[Dovecot] Quota based on LDAP group

Timo Sirainen tss at iki.fi
Tue Jun 25 00:13:05 EEST 2013

On 25.6.2013, at 0.05, Pavel Herrmann <morpheus.ibis at gmail.com> wrote:

>> Sounds like you need to do two LDAP lookups and merge them. That requires
>> Dovecot v2.2.
> Sure, I am open to upgrading, if it solves the issue.
> I would actually need more than 2 requests, as AD supports recursive groups (a 
> group being member of another group), which I do use.
> One possible issue is that from what I can see on the wiki does not really 
> work with how groups in LDAP usually work. What I would need is the opposite 
> direction - locate a group that has "member=myUserDn" attribute, look whether 
> it has quota attribute set, if not use the group DN as myUserDn and repeat the 
> search.
> Granted, AD has a backlink "memberOf" attribute, but I am still left with 
> recursively looking up whether the group has a quota attribute, and whether it 
> is a member of another group (cyclic membership is not possible AFAIK). Is 
> this possible with Dovecot 2.2?

http://wiki2.dovecot.org/AuthDatabase/LDAP/Userdb -> "Subqueries and pointers" does what you need I think. My head can't really follow LDAP stuff well enough to say for sure.

More information about the dovecot mailing list