[Dovecot] LDAP Lookup not returning value in maxStorage
Hi there,
We're setting up a Dovecot virtual email setup - we've got everything working perfect with LDAP logins authenticating against AD and so forth, but we're having issues with retrieving the maxStorage value from AD (this is a pre-setup field in AD that we'd like to use to set per user quotas).
In our LDAP lookup, we have the maxStorage entry listed under user_attrs for the quota (user_attrs = maxStorage=quota_rule=*:storage=%$M), and in the debug logs, can see it trying to get the entry, but it fails with: Mar 27 13:19:27 auth: Debug: ldap(username@site,192.168.1.5): user search: base=dc=site,dc=local scope=subtree filter=(&(objectClass=person)(| (userPrincipalName=username@site) (|(mail=username@site)(samAccountName=username@site)))) fields=maxStorage Mar 27 13:19:27 auth: Debug: ldap(username@site,192.168.1.5): no fields returned by the server
At this point, we then see the default quota applied.
If we change the name of the field from maxStorage to instanceType we see the value show up in the logs and passed through to the quota system and applied successfully: Mar 27 11:09:01 auth: Debug: ldap(username@site,192.168.1.5): user search: base=dc=site,dc=local scope=subtree filter=(&(objectClass=person)(| (userPrincipalName=username@site) (|(mail=username@site)(samAccountName=username@site)))) fields=instanceType Mar 27 11:09:01 auth: Debug: ldap(username@site,192.168.1.5): result: instanceType(quota_rule=*:storage=%$M)=*:storage=4M Mar 27 11:09:01 auth: Debug: master out: USER 3901227009 username@site quota_rule=*:storage=4M
Which seems a bit weird.
If we use ldapsearch and pass it the same search string and look for the field maxStorage, we clearly see the field and the value being returned. The result looks the same if we also lookup instanceType.
We're using Dovecot 2.0.9.
Does anyone have any idea as to why we can't use this field?
Thanks,
Andrew
On Tue, 27 Mar 2012 13:57:04 +1300 Bruce, Andrew wrote:
Hi there,
We're setting up a Dovecot virtual email setup - we've got everything working perfect with LDAP logins authenticating against AD and so forth, but we're having issues with retrieving the maxStorage value from AD (this is a pre-setup field in AD that we'd like to use to set per user quotas).
In our LDAP lookup, we have the maxStorage entry listed under user_attrs for the quota (user_attrs = maxStorage=quota_rule=*:storage=%$M), and in the debug logs, can see it trying to get the entry, but it fails with: Mar 27 13:19:27 auth: Debug: ldap(username@site,192.168.1.5): user search: base=dc=site,dc=local scope=subtree filter=(&(objectClass=person)(| (userPrincipalName=username@site) (|(mail=username@site)(samAccountName=username@site)))) fields=maxStorage Mar 27 13:19:27 auth: Debug: ldap(username@site,192.168.1.5): no fields returned by the server
At this point, we then see the default quota applied.
Try to change your quota rule to be like: maxStorage=quota_rule=*:bytes=%$ ^^^^^^^^^ And put the value in bytes to maxStorage - if I remember correct - this is integer field and no K\M\G values is valid here.
PS We successfully using maxStorage field to obtain non-default quota from AD, dovecot version 2.0.x
If we change the name of the field from maxStorage to instanceType we see the value show up in the logs and passed through to the quota system and applied successfully: Mar 27 11:09:01 auth: Debug: ldap(username@site,192.168.1.5): user search: base=dc=site,dc=local scope=subtree filter=(&(objectClass=person)(| (userPrincipalName=username@site) (|(mail=username@site)(samAccountName=username@site)))) fields=instanceType Mar 27 11:09:01 auth: Debug: ldap(username@site,192.168.1.5): result: instanceType(quota_rule=*:storage=%$M)=*:storage=4M Mar 27 11:09:01 auth: Debug: master out: USER 3901227009 username@site quota_rule=*:storage=4M
Which seems a bit weird.
If we use ldapsearch and pass it the same search string and look for the field maxStorage, we clearly see the field and the value being returned. The result looks the same if we also lookup instanceType.
We're using Dovecot 2.0.9.
Does anyone have any idea as to why we can't use this field?
Thanks,
Andrew
On 28 March 2012 09:36, Bruce, Andrew abruce@tumnus.co.nz wrote:
On 27 March 2012 19:14, Nikita Koshikov koshikov@gmail.com wrote:
On Tue, 27 Mar 2012 13:57:04 +1300 Bruce, Andrew wrote:
Hi there,
We're setting up a Dovecot virtual email setup - we've got everything working perfect with LDAP logins authenticating against AD and so forth, but we're having issues with retrieving the maxStorage value from AD (this is a pre-setup field in AD that we'd like to use to set per user quotas).
In our LDAP lookup, we have the maxStorage entry listed under user_attrs for the quota (user_attrs = maxStorage=quota_rule=*:storage=%$M), and in the debug logs, can see it trying to get the entry, but it fails with: Mar 27 13:19:27 auth: Debug: ldap(username@site,192.168.1.5): user search: base=dc=site,dc=local scope=subtree filter=(&(objectClass=person)(| (userPrincipalName=username@site) (|(mail=username@site)(samAccountName=username@site)))) fields=maxStorage Mar 27 13:19:27 auth: Debug: ldap(username@site,192.168.1.5): no fields returned by the server
At this point, we then see the default quota applied.
Try to change your quota rule to be like: maxStorage=quota_rule=*:bytes=%$ ^^^^^^^^^ And put the value in bytes to maxStorage - if I remember correct - this is integer field and no K\M\G values is valid here.
PS We successfully using maxStorage field to obtain non-default quota from AD, dovecot version 2.0.x
If we change the name of the field from maxStorage to instanceType we see the value show up in the logs and passed through to the quota system and applied successfully: Mar 27 11:09:01 auth: Debug: ldap(username@site,192.168.1.5): user search: base=dc=site,dc=local scope=subtree filter=(&(objectClass=person)(| (userPrincipalName=username@site) (|(mail=username@site)(samAccountName=username@site)))) fields=instanceType Mar 27 11:09:01 auth: Debug: ldap(username@site,192.168.1.5): result: instanceType(quota_rule=*:storage=%$M)=*:storage=4M Mar 27 11:09:01 auth: Debug: master out: USER 3901227009 username@site quota_rule=*:storage=4M
Which seems a bit weird.
If we use ldapsearch and pass it the same search string and look for the field maxStorage, we clearly see the field and the value being returned. The result looks the same if we also lookup instanceType.
We're using Dovecot 2.0.9.
Does anyone have any idea as to why we can't use this field?
Thanks,
Andrew
Tried your suggestion Nikita, no joy unfortunately. It still looks like the value never gets returned from the LDAP server to Dovecot. It definitely has something in the field (equivalent of 10GB, but in bytes as suggested) and I changed the user_attrs also, but still get the same "no fields returned by the server" error message.
Modifying the user_attrs to lookup from a different field (instanceType) definitely works.
What exact version are you using - perhaps it's a problem with our copy of 2.0.9.
Thanks,
Andrew
On 28 March 2012 09:39, Bruce, Andrew abruce@tumnus.co.nz wrote:
On 28 March 2012 09:36, Bruce, Andrew abruce@tumnus.co.nz wrote:
On 27 March 2012 19:14, Nikita Koshikov koshikov@gmail.com wrote:
On Tue, 27 Mar 2012 13:57:04 +1300 Bruce, Andrew wrote:
Hi there,
We're setting up a Dovecot virtual email setup - we've got everything working perfect with LDAP logins authenticating against AD and so forth, but we're having issues with retrieving the maxStorage value from AD (this is a pre-setup field in AD that we'd like to use to set per user quotas).
In our LDAP lookup, we have the maxStorage entry listed under user_attrs for the quota (user_attrs = maxStorage=quota_rule=*:storage=%$M), and in the debug logs, can see it trying to get the entry, but it fails with: Mar 27 13:19:27 auth: Debug: ldap(username@site,192.168.1.5): user search: base=dc=site,dc=local scope=subtree filter=(&(objectClass=person)(| (userPrincipalName=username@site) (|(mail=username@site)(samAccountName=username@site)))) fields=maxStorage Mar 27 13:19:27 auth: Debug: ldap(username@site,192.168.1.5): no fields returned by the server
At this point, we then see the default quota applied.
Try to change your quota rule to be like: maxStorage=quota_rule=*:bytes=%$ ^^^^^^^^^ And put the value in bytes to maxStorage - if I remember correct - this is integer field and no K\M\G values is valid here.
PS We successfully using maxStorage field to obtain non-default quota from AD, dovecot version 2.0.x
If we change the name of the field from maxStorage to instanceType we see the value show up in the logs and passed through to the quota system and applied successfully: Mar 27 11:09:01 auth: Debug: ldap(username@site,192.168.1.5): user search: base=dc=site,dc=local scope=subtree filter=(&(objectClass=person)(| (userPrincipalName=username@site) (|(mail=username@site)(samAccountName=username@site)))) fields=instanceType Mar 27 11:09:01 auth: Debug: ldap(username@site,192.168.1.5): result: instanceType(quota_rule=*:storage=%$M)=*:storage=4M Mar 27 11:09:01 auth: Debug: master out: USER 3901227009 username@site quota_rule=*:storage=4M
Which seems a bit weird.
If we use ldapsearch and pass it the same search string and look for the field maxStorage, we clearly see the field and the value being returned. The result looks the same if we also lookup instanceType.
We're using Dovecot 2.0.9.
Does anyone have any idea as to why we can't use this field?
Thanks,
Andrew
Tried your suggestion Nikita, no joy unfortunately. It still looks like the value never gets returned from the LDAP server to Dovecot. It definitely has something in the field (equivalent of 10GB, but in bytes as suggested) and I changed the user_attrs also, but still get the same "no fields returned by the server" error message.
Modifying the user_attrs to lookup from a different field (instanceType) definitely works.
What exact version are you using - perhaps it's a problem with our copy of 2.0.9.
Thanks,
Andrew
Further investigation shows that there are a few other fields that we can't retrieve in Dovecot, but can using the same search string and lookup user with ldapsearch. maxStorage is obviously one, but I tried a couple of other fields of varying types: mobile - Octet String and logonCount - Integer. Doesn't seem to be the type that restricts the search, just some fields won't return.
On 28.3.2012, at 0.06, Bruce, Andrew wrote:
Mar 27 13:19:27 auth: Debug: ldap(username@site,192.168.1.5): no fields returned by the server .. Further investigation shows that there are a few other fields that we can't retrieve in Dovecot,
Looks to me like you can't retrieve any fields from LDAP, possibly because the dn user doesn't have access to the information or some other reason.
On Wed, 28 Mar 2012 09:39:37 +1300 Bruce, Andrew wrote:
On 28 March 2012 09:36, Bruce, Andrew abruce@tumnus.co.nz wrote:
On 27 March 2012 19:14, Nikita Koshikov koshikov@gmail.com wrote:
On Tue, 27 Mar 2012 13:57:04 +1300 Bruce, Andrew wrote:
Hi there,
We're setting up a Dovecot virtual email setup - we've got everything working perfect with LDAP logins authenticating against AD and so forth, but we're having issues with retrieving the maxStorage value from AD (this is a pre-setup field in AD that we'd like to use to set per user quotas).
In our LDAP lookup, we have the maxStorage entry listed under user_attrs for the quota (user_attrs = maxStorage=quota_rule=*:storage=%$M), and in the debug logs, can see it trying to get the entry, but it fails with: Mar 27 13:19:27 auth: Debug: ldap(username@site,192.168.1.5): user search: base=dc=site,dc=local scope=subtree filter=(&(objectClass=person)(| (userPrincipalName=username@site) (|(mail=username@site)(samAccountName=username@site)))) fields=maxStorage Mar 27 13:19:27 auth: Debug: ldap(username@site,192.168.1.5): no fields returned by the server
At this point, we then see the default quota applied.
Try to change your quota rule to be like: maxStorage=quota_rule=*:bytes=%$ ^^^^^^^^^ And put the value in bytes to maxStorage - if I remember correct - this is integer field and no K\M\G values is valid here.
PS We successfully using maxStorage field to obtain non-default quota from AD, dovecot version 2.0.x
If we change the name of the field from maxStorage to instanceType we see the value show up in the logs and passed through to the quota system and applied successfully: Mar 27 11:09:01 auth: Debug: ldap(username@site,192.168.1.5): user search: base=dc=site,dc=local scope=subtree filter=(&(objectClass=person)(| (userPrincipalName=username@site) (|(mail=username@site)(samAccountName=username@site)))) fields=instanceType Mar 27 11:09:01 auth: Debug: ldap(username@site,192.168.1.5): result: instanceType(quota_rule=*:storage=%$M)=*:storage=4M Mar 27 11:09:01 auth: Debug: master out: USER 3901227009 username@site quota_rule=*:storage=4M
Which seems a bit weird.
If we use ldapsearch and pass it the same search string and look for the field maxStorage, we clearly see the field and the value being returned. The result looks the same if we also lookup instanceType.
We're using Dovecot 2.0.9.
Does anyone have any idea as to why we can't use this field?
Thanks,
Andrew
Tried your suggestion Nikita, no joy unfortunately. It still looks like the value never gets returned from the LDAP server to Dovecot. It definitely has something in the field (equivalent of 10GB, but in bytes as suggested) and I changed the user_attrs also, but still get the same "no fields returned by the server" error message.
Modifying the user_attrs to lookup from a different field (instanceType) definitely works.
What exact version are you using - perhaps it's a problem with our copy of 2.0.9.
Thanks,
Andrew
Show your full dovecot-ldap.conf file, also what port do you using ? maybe you met restriction of ldap port 3268?(http://wiki2.dovecot.org/AuthDatabase/LDAP)
And show exact result of ldapsearch tool, binding under user from dovecot-ldap.conf + debug for this user when it trying to login and 'doveadm -D quota get -u $user' for this one.
Also ensure that your search query returns only 1 result.
We are using dovecot 2.0.19 now, but all versions of dovecot 2.0 branch was there in the past. I'm updating server since version 2.0.1 - no problem found.
On 28/03/2012 19:25, Nikita Koshikov wrote:
On Wed, 28 Mar 2012 09:39:37 +1300 Bruce, Andrew wrote:
On 27 March 2012 19:14, Nikita Koshikovkoshikov@gmail.com wrote:
On Tue, 27 Mar 2012 13:57:04 +1300 Bruce, Andrew wrote:
Hi there,
We're setting up a Dovecot virtual email setup - we've got everything working perfect with LDAP logins authenticating against AD and so forth, but we're having issues with retrieving the maxStorage value from AD (this is a pre-setup field in AD that we'd like to use to set per user quotas).
In our LDAP lookup, we have the maxStorage entry listed under user_attrs for the quota (user_attrs = maxStorage=quota_rule=*:storage=%$M), and in the debug logs, can see it trying to get the entry, but it fails with: Mar 27 13:19:27 auth: Debug: ldap(username@site,192.168.1.5): user search: base=dc=site,dc=local scope=subtree filter=(&(objectClass=person)(| (userPrincipalName=username@site) (|(mail=username@site)(samAccountName=username@site)))) fields=maxStorage Mar 27 13:19:27 auth: Debug: ldap(username@site,192.168.1.5): no fields returned by the server
At this point, we then see the default quota applied.
Try to change your quota rule to be like: maxStorage=quota_rule=*:bytes=%$ ^^^^^^^^^ And put the value in bytes to maxStorage - if I remember correct - this is integer field and no K\M\G values is valid here.
PS We successfully using maxStorage field to obtain non-default quota from AD, dovecot version 2.0.x
If we change the name of the field from maxStorage to instanceType we see the value show up in the logs and passed through to the quota system and applied successfully: Mar 27 11:09:01 auth: Debug: ldap(username@site,192.168.1.5): user search: base=dc=site,dc=local scope=subtree filter=(&(objectClass=person)(| (userPrincipalName=username@site) (|(mail=username@site)(samAccountName=username@site)))) fields=instanceType Mar 27 11:09:01 auth: Debug: ldap(username@site,192.168.1.5): result: instanceType(quota_rule=*:storage=%$M)=*:storage=4M Mar 27 11:09:01 auth: Debug: master out: USER 3901227009 username@site quota_rule=*:storage=4M
Which seems a bit weird.
If we use ldapsearch and pass it the same search string and look for the field maxStorage, we clearly see the field and the value being returned. The result looks the same if we also lookup instanceType.
We're using Dovecot 2.0.9.
Does anyone have any idea as to why we can't use this field?
Thanks,
Andrew Tried your suggestion Nikita, no joy unfortunately. It still looks
On 28 March 2012 09:36, Bruce, Andrewabruce@tumnus.co.nz wrote: like the value never gets returned from the LDAP server to Dovecot. It definitely has something in the field (equivalent of 10GB, but in bytes as suggested) and I changed the user_attrs also, but still get the same "no fields returned by the server" error message.
Modifying the user_attrs to lookup from a different field (instanceType) definitely works.
What exact version are you using - perhaps it's a problem with our copy of 2.0.9.
Thanks,
Andrew maybe you met restriction of ldap port 3268?(http://wiki2.dovecot.org/AuthDatabase/LDAP)
Dead on - it was a restriction of ldap port 3268 - as soon as we pointed ldapsearch at the same port, we got the same result - some of the fields were missing. It all makes perfect sense and I wish I noticed that earlier.
Now need to work out why Dovecot can get the fields and username back from ldap on port 389, but it can't do the auth through it like it could with 3268.
Thanks Nikita for your help.
Andrew
On 30 March 2012 08:05, Andrew Bruce abruce@tumnus.co.nz wrote:
On 28/03/2012 19:25, Nikita Koshikov wrote:
On Wed, 28 Mar 2012 09:39:37 +1300 Bruce, Andrew wrote:
On 28 March 2012 09:36, Bruce, Andrewabruce@tumnus.co.nz wrote:
On 27 March 2012 19:14, Nikita Koshikovkoshikov@gmail.com wrote:
On Tue, 27 Mar 2012 13:57:04 +1300 Bruce, Andrew wrote:
Hi there,
We're setting up a Dovecot virtual email setup - we've got everything working perfect with LDAP logins authenticating against AD and so forth, but we're having issues with retrieving the maxStorage value from AD (this is a pre-setup field in AD that we'd like to use to set per user quotas).
In our LDAP lookup, we have the maxStorage entry listed under user_attrs for the quota (user_attrs = maxStorage=quota_rule=*:storage=%$M), and in the debug logs, can see it trying to get the entry, but it fails with: Mar 27 13:19:27 auth: Debug: ldap(username@site,192.168.1.5): user search: base=dc=site,dc=local scope=subtree filter=(&(objectClass=person)(| (userPrincipalName=username@site) (|(mail=username@site)(samAccountName=username@site)))) fields=maxStorage Mar 27 13:19:27 auth: Debug: ldap(username@site,192.168.1.5): no fields returned by the server
At this point, we then see the default quota applied.
Try to change your quota rule to be like: maxStorage=quota_rule=*:bytes=%$ ^^^^^^^^^ And put the value in bytes to maxStorage - if I remember correct - this is integer field and no K\M\G values is valid here.
PS We successfully using maxStorage field to obtain non-default quota from AD, dovecot version 2.0.x
If we change the name of the field from maxStorage to instanceType we see the value show up in the logs and passed through to the quota system and applied successfully: Mar 27 11:09:01 auth: Debug: ldap(username@site,192.168.1.5): user search: base=dc=site,dc=local scope=subtree filter=(&(objectClass=person)(| (userPrincipalName=username@site) (|(mail=username@site)(samAccountName=username@site)))) fields=instanceType Mar 27 11:09:01 auth: Debug: ldap(username@site,192.168.1.5): result: instanceType(quota_rule=*:storage=%$M)=*:storage=4M Mar 27 11:09:01 auth: Debug: master out: USER 3901227009 username@site quota_rule=*:storage=4M
Which seems a bit weird.
If we use ldapsearch and pass it the same search string and look for the field maxStorage, we clearly see the field and the value being returned. The result looks the same if we also lookup instanceType.
We're using Dovecot 2.0.9.
Does anyone have any idea as to why we can't use this field?
Thanks,
Andrew
Tried your suggestion Nikita, no joy unfortunately. It still looks like the value never gets returned from the LDAP server to Dovecot. It definitely has something in the field (equivalent of 10GB, but in bytes as suggested) and I changed the user_attrs also, but still get the same "no fields returned by the server" error message.
Modifying the user_attrs to lookup from a different field (instanceType) definitely works.
What exact version are you using - perhaps it's a problem with our copy of 2.0.9.
Thanks,
Andrew
maybe you met restriction of ldap port 3268?(http://wiki2.dovecot.org/AuthDatabase/LDAP)
Dead on - it was a restriction of ldap port 3268 - as soon as we pointed ldapsearch at the same port, we got the same result - some of the fields were missing. It all makes perfect sense and I wish I noticed that earlier.
Now need to work out why Dovecot can get the fields and username back from ldap on port 389, but it can't do the auth through it like it could with 3268.
Thanks Nikita for your help.
Andrew
Just to update the solution for us in the end...
We couldn't get auth to work on port 389, but in the end we managed to get the maxStorage field to be presented via the query on port 3268.
What we needed to do was to ensure that it was added as an attribute to the Global Catalog on our Windows Servers.
We could then get this entry back via our query.
There's instructions on how to do this on the following page: http://technet.microsoft.com/en-us/library/cc737521(v=ws.10).aspx
Thanks for the help.
Regards,
Andrew
participants (4)
-
Andrew Bruce
-
Bruce, Andrew
-
Nikita Koshikov
-
Timo Sirainen