On Tue, Feb 25, 2014 at 01:29:37PM +0100, list@grootstyr.eu wrote:

On Tue, Feb 25, 2014 at 11:42:33AM +0100, Francesco wrote:

...

Hello, i know i know, i'm getting annoying but appearently i always come up with weird ideas and i cant seem to accomplish such a task.

the scenario is that i have an LDAP server with a bunch of users. some of them are in a specific OU, and i'd like to define for all these users belonging to this OU an alternative mail location/storage.

in details for all the users i'd like to use maildir storage in a directory, while for the users belonging to a specific OU i'd like to use dbox with an alternative storage attached.

so i created 2 userdb like this:

userdb { driver = ldap args = /etc/dovecot/dovecot-ldap-maildir.conf.ext }

userdb { driver = ldap args = /etc/dovecot/dovecot-ldap-dbox.conf.ext }

and then defined these 2 args files: maildir:

hosts = localhost dn = CN=ldapadmin,OU=administrators,DC=plutone,DC=local dnpass = <password> auth_bind = yes ldap_version = 3 base = DC=plutone,DC=local user_attrs = sAMAccountName=home=/var/vmail/%$

dbox:

hosts = localhost dn = CN=ldapadmin,OU=administrators,DC=plutone,DC=local dnpass = <password> auth_bind = yes ldap_version = 3 base = OU=dboxusers,OU=lowpriority,DC=plutone,DC=local user_attrs = sAMAccountName=home=/var/local_dbox/%$, =mail=dbox:/var/local_dbox/%$:ALT=/var/iscsi_dbox/%$ user_filter = (&(ObjectClass=person)(mail=%u))

yet it doesn't matter how hard i try if i send an email to a user belonging to the dboxusers OU i still have the user to be addressed to the maildir storage in /var/vmail

am i missing something?

Thanks Francesco

You can use LDAP to search for an alternative mail attribute, and specify a default location using mail_location. In your example; mail_location = /var/vmail/%u. Then use one LDAP config file to override the mailbox location if the LDAP database specifies a maildir location.

By the way, aren't userdb's searched sequentially? Try switching those userdb's to make the one with the group lookup go first. LDAP users will always match the userdb without group lookup.

Matthijs

An addition to my own comment, put the group lookup userdb first, and add skip = found to the second userdb. This way it will search the group userdb first and if it found the user, so when it is in the group, don't search the second userdb and use the answer from the first userdb.

Matthijs

Il giorno mar, 25/02/2014 alle 13.39 +0100, list@grootstyr.eu ha scritto:

On Tue, Feb 25, 2014 at 01:29:37PM +0100, list@grootstyr.eu wrote:

...

On Tue, Feb 25, 2014 at 11:42:33AM +0100, Francesco wrote:

...

Hello, i know i know, i'm getting annoying but appearently i always come up with weird ideas and i cant seem to accomplish such a task.

the scenario is that i have an LDAP server with a bunch of users. some of them are in a specific OU, and i'd like to define for all these users belonging to this OU an alternative mail location/storage.

in details for all the users i'd like to use maildir storage in a directory, while for the users belonging to a specific OU i'd like to use dbox with an alternative storage attached.

so i created 2 userdb like this:

userdb { driver = ldap args = /etc/dovecot/dovecot-ldap-maildir.conf.ext }

userdb { driver = ldap args = /etc/dovecot/dovecot-ldap-dbox.conf.ext }

and then defined these 2 args files: maildir:

hosts = localhost dn = CN=ldapadmin,OU=administrators,DC=plutone,DC=local dnpass = <password> auth_bind = yes ldap_version = 3 base = DC=plutone,DC=local user_attrs = sAMAccountName=home=/var/vmail/%$

dbox:

hosts = localhost dn = CN=ldapadmin,OU=administrators,DC=plutone,DC=local dnpass = <password> auth_bind = yes ldap_version = 3 base = OU=dboxusers,OU=lowpriority,DC=plutone,DC=local user_attrs = sAMAccountName=home=/var/local_dbox/%$, =mail=dbox:/var/local_dbox/%$:ALT=/var/iscsi_dbox/%$ user_filter = (&(ObjectClass=person)(mail=%u))

yet it doesn't matter how hard i try if i send an email to a user belonging to the dboxusers OU i still have the user to be addressed to the maildir storage in /var/vmail

am i missing something?

Thanks Francesco

You can use LDAP to search for an alternative mail attribute, and specify a default location using mail_location. In your example; mail_location = /var/vmail/%u. Then use one LDAP config file to override the mailbox location if the LDAP database specifies a maildir location.

By the way, aren't userdb's searched sequentially? Try switching those userdb's to make the one with the group lookup go first. LDAP users will always match the userdb without group lookup.

Matthijs

An addition to my own comment, put the group lookup userdb first, and add skip = found to the second userdb. This way it will search the group userdb first and if it found the user, so when it is in the group, don't search the second userdb and use the answer from the first userdb.

Matthijs

Hello, as you suggested i tried swapping the two userdb to have the one with the more specific OU to be checked first, but this didn't do the trick appearently.

so i tried adding skip = found in the userdb like this:

userdb { driver = ldap args = /etc/dovecot/dovecot-ldap.conf.ext skip = found }

but dovecot doesn't start up saying: doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/auth-ldap.conf.ext line 27: Unknown setting: skip

# dovecot --version 2.0.19

Francesco

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

On Tue, 25 Feb 2014, list@grootstyr.eu wrote:

On Tue, Feb 25, 2014 at 11:42:33AM +0100, Francesco wrote:

...

in details for all the users i'd like to use maildir storage in a directory, while for the users belonging to a specific OU i'd like to use dbox with an alternative storage attached.

so i created 2 userdb like this:

userdb { driver = ldap args = /etc/dovecot/dovecot-ldap-maildir.conf.ext }

userdb { driver = ldap args = /etc/dovecot/dovecot-ldap-dbox.conf.ext }

and then defined these 2 args files: maildir:

hosts = localhost dn = CN=ldapadmin,OU=administrators,DC=plutone,DC=local dnpass = <password> auth_bind = yes ldap_version = 3 base = DC=plutone,DC=local user_attrs = sAMAccountName=home=/var/vmail/%$

dbox:

hosts = localhost dn = CN=ldapadmin,OU=administrators,DC=plutone,DC=local dnpass = <password> auth_bind = yes ldap_version = 3 base = OU=dboxusers,OU=lowpriority,DC=plutone,DC=local user_attrs = sAMAccountName=home=/var/local_dbox/%$, =mail=dbox:/var/local_dbox/%$:ALT=/var/iscsi_dbox/%$ user_filter = (&(ObjectClass=person)(mail=%u))

yet it doesn't matter how hard i try if i send an email to a user belonging to the dboxusers OU i still have the user to be addressed to the maildir storage in /var/vmail

You can use LDAP to search for an alternative mail attribute, and specify a default location using mail_location. In your example; mail_location = /var/vmail/%u. Then use one LDAP config file to override the mailbox location if the LDAP database specifies a maildir location.

By the way, aren't userdb's searched sequentially? Try switching those userdb's to make the one with the group lookup go first. LDAP users will always match the userdb without group lookup.

yep, the first file, which belongs to the first userdb {} I guess, does not have no user_filter, so it does always find the user.

Either add a user_filter to the first file, that excludes any dbox users, or switch the order of both userdb's.

Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBUwyYP3D1/YhP6VMHAQJX2Af+Lvxeqg4GULjMlRIFZVsBtR+8v6VlQtth iHVpeYXuvZ4r3wNSz6bvka1+0aoQ9IPlvX6IJN9zSp6zoVPh5yHMCi/jgARnu48I 0Zr9iab8hE7uuiBUnnnzPDFYeVcV1iWWK9hcNJUOlMD543R51wL79VKz7/36nwyl Vvon8/e0wlbczVHq27VgR0LWq3o5OOxG8GteWjMCG9ox2YiTlwm6trcEuJ17OZhD TJOs02jg0zPd6yC5ctecYfZNSkBqzmc2I29/8ecQMYWHshrdAK32UE+manORvRnN H2QIGhbJ+XI+JOnGKTSyFgjVHYV2jrGiH8uqoMweJwx3gq0hEN2J5A== =Gvcd -----END PGP SIGNATURE-----