Return extra fields from passwd userdb

Michele Petrella petrella at AFASystems.it
Fri Jul 21 19:38:08 EEST 2017


Hi,

each user exists in one db.

I changed configuration:

# 2.2.29.1 (e0b76e3): /var/etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.18 (29cc74d)
# OS: Linux 3.10.55-gentoo i686 SuSE Linux 7.1 (i386)
auth_debug = yes
debug_log_path = /var/log/dovecot/dovecot_debug.log
disable_plaintext_auth = no
info_log_path = /var/log/state.mail/dovecot.pipe
log_path = /var/log/dovecot/dovecot.log
mail_debug = yes
mail_gid = users
mail_location = maildir:~/.maildir
mail_plugins = acl quota
mail_shared_explicit_inbox = yes
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope 
encoded-character vacation subaddress comparator-i;ascii-numeric 
relational regex imap4flags copy include variables body enotify 
environment mailbox date ihave duplicate
namespace {
   list = yes
   location = maildir:/data/home/vmail/public
   prefix = Public/
   separator = /
   subscriptions = no
   type = public
}
namespace {
   list = children
   location = maildir:/data/home/%%n/.maildir:INDEX=~/.maildir/shared/%%u
   prefix = Shared/%%u/
   separator = /
   subscriptions = no
   type = shared
}
namespace inbox {
   inbox = yes
   list = yes
   location =
   mailbox Cestino {
     special_use = \Trash
   }
   mailbox Drafts {
     special_use = \Drafts
   }
   mailbox Junk {
     special_use = \Junk
   }
   mailbox "Posta inviata" {
     special_use = \Sent
   }
   mailbox Sent {
     special_use = \Sent
   }
   mailbox "Sent Messages" {
     special_use = \Sent
   }
   mailbox Trash {
     special_use = \Trash
   }
   prefix =
   separator = /
   subscriptions = yes
   type = private
}
passdb {
   args = /etc/dovecot/passwd.masterusers
   driver = passwd-file
   master = yes
}
passdb {
   args = /var/etc/dovecot/dovecot-ldap.conf.ext
   driver = ldap
}
passdb {
   driver = passwd
   skip = authenticated
}
plugin {
   acl = vfile:/etc/dovecot/acl:cache_secs=300
   acl_shared_dict = file:/var/lib/dovecot-dict/shared-mailboxes
   quota = maildir:User quota
   quota_rule = *:storage=5M
   quota_rule2 = Trash:storage=+100M
   quota_rule3 = SPAM:ignore
   sieve = ~/.dovecot.sieve
   sieve_before = /var/etc/dovecot/sieve/general/
   sieve_dir = ~/sieve
   sieve_execute_bin_dir = /usr/local/bin/dovecot/sieve-execute
   sieve_filter_bin_dir = /usr/local/bin/dovecot/sieve-filter
   sieve_global_dir = /var/etc/dovecot/sieve/global/
   sieve_global_extensions = +vnd.dovecot.execute +vnd.dovecot.filter 
+vnd.dovecot.pipe +editheader
   sieve_pipe_bin_dir = /usr/local/bin/dovecot/sieve-pipe
   sieve_plugins = sieve_extprograms
}
protocols = imap pop3 lmtp sieve
service auth {
   unix_listener auth-userdb {
     group = users
   }
}
service imap-postlogin {
   executable = script-login /usr/local/bin/imap-postlogin.sh
   user = $default_internal_user
}
service imap {
   executable = imap imap-postlogin
}
ssl_cert = </conf/etc/cert/certs/services/imap_pop/majornet.crt
ssl_key = </conf/etc/cert/private/services/imap_pop/majornet.key
userdb {
   args = /var/etc/dovecot/dovecot-ldap.conf.ext
   driver = ldap
}
userdb {
   driver = passwd
}
protocol lda {
   info_log_path = /var/log/dovecot/dovecot-lda.log
   log_path = /var/log/dovecot/dovecot-lda.log
   mail_plugins = acl quota sieve
}
protocol imap {
   mail_max_userip_connections = 20
   mail_plugins = acl quota imap_acl imap_quota
}


File /var/etc/dovecot/dovecot-ldap.conf.ext is:

hosts = localhost
base = ou=mnusers,dc=majornet,dc=local
user_attrs = quota_rule=*:bytes=%{ldap:quotaBytes}


But when I run:
doveadm -D quota get -u afasystems

No extra field is returned:
doveadm(root): Debug: Loading modules from directory: /usr/lib/dovecot
doveadm(root): Debug: Module loaded: /usr/lib/dovecot/lib01_acl_plugin.so
doveadm(root): Debug: Module loaded: /usr/lib/dovecot/lib10_quota_plugin.so
doveadm(root): Debug: Loading modules from directory: 
/usr/lib/dovecot/doveadm
doveadm(root): Debug: Module loaded: 
/usr/lib/dovecot/doveadm/lib10_doveadm_acl_plugin.so
doveadm(root): Debug: Skipping module doveadm_expire_plugin, because 
dlopen() failed: 
/usr/lib/dovecot/doveadm/lib10_doveadm_expire_plugin.so: undefined 
symbol: expire_set_deinit (this is usually intentional, so just ignore 
this message)
doveadm(root): Debug: Module loaded: 
/usr/lib/dovecot/doveadm/lib10_doveadm_quota_plugin.so
doveadm(root): Debug: Module loaded: 
/usr/lib/dovecot/doveadm/lib10_doveadm_sieve_plugin.so
doveadm(root): Debug: Skipping module doveadm_fts_lucene_plugin, because 
dlopen() failed: 
/usr/lib/dovecot/doveadm/lib20_doveadm_fts_lucene_plugin.so: undefined 
symbol: lucene_index_iter_deinit (this is usually intentional, so just 
ignore this message)
doveadm(root): Debug: Skipping module doveadm_fts_plugin, because 
dlopen() failed: /usr/lib/dovecot/doveadm/lib20_doveadm_fts_plugin.so: 
undefined symbol: fts_backend_rescan (this is usually intentional, so 
just ignore this message)
doveadm(afasystems): Debug: auth input: afasystems 
system_groups_user=afasystems uid=1040 gid=100 home=/data/home/afasystems
doveadm(afasystems): Debug: Effective uid=1040, gid=100, 
home=/data/home/afasystems
doveadm(afasystems): Debug: Quota root: name=User quota backend=maildir 
args=
doveadm(afasystems): Debug: Quota rule: root=User quota mailbox=* 
bytes=5242880 messages=0
doveadm(afasystems): Debug: Quota rule: root=User quota mailbox=Trash 
bytes=+104857600 messages=0
doveadm(afasystems): Debug: Quota rule: root=User quota mailbox=SPAM ignored
doveadm(afasystems): Debug: Quota grace: root=User quota bytes=524288 (10%)
doveadm(afasystems): Debug: Namespace inbox: type=private, prefix=, 
sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes 
location=maildir:~/.maildir
doveadm(afasystems): Debug: maildir++: 
root=/data/home/afasystems/.maildir, index=, indexpvt=, control=, 
inbox=/data/home/afasystems/.maildir, alt=
doveadm(afasystems): Debug: acl: initializing backend with data: 
vfile:/etc/dovecot/acl:cache_secs=300
doveadm(afasystems): Debug: acl: acl username = afasystems
doveadm(afasystems): Debug: acl: owner = 1
doveadm(afasystems): Debug: acl vfile: Global ACL legacy directory: 
/etc/dovecot/acl
doveadm(afasystems): Debug: Namespace : type=public, prefix=Public/, 
sep=/, inbox=no, hidden=no, list=yes, subscriptions=no 
location=maildir:/data/home/vmail/public
doveadm(afasystems): Debug: maildir++: root=/data/home/vmail/public, 
index=, indexpvt=, control=, inbox=, alt=
doveadm(afasystems): Debug: acl: initializing backend with data: 
vfile:/etc/dovecot/acl:cache_secs=300
doveadm(afasystems): Debug: acl: acl username = afasystems
doveadm(afasystems): Debug: acl: owner = 0
doveadm(afasystems): Debug: acl vfile: Global ACL legacy directory: 
/etc/dovecot/acl
doveadm(afasystems): Debug: Namespace : type=shared, prefix=Shared/%u/, 
sep=/, inbox=no, hidden=no, list=children, subscriptions=no 
location=maildir:/data/home/%n/.maildir:INDEX=~/.maildir/shared/%u
doveadm(afasystems): Debug: shared: root=/var/run/dovecot, index=, 
indexpvt=, control=, inbox=, alt=
doveadm(afasystems): Debug: acl: initializing backend with data: 
vfile:/etc/dovecot/acl:cache_secs=300
doveadm(afasystems): Debug: acl: acl username = afasystems
doveadm(afasystems): Debug: acl: owner = 0
doveadm(afasystems): Debug: acl vfile: Global ACL legacy directory: 
/etc/dovecot/acl
Quota name Type    Value Limit %
User quota STORAGE  9517 5120 185
User quota MESSAGE   263 - 0


Where I am wrong?

Thank you very much




Il 20/07/2017 11:30, Steffen Kaiser ha scritto:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Thu, 20 Jul 2017, Michele Petrella wrote:
>
>> To be more accurate, all users in ldap db need to use mail, but some 
>> users in /etc/passwd file use mail too.
>
> Does users exist in both passwd and ldap?
>
>> For this reason I set up "driver=passwd" in userdb section and in 
>> /etc/nsswitch.conf I set up "passwd:         files ldap".
>
> If you did this for Dovecot, revert it.
>
>> Now I want to use dovecot per user quota to limit ldap users mailbox 
>> size. I need quota only for ldap users, no need for users in 
>> /etc/passwd file.
>>
>> Which is the correct configuration to do this?
>
> use two databases for both passdb and userdb. One using pam / passwd, 
> the other one the standard LDAP config.
>
> see: https://wiki2.dovecot.org/Authentication/MultipleDatabases
>
> Use LDAP instead of SQL userdb and passdb.
>
> I guess, you will find posts in the sense "virtual and system users".
>
> If there is no user in both databases, the order does not matter 
> (except for speed); otherwise:
>
> each database is tried in order of definition until a successful hit 
> was found.
>
> You can order the passdb's and userdb's differently, e.g. if 
> passwd-passdb is first and the user's password match, and the 
> ldap-userdb is first and you get a hit there, the user authentificates 
> against passwd, but its data is retrieved from LDAP.
> See comment in page: "look up users from SQL first (even if 
> authentication was done using PAM!)"
>
>> I understand that I need to use extra fields to obtain user quota 
>> from users db. But you said "the userdb section cannot merge two 
>> databases together". So
>
> You cannot merge, but use one-after-another.
>
>> I can not use dovecot per user quota with "driver=passwd" in userdb 
>> section? I could use only global quota?
>
>
>> P.S.
>> 1) I use dovecot-lda as delivery agent.
>>
>> 2) I send again my dovecot configuration:
>>
>> # 2.2.29.1 (e0b76e3): /var/etc/dovecot/dovecot.conf
>> # Pigeonhole version 0.4.18 (29cc74d)
>> # OS: Linux 3.10.55-gentoo i686 SuSE Linux 7.1 (i386)
>> debug_log_path = /var/log/dovecot/dovecot_debug.log
>> disable_plaintext_auth = no
>> info_log_path = /var/log/state.mail/dovecot.pipe
>> log_path = /var/log/dovecot/dovecot.log
>> mail_debug = yes
>> mail_gid = users
>> mail_location = maildir:~/.maildir
>> mail_plugins = acl quota
>> mail_shared_explicit_inbox = yes
>> mail_uid = vmail
>> managesieve_notify_capability = mailto
>> managesieve_sieve_capability = fileinto reject envelope 
>> encoded-character vacation subaddress comparator-i;ascii-numeric 
>> relational regex imap4flags copy include variables body enotify 
>> environment mailbox date index ihave duplicate mime foreverypart 
>> extracttext
>> namespace {
>>  list = yes
>>  location = maildir:/data/home/vmail/public
>>  prefix = Public/
>>  separator = /
>>  subscriptions = no
>>  type = public
>> }
>> namespace {
>>  list = children
>>  location = maildir:/data/home/%%n/.maildir:INDEX=~/.maildir/shared/%%u
>>  prefix = Shared/%%u/
>>  separator = /
>>  subscriptions = no
>>  type = shared
>> }
>> namespace inbox {
>>  inbox = yes
>>  list = yes
>>  location =
>>  mailbox Cestino {
>>    special_use = \Trash
>>  }
>>  mailbox Drafts {
>>    special_use = \Drafts
>>  }
>>  mailbox Junk {
>>    special_use = \Junk
>>  }
>>  mailbox "Posta inviata" {
>>    special_use = \Sent
>>  }
>>  mailbox Sent {
>>    special_use = \Sent
>>  }
>>  mailbox "Sent Messages" {
>>    special_use = \Sent
>>  }
>>  mailbox Trash {
>>    special_use = \Trash
>>  }
>>  prefix =
>>  separator = /
>>  subscriptions = yes
>>  type = private
>> }
>> passdb {
>>  args = /etc/dovecot/passwd.masterusers
>>  driver = passwd-file
>>  master = yes
>> }
>> passdb {
>>  driver = pam
>> }
>> plugin {
>>  acl = vfile:/etc/dovecot/acl:cache_secs=300
>>  acl_shared_dict = file:/var/lib/dovecot-dict/shared-mailboxes
>>  quota = maildir:User quota
>>  quota_rule = *:storage=5M
>>  quota_rule2 = Trash:storage=+100M
>>  quota_rule3 = SPAM:ignore
>>  sieve = ~/.dovecot.sieve
>>  sieve_before = /var/etc/dovecot/sieve/general/
>>  sieve_dir = ~/sieve
>>  sieve_execute_bin_dir = /usr/local/bin/dovecot/sieve-execute
>>  sieve_filter_bin_dir = /usr/local/bin/dovecot/sieve-filter
>>  sieve_global_dir = /var/etc/dovecot/sieve/global/
>>  sieve_global_extensions = +vnd.dovecot.execute +vnd.dovecot.filter 
>> +vnd.dovecot.pipe +editheader
>>  sieve_pipe_bin_dir = /usr/local/bin/dovecot/sieve-pipe
>>  sieve_plugins = sieve_extprograms
>> }
>> protocols = imap pop3 lmtp sieve
>> service auth {
>>  unix_listener auth-userdb {
>>    group = users
>>  }
>> }
>> service imap-postlogin {
>>  executable = script-login /usr/local/bin/imap-postlogin.sh
>>  user = $default_internal_user
>> }
>> service imap {
>>  executable = imap imap-postlogin
>> }
>> ssl = no
>> ssl_cert = </conf/etc/cert/certs/services/imap_pop/majornet.crt
>> ssl_key =  # hidden, use -P to show it
>> userdb {
>>  driver = passwd
>> }
>> protocol lda {
>>  info_log_path = /var/log/dovecot/dovecot-lda.log
>>  log_path = /var/log/dovecot/dovecot-lda.log
>>  mail_plugins = acl quota sieve
>> }
>> protocol imap {
>>  mail_max_userip_connections = 20
>>  mail_plugins = acl quota imap_acl imap_quota
>> }
>>
>>
>>>> userdb {
>>>>  default_fields = quota_rule=*:bytes=%$
>>>>  driver = passwd
>>>> }
>>>
>>>> I have problems in return extra fields from passwd userdb. My users 
>>>> are partially in passwd files and partially in LDAP. Users who use 
>>>> mail are in LDAP db.
>>>
>>>> If I use "default_fields = quota_rule=*:bytes=100M" in userdb,
>>>
>>>> if I use "default_fields = quota_rule=*:bytes=%{userdb:quotabytes}" 
>>>> in userdb,
>>>
>>> 1) default_fields supplies default values, if the userdb does not 
>>> return them. Hence, you cannot reference a LDAP result.
>>>
>>> 2) the userdb section cannot merge two databases together. You said 
>>> "Users who use mail are in LDAP db", so you would one userdb with 
>>> driver ldap.
>>
>>
>
>
> - -- 
> Steffen Kaiser
>
> H Bonn-Rhein-Sieg         | e-mail: Steffen.Kaiser at H-BRS.DE
> FB Informatik             | room  : C179
> Grantham-Allee 20         | phone : +49 2241/865-203
> 53757 Sankt Augustin      |
> Germany - Deutschland     | fax   : +49 2241/865-8203
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQEVAwUBWXB4Q3Q8rp7BXVwTAQLBtgf/UeNwRnHz4y+5r71+Ni9oL1snzikq08rO
> zr9v+7kc6XZjPjATEcbrdnp6F+zPgiTtEye2k/1aQhjDdAxzAWKGOATeAfA7AJfw
> 5bbmtfzOm7flkpfiiM2zBBbcwAPemLcdzMl6NAm3pg32oCnF93IkKPou/y7xjmdw
> UAi4SxPaPQjUGqbkK6r3SFmDMPlUPAjQg2rqHBsc3gedJXy+milEKfwUiQhMtL7j
> aflHATo4gwwMDwyu6+zAYzJDTa+g9IQ8LzKEOPZWtNL6eQcI+h8TVrdcZftObZUK
> QETOnpN3IbFdIOfdrOlZ4Npe4BNby+dUGNViBP21ZNs9/nH0nvirOw==
> =yLbr
> -----END PGP SIGNATURE-----

-- 
AFA Systems Srl
Via G.Pastore
Zona Industriale B
86039 Termoli (CB) - Italia
tel.: +39 0875 724104
fax.: +39 0875 726084
www.afasystems.it



More information about the dovecot mailing list