how to make user iteration work (with active directory ldap)

Fri Jul 7 10:33:29 EEST 2017

We received no replies to this email that we sent a few days ago. We're 
not sure why. If we miss something that is obvious to everybody, kindly 
point it out.
We ẃould like to get iteration working, to be able to mass-delete 
specific emails from all mailboxes, in case of for example received 
virusses...

Here is my question again:

Hi,

User iteration doesn't work, we're getting:
> auth: Error: Trying to iterate users, but userdbs don't support it

The way I understand it, I need to set iterate_attrs and iterate_filter 
for iteration to work. I have set it (see configs below) and yet dovecot 
says "userdbs don't support it". What else do I need to do to enable it?

Our config is against samba Active Directory ldap and generally works 
fine. Can anyone here take a quick look at the configs below, and tell 
me how to make
  doveadm user -u "*"
work?

Below are our configs. Any tips would be appreciated...!

MJ

> root at dovetest:/etc/dovecot# doveconf -n
> # 2.2.26.0 (23d1de6): /etc/dovecot/dovecot.conf
> # Pigeonhole version 0.4.16 (fed8554)
> # OS: Linux 3.16.0-4-amd64 x86_64 Debian 8.7 xfs
> auth_debug = yes
> auth_debug_passwords = yes
> auth_failure_delay = 400 secs
> auth_master_user_separator = *
> auth_mechanisms = plain login
> auth_username_format = %Ln
> auth_verbose = yes
> auth_verbose_passwords = plain
> debug_log_path = /var/log/dovecot/dovecot.debug
> deliver_log_format = %f | %s | msgid=%m: %$
> disable_plaintext_auth = no
> info_log_path = /var/log/dovecot/dovecot.info
> lda_mailbox_autocreate = yes
> lda_mailbox_autosubscribe = yes
> log_path = /var/log/dovecot/dovecot.err
> login_greeting = Dovecot ready.
> mail_gid = vmail
> mail_location = maildir:/var/vmail/%Ln/Maildir:LAYOUT=fs:DIRNAME=mAildir
> mail_plugins = acl lazy_expunge zlib quota mail_log notify
> mail_uid = vmail
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave
> namespace {
>   list = children
>   location = maildir:/var/vmail/%%u/Maildir:LAYOUT=fs:DIRNAME=mAildir:INDEX=/var/vmail/%u/shared/%%u
>   prefix = shared/%%n/
>   separator = /
>   subscriptions = no
>   type = shared
> }
> namespace inbox {
>   inbox = yes
>   location = 
>   mailbox "Deleted items" {
>     special_use = \Trash
>   }
>   mailbox Drafts {
>     special_use = \Drafts
>   }
>   mailbox Junk {
>     special_use = \Junk
>   }
>   mailbox Sent {
>     special_use = \Sent
>   }
>   mailbox "Sent items" {
>     special_use = \Sent
>   }
>   mailbox Trash {
>     special_use = \Trash
>   }
>   mailbox inbox {
>     auto = subscribe
>   }
>   prefix = 
>   separator = /
>   type = private
> }
> passdb {
>   args = /etc/dovecot/master-users
>   driver = passwd-file
>   master = yes
> }
> passdb {
>   args = failure_show_msg=yes dovecot
>   driver = pam
> }
> passdb {
>   args = /etc/dovecot/dovecot-ldap.conf.ext
>   driver = ldap
>   skip = authenticated
> }
> plugin {
>   acl = vfile
>   acl_shared_dict = file:/var/lib/dovecot/db/shared-mailboxes.db
>   mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename append
>   mail_log_fields = uid box msgid from subject
>   quota = maildir
>   quota_rule = ?:storage=5G
>   quota_rule2 = Trash:storage=+100M
>   quota_warning = storage=97%% quota-warning 97 %u
>   quota_warning2 = storage=95%% quota-warning 95 %u
>   quota_warning3 = storage=90%% quota-warning 90 %u
>   quota_warning4 = storage=85%% quota-warning 85 %u
>   quota_warning5 = storage=80%% quota-warning 80 %u
>   quota_warning6 = -storage=100%% quota-warning below %u
>   sieve = ~/.dovecot.sieve
>   sieve_default = /var/lib/dovecot/default.sieve
>   sieve_dir = ~/sieve
> }
> protocols = imap lmtp sieve
> service auth {
>   unix_listener /var/spool/postfix/private/auth {
>     mode = 0666
>   }
>   unix_listener auth-userdb {
>     group = vmail
>     mode = 0666
>     user = vmail
>   }
> }
> service imap-login {
>   process_limit = 500
>   process_min_avail = 2
> }
> service quota-warning {
>   executable = script /usr/local/bin/quota-warning.sh
>   unix_listener quota-warning {
>     user = vmail
>   }
>   user = dovecot
> }
> ssl_ca = </etc/ssl/comodo/chain.crt
> ssl_cert = </etc/ssl/comodo/server.crt
> ssl_key =  # hidden, use -P to show it
> ssl_protocols = !SSLv2 !SSLv3
> userdb {
>   args = uid=vmail gid=vmail home=/var/vmail/%n allow_all_users=yes
>   driver = static
> }
> verbose_proctitle = yes
> protocol lda {
>   mail_plugins = acl lazy_expunge zlib quota mail_log notify sieve quota
> }
> protocol imap {
>   imap_max_line_length = 2 M
>   mail_max_userip_connections = 30
>   mail_plugins = acl lazy_expunge zlib quota mail_log notify imap_quota imap_acl
> }

and dovecot-ldap.conf.ext:
> hosts = 127.0.0.1:391
> dn = cn=search,cn=users,dc=company,dc=com
> dnpass = secret
> tls = no
> debug_level = 0
> auth_bind = yes
> base = CN=Users, DC=samba, DC=cmpany, DC=com
> scope = subtree
> user_attrs = =home=/var/vmail/%n/Maildir:LAYOUT=fs:DIRNAME=mAildir:INDEX=/var/vmail/%n/shared/%n,=mail=maildir:/var/vmail/%n/Maildir:LAYOUT=fs:DIRNAME=mAildir:INDEX=/var/vmail/%n/shared/%n
> user_filter = (&(objectclass=person)(sAMAccountName=%n)(!(userAccountControl=514)))
> pass_filter = (&(objectclass=person)(sAMAccountName=%n)(!(userAccountControl=514)))
> iterate_attrs = sAMAccountName=user
> iterate_filter = (objectClass=person)