[Dovecot] LDAP Lookup not returning value in maxStorage

Nikita Koshikov koshikov at gmail.com
Wed Mar 28 09:25:34 EEST 2012


On Wed, 28 Mar 2012 09:39:37 +1300
Bruce, Andrew wrote:

> On 28 March 2012 09:36, Bruce, Andrew <abruce at tumnus.co.nz> wrote:
> > On 27 March 2012 19:14, Nikita Koshikov <koshikov at gmail.com> wrote:
> >> On Tue, 27 Mar 2012 13:57:04 +1300
> >> Bruce, Andrew wrote:
> >>
> >> Hi there,
> >>
> >> We're setting up a Dovecot virtual email setup - we've got everything
> >> working perfect with LDAP logins authenticating against AD and so
> >> forth, but we're having issues with retrieving the maxStorage value
> >> from AD (this is a pre-setup field in AD that we'd like to use to set
> >> per user quotas).
> >>
> >> In our LDAP lookup, we have the maxStorage entry listed under
> >> user_attrs for the quota (user_attrs =
> >> maxStorage=quota_rule=*:storage=%$M), and in the debug logs, can see
> >> it trying to get the entry, but it fails with:
> >> Mar 27 13:19:27 auth: Debug: ldap(username at site,192.168.1.5): user
> >> search: base=dc=site,dc=local scope=subtree
> >> filter=(&(objectClass=person)(| (userPrincipalName=username at site)
> >> (|(mail=username at site)(samAccountName=username at site))))
> >> fields=maxStorage
> >> Mar 27 13:19:27 auth: Debug: ldap(username at site,192.168.1.5): no
> >> fields returned by the server
> >>
> >> At this point, we then see the default quota applied.
> >>
> > Try to change your quota rule to be like:
> > maxStorage=quota_rule=*:bytes=%$
> >                        ^^^^^^^^^
> > And put the value in bytes to maxStorage - if I remember correct - this is integer field and no K\M\G values is valid here.
> >
> > PS We successfully using maxStorage field to obtain non-default quota from AD, dovecot version 2.0.x
> >>
> >> If we change the name of the field from maxStorage to instanceType we
> >> see the value show up in the logs and passed through to the quota
> >> system and applied successfully:
> >> Mar 27 11:09:01 auth: Debug: ldap(username at site,192.168.1.5): user
> >> search: base=dc=site,dc=local scope=subtree
> >> filter=(&(objectClass=person)(| (userPrincipalName=username at site)
> >> (|(mail=username at site)(samAccountName=username at site))))
> >> fields=instanceType
> >> Mar 27 11:09:01 auth: Debug: ldap(username at site,192.168.1.5): result:
> >> instanceType(quota_rule=*:storage=%$M)=*:storage=4M
> >> Mar 27 11:09:01 auth: Debug: master out: USER   3901227009
> >> username at site    quota_rule=*:storage=4M
> >>
> >>
> >> Which seems a bit weird.
> >>
> >> If we use ldapsearch and pass it the same search string and look for
> >> the field maxStorage, we clearly see the field and the value being
> >> returned.  The result looks the same if we also lookup instanceType.
> >>
> >> We're using Dovecot 2.0.9.
> >>
> >> Does anyone have any idea as to why we can't use this field?
> >>
> >> Thanks,
> >>
> >> Andrew
> 
> Tried your suggestion Nikita, no joy unfortunately.  It still looks
> like the value never gets returned from the LDAP server to Dovecot.
> It definitely has something in the field (equivalent of 10GB, but in
> bytes as suggested) and I changed the user_attrs also, but still get
> the same "no fields returned by the server" error message.
> 
> Modifying the user_attrs to lookup from a different field
> (instanceType) definitely works.
> 
> What exact version are you using - perhaps it's a problem with our
> copy of 2.0.9.
> 
> Thanks,
> 
> Andrew

Show your full dovecot-ldap.conf file, also what port do you using ? maybe you met restriction of ldap port 3268?(http://wiki2.dovecot.org/AuthDatabase/LDAP) 

And show exact result of ldapsearch tool, binding under user from dovecot-ldap.conf + debug for this user when it trying to login and 'doveadm -D  quota get -u $user' for this one.

Also ensure that your search query returns only 1 result.

We are using dovecot 2.0.19 now, but all versions of dovecot 2.0 branch was there in the past. I'm updating server since version 2.0.1 - no problem found.




More information about the dovecot mailing list