[Dovecot] Quota based on LDAP group

Pavel Herrmann morpheus.ibis at gmail.com
Tue Jun 25 00:23:01 EEST 2013


On Tuesday 25 of June 2013 00:13:05 Timo Sirainen wrote:
> On 25.6.2013, at 0.05, Pavel Herrmann <morpheus.ibis at gmail.com> wrote:
> >> Sounds like you need to do two LDAP lookups and merge them. That requires
> >> Dovecot v2.2.
> > 
> > Sure, I am open to upgrading, if it solves the issue.
> > 
> > I would actually need more than 2 requests, as AD supports recursive
> > groups (a group being member of another group), which I do use.
> > 
> > One possible issue is that from what I can see on the wiki does not really
> > work with how groups in LDAP usually work. What I would need is the
> > opposite direction - locate a group that has "member=myUserDn" attribute,
> > look whether it has quota attribute set, if not use the group DN as
> > myUserDn and repeat the search.
> > Granted, AD has a backlink "memberOf" attribute, but I am still left with
> > recursively looking up whether the group has a quota attribute, and
> > whether it is a member of another group (cyclic membership is not
> > possible AFAIK). Is this possible with Dovecot 2.2?
> http://wiki2.dovecot.org/AuthDatabase/LDAP/Userdb -> "Subqueries and
> pointers" does what you need I think. My head can't really follow LDAP
> stuff well enough to say for sure.

Yeah, I figured that one out. the thing I dont see is how I set this up to work 
recursively (until the quota attribute is found). What I need is something 
similar to postfix "special_result_attribute" and "leaf_result_attribute" 
options (with the exception that I need to select one/closest of the 
attributes found, whereas postfix gets them all)

Pavel Herrmann

More information about the dovecot mailing list