matching DNs, because the search filter was ambiguous)
I am just concerned with losing mails if for some reason an attribute has two values while it is supposed to have only one.
(Of course, I would make sure to define any quota-attribute as single value, but errors and mistakes happen and it would be nice, if dovecot would handle such problems graceful.)
Grüße, Sven
-- Sig lost. Core dumped.
On Wednesday 23 February 2011 00:55:05 Sven Hartge wrote:
Given the following object:
dn: uid=foo,ou=bar quotaBytes: 100000000 quotaBytes: 10000000
As I see it, this is a desigh error; quotaBytes should be a single valued attribute (like uid), not a multivalued on (like mail). So, if someone tries to load a second value he'll get an error at that moment.
HTH
Joseba Torre. Vicegerencia de TICs, área de Explotación
Joseba Torre joseba.torre@ehu.es wrote:
On Wednesday 23 February 2011 00:55:05 Sven Hartge wrote:
Given the following object:
dn: uid=foo,ou=bar quotaBytes: 100000000 quotaBytes: 10000000
As I see it, this is a desigh error; quotaBytes should be a single valued attribute (like uid), not a multivalued on (like mail). So, if someone tries to load a second value he'll get an error at that moment.
Yes, of course, this is clearly a design error and quotaBytes must be a single valued attribute.
But: erorrs happen and the question is, how graceful software copes with them.
Grüße, Sven.
-- Sig lost. Core dumped.
On 23.2.2011, at 1.55, Sven Hartge wrote:
Given the following object:
dn: uid=foo,ou=bar quotaBytes: 100000000 quotaBytes: 10000000
What happens with
user_attrs = homeDirectory=home,quotaBytes=quota_rule=*:bytes=%$
in this case?
In multi-value attributes Dovecot uses only the first one and ignores the rest. I haven't spent much time thinking over this, so maybe it should give an error instead. Or a warning.
Timo Sirainen tss@iki.fi wrote:
On 23.2.2011, at 1.55, Sven Hartge wrote:
Given the following object:
dn: uid=foo,ou=bar quotaBytes: 100000000 quotaBytes: 10000000
What happens with
user_attrs = homeDirectory=home,quotaBytes=quota_rule=*:bytes=%$
in this case?
In multi-value attributes Dovecot uses only the first one and ignores the rest. I haven't spent much time thinking over this, so maybe it should give an error instead. Or a warning.
Courier warns if it discovers multiple values where only one should be. As far as using only the first value is safe and does not lead to ambiguities, this is the way to go, IMHO.
But dovecot should print the value it uses in the log, as some LDAP implementations I have seend return the last value from a multi-valued attribute as the first one.
"warn: multiple values found for $attribute_name, using value $value"
Grüße, Sven.
-- Sig lost. Core dumped.
participants (3)
-
Joseba Torre
-
Sven Hartge
-
Timo Sirainen