[Dovecot] LDAP Lookup not returning value in maxStorage

Bruce, Andrew abruce at tumnus.co.nz
Wed Mar 28 00:06:55 EEST 2012


On 28 March 2012 09:39, Bruce, Andrew <abruce at tumnus.co.nz> wrote:
> On 28 March 2012 09:36, Bruce, Andrew <abruce at tumnus.co.nz> wrote:
>> On 27 March 2012 19:14, Nikita Koshikov <koshikov at gmail.com> wrote:
>>> On Tue, 27 Mar 2012 13:57:04 +1300
>>> Bruce, Andrew wrote:
>>>
>>> Hi there,
>>>
>>> We're setting up a Dovecot virtual email setup - we've got everything
>>> working perfect with LDAP logins authenticating against AD and so
>>> forth, but we're having issues with retrieving the maxStorage value
>>> from AD (this is a pre-setup field in AD that we'd like to use to set
>>> per user quotas).
>>>
>>> In our LDAP lookup, we have the maxStorage entry listed under
>>> user_attrs for the quota (user_attrs =
>>> maxStorage=quota_rule=*:storage=%$M), and in the debug logs, can see
>>> it trying to get the entry, but it fails with:
>>> Mar 27 13:19:27 auth: Debug: ldap(username at site,192.168.1.5): user
>>> search: base=dc=site,dc=local scope=subtree
>>> filter=(&(objectClass=person)(| (userPrincipalName=username at site)
>>> (|(mail=username at site)(samAccountName=username at site))))
>>> fields=maxStorage
>>> Mar 27 13:19:27 auth: Debug: ldap(username at site,192.168.1.5): no
>>> fields returned by the server
>>>
>>> At this point, we then see the default quota applied.
>>>
>> Try to change your quota rule to be like:
>> maxStorage=quota_rule=*:bytes=%$
>>                        ^^^^^^^^^
>> And put the value in bytes to maxStorage - if I remember correct - this is integer field and no K\M\G values is valid here.
>>
>> PS We successfully using maxStorage field to obtain non-default quota from AD, dovecot version 2.0.x
>>>
>>> If we change the name of the field from maxStorage to instanceType we
>>> see the value show up in the logs and passed through to the quota
>>> system and applied successfully:
>>> Mar 27 11:09:01 auth: Debug: ldap(username at site,192.168.1.5): user
>>> search: base=dc=site,dc=local scope=subtree
>>> filter=(&(objectClass=person)(| (userPrincipalName=username at site)
>>> (|(mail=username at site)(samAccountName=username at site))))
>>> fields=instanceType
>>> Mar 27 11:09:01 auth: Debug: ldap(username at site,192.168.1.5): result:
>>> instanceType(quota_rule=*:storage=%$M)=*:storage=4M
>>> Mar 27 11:09:01 auth: Debug: master out: USER   3901227009
>>> username at site    quota_rule=*:storage=4M
>>>
>>>
>>> Which seems a bit weird.
>>>
>>> If we use ldapsearch and pass it the same search string and look for
>>> the field maxStorage, we clearly see the field and the value being
>>> returned.  The result looks the same if we also lookup instanceType.
>>>
>>> We're using Dovecot 2.0.9.
>>>
>>> Does anyone have any idea as to why we can't use this field?
>>>
>>> Thanks,
>>>
>>> Andrew
>
> Tried your suggestion Nikita, no joy unfortunately.  It still looks
> like the value never gets returned from the LDAP server to Dovecot.
> It definitely has something in the field (equivalent of 10GB, but in
> bytes as suggested) and I changed the user_attrs also, but still get
> the same "no fields returned by the server" error message.
>
> Modifying the user_attrs to lookup from a different field
> (instanceType) definitely works.
>
> What exact version are you using - perhaps it's a problem with our
> copy of 2.0.9.
>
> Thanks,
>
> Andrew

Further investigation shows that there are a few other fields that we
can't retrieve in Dovecot, but can using the same search string and
lookup user with ldapsearch.  maxStorage is obviously one, but I tried
a couple of other fields of varying types: mobile - Octet String and
logonCount - Integer.  Doesn't seem to be the type that restricts the
search, just some fields won't return.



More information about the dovecot mailing list