Return extra fields from passwd userdb
Michele Petrella
petrella at AFASystems.it
Fri Jul 21 19:38:08 EEST 2017
Hi,
each user exists in one db.
I changed configuration:
# 2.2.29.1 (e0b76e3): /var/etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.18 (29cc74d)
# OS: Linux 3.10.55-gentoo i686 SuSE Linux 7.1 (i386)
auth_debug = yes
debug_log_path = /var/log/dovecot/dovecot_debug.log
disable_plaintext_auth = no
info_log_path = /var/log/state.mail/dovecot.pipe
log_path = /var/log/dovecot/dovecot.log
mail_debug = yes
mail_gid = users
mail_location = maildir:~/.maildir
mail_plugins = acl quota
mail_shared_explicit_inbox = yes
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave duplicate
namespace {
list = yes
location = maildir:/data/home/vmail/public
prefix = Public/
separator = /
subscriptions = no
type = public
}
namespace {
list = children
location = maildir:/data/home/%%n/.maildir:INDEX=~/.maildir/shared/%%u
prefix = Shared/%%u/
separator = /
subscriptions = no
type = shared
}
namespace inbox {
inbox = yes
list = yes
location =
mailbox Cestino {
special_use = \Trash
}
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox "Posta inviata" {
special_use = \Sent
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
separator = /
subscriptions = yes
type = private
}
passdb {
args = /etc/dovecot/passwd.masterusers
driver = passwd-file
master = yes
}
passdb {
args = /var/etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
passdb {
driver = passwd
skip = authenticated
}
plugin {
acl = vfile:/etc/dovecot/acl:cache_secs=300
acl_shared_dict = file:/var/lib/dovecot-dict/shared-mailboxes
quota = maildir:User quota
quota_rule = *:storage=5M
quota_rule2 = Trash:storage=+100M
quota_rule3 = SPAM:ignore
sieve = ~/.dovecot.sieve
sieve_before = /var/etc/dovecot/sieve/general/
sieve_dir = ~/sieve
sieve_execute_bin_dir = /usr/local/bin/dovecot/sieve-execute
sieve_filter_bin_dir = /usr/local/bin/dovecot/sieve-filter
sieve_global_dir = /var/etc/dovecot/sieve/global/
sieve_global_extensions = +vnd.dovecot.execute +vnd.dovecot.filter
+vnd.dovecot.pipe +editheader
sieve_pipe_bin_dir = /usr/local/bin/dovecot/sieve-pipe
sieve_plugins = sieve_extprograms
}
protocols = imap pop3 lmtp sieve
service auth {
unix_listener auth-userdb {
group = users
}
}
service imap-postlogin {
executable = script-login /usr/local/bin/imap-postlogin.sh
user = $default_internal_user
}
service imap {
executable = imap imap-postlogin
}
ssl_cert = </conf/etc/cert/certs/services/imap_pop/majornet.crt
ssl_key = </conf/etc/cert/private/services/imap_pop/majornet.key
userdb {
args = /var/etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
userdb {
driver = passwd
}
protocol lda {
info_log_path = /var/log/dovecot/dovecot-lda.log
log_path = /var/log/dovecot/dovecot-lda.log
mail_plugins = acl quota sieve
}
protocol imap {
mail_max_userip_connections = 20
mail_plugins = acl quota imap_acl imap_quota
}
File /var/etc/dovecot/dovecot-ldap.conf.ext is:
hosts = localhost
base = ou=mnusers,dc=majornet,dc=local
user_attrs = quota_rule=*:bytes=%{ldap:quotaBytes}
But when I run:
doveadm -D quota get -u afasystems
No extra field is returned:
doveadm(root): Debug: Loading modules from directory: /usr/lib/dovecot
doveadm(root): Debug: Module loaded: /usr/lib/dovecot/lib01_acl_plugin.so
doveadm(root): Debug: Module loaded: /usr/lib/dovecot/lib10_quota_plugin.so
doveadm(root): Debug: Loading modules from directory:
/usr/lib/dovecot/doveadm
doveadm(root): Debug: Module loaded:
/usr/lib/dovecot/doveadm/lib10_doveadm_acl_plugin.so
doveadm(root): Debug: Skipping module doveadm_expire_plugin, because
dlopen() failed:
/usr/lib/dovecot/doveadm/lib10_doveadm_expire_plugin.so: undefined
symbol: expire_set_deinit (this is usually intentional, so just ignore
this message)
doveadm(root): Debug: Module loaded:
/usr/lib/dovecot/doveadm/lib10_doveadm_quota_plugin.so
doveadm(root): Debug: Module loaded:
/usr/lib/dovecot/doveadm/lib10_doveadm_sieve_plugin.so
doveadm(root): Debug: Skipping module doveadm_fts_lucene_plugin, because
dlopen() failed:
/usr/lib/dovecot/doveadm/lib20_doveadm_fts_lucene_plugin.so: undefined
symbol: lucene_index_iter_deinit (this is usually intentional, so just
ignore this message)
doveadm(root): Debug: Skipping module doveadm_fts_plugin, because
dlopen() failed: /usr/lib/dovecot/doveadm/lib20_doveadm_fts_plugin.so:
undefined symbol: fts_backend_rescan (this is usually intentional, so
just ignore this message)
doveadm(afasystems): Debug: auth input: afasystems
system_groups_user=afasystems uid=1040 gid=100 home=/data/home/afasystems
doveadm(afasystems): Debug: Effective uid=1040, gid=100,
home=/data/home/afasystems
doveadm(afasystems): Debug: Quota root: name=User quota backend=maildir
args=
doveadm(afasystems): Debug: Quota rule: root=User quota mailbox=*
bytes=5242880 messages=0
doveadm(afasystems): Debug: Quota rule: root=User quota mailbox=Trash
bytes=+104857600 messages=0
doveadm(afasystems): Debug: Quota rule: root=User quota mailbox=SPAM ignored
doveadm(afasystems): Debug: Quota grace: root=User quota bytes=524288 (10%)
doveadm(afasystems): Debug: Namespace inbox: type=private, prefix=,
sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes
location=maildir:~/.maildir
doveadm(afasystems): Debug: maildir++:
root=/data/home/afasystems/.maildir, index=, indexpvt=, control=,
inbox=/data/home/afasystems/.maildir, alt=
doveadm(afasystems): Debug: acl: initializing backend with data:
vfile:/etc/dovecot/acl:cache_secs=300
doveadm(afasystems): Debug: acl: acl username = afasystems
doveadm(afasystems): Debug: acl: owner = 1
doveadm(afasystems): Debug: acl vfile: Global ACL legacy directory:
/etc/dovecot/acl
doveadm(afasystems): Debug: Namespace : type=public, prefix=Public/,
sep=/, inbox=no, hidden=no, list=yes, subscriptions=no
location=maildir:/data/home/vmail/public
doveadm(afasystems): Debug: maildir++: root=/data/home/vmail/public,
index=, indexpvt=, control=, inbox=, alt=
doveadm(afasystems): Debug: acl: initializing backend with data:
vfile:/etc/dovecot/acl:cache_secs=300
doveadm(afasystems): Debug: acl: acl username = afasystems
doveadm(afasystems): Debug: acl: owner = 0
doveadm(afasystems): Debug: acl vfile: Global ACL legacy directory:
/etc/dovecot/acl
doveadm(afasystems): Debug: Namespace : type=shared, prefix=Shared/%u/,
sep=/, inbox=no, hidden=no, list=children, subscriptions=no
location=maildir:/data/home/%n/.maildir:INDEX=~/.maildir/shared/%u
doveadm(afasystems): Debug: shared: root=/var/run/dovecot, index=,
indexpvt=, control=, inbox=, alt=
doveadm(afasystems): Debug: acl: initializing backend with data:
vfile:/etc/dovecot/acl:cache_secs=300
doveadm(afasystems): Debug: acl: acl username = afasystems
doveadm(afasystems): Debug: acl: owner = 0
doveadm(afasystems): Debug: acl vfile: Global ACL legacy directory:
/etc/dovecot/acl
Quota name Type Value Limit %
User quota STORAGE 9517 5120 185
User quota MESSAGE 263 - 0
Where I am wrong?
Thank you very much
Il 20/07/2017 11:30, Steffen Kaiser ha scritto:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Thu, 20 Jul 2017, Michele Petrella wrote:
>
>> To be more accurate, all users in ldap db need to use mail, but some
>> users in /etc/passwd file use mail too.
>
> Does users exist in both passwd and ldap?
>
>> For this reason I set up "driver=passwd" in userdb section and in
>> /etc/nsswitch.conf I set up "passwd: files ldap".
>
> If you did this for Dovecot, revert it.
>
>> Now I want to use dovecot per user quota to limit ldap users mailbox
>> size. I need quota only for ldap users, no need for users in
>> /etc/passwd file.
>>
>> Which is the correct configuration to do this?
>
> use two databases for both passdb and userdb. One using pam / passwd,
> the other one the standard LDAP config.
>
> see: https://wiki2.dovecot.org/Authentication/MultipleDatabases
>
> Use LDAP instead of SQL userdb and passdb.
>
> I guess, you will find posts in the sense "virtual and system users".
>
> If there is no user in both databases, the order does not matter
> (except for speed); otherwise:
>
> each database is tried in order of definition until a successful hit
> was found.
>
> You can order the passdb's and userdb's differently, e.g. if
> passwd-passdb is first and the user's password match, and the
> ldap-userdb is first and you get a hit there, the user authentificates
> against passwd, but its data is retrieved from LDAP.
> See comment in page: "look up users from SQL first (even if
> authentication was done using PAM!)"
>
>> I understand that I need to use extra fields to obtain user quota
>> from users db. But you said "the userdb section cannot merge two
>> databases together". So
>
> You cannot merge, but use one-after-another.
>
>> I can not use dovecot per user quota with "driver=passwd" in userdb
>> section? I could use only global quota?
>
>
>> P.S.
>> 1) I use dovecot-lda as delivery agent.
>>
>> 2) I send again my dovecot configuration:
>>
>> # 2.2.29.1 (e0b76e3): /var/etc/dovecot/dovecot.conf
>> # Pigeonhole version 0.4.18 (29cc74d)
>> # OS: Linux 3.10.55-gentoo i686 SuSE Linux 7.1 (i386)
>> debug_log_path = /var/log/dovecot/dovecot_debug.log
>> disable_plaintext_auth = no
>> info_log_path = /var/log/state.mail/dovecot.pipe
>> log_path = /var/log/dovecot/dovecot.log
>> mail_debug = yes
>> mail_gid = users
>> mail_location = maildir:~/.maildir
>> mail_plugins = acl quota
>> mail_shared_explicit_inbox = yes
>> mail_uid = vmail
>> managesieve_notify_capability = mailto
>> managesieve_sieve_capability = fileinto reject envelope
>> encoded-character vacation subaddress comparator-i;ascii-numeric
>> relational regex imap4flags copy include variables body enotify
>> environment mailbox date index ihave duplicate mime foreverypart
>> extracttext
>> namespace {
>> list = yes
>> location = maildir:/data/home/vmail/public
>> prefix = Public/
>> separator = /
>> subscriptions = no
>> type = public
>> }
>> namespace {
>> list = children
>> location = maildir:/data/home/%%n/.maildir:INDEX=~/.maildir/shared/%%u
>> prefix = Shared/%%u/
>> separator = /
>> subscriptions = no
>> type = shared
>> }
>> namespace inbox {
>> inbox = yes
>> list = yes
>> location =
>> mailbox Cestino {
>> special_use = \Trash
>> }
>> mailbox Drafts {
>> special_use = \Drafts
>> }
>> mailbox Junk {
>> special_use = \Junk
>> }
>> mailbox "Posta inviata" {
>> special_use = \Sent
>> }
>> mailbox Sent {
>> special_use = \Sent
>> }
>> mailbox "Sent Messages" {
>> special_use = \Sent
>> }
>> mailbox Trash {
>> special_use = \Trash
>> }
>> prefix =
>> separator = /
>> subscriptions = yes
>> type = private
>> }
>> passdb {
>> args = /etc/dovecot/passwd.masterusers
>> driver = passwd-file
>> master = yes
>> }
>> passdb {
>> driver = pam
>> }
>> plugin {
>> acl = vfile:/etc/dovecot/acl:cache_secs=300
>> acl_shared_dict = file:/var/lib/dovecot-dict/shared-mailboxes
>> quota = maildir:User quota
>> quota_rule = *:storage=5M
>> quota_rule2 = Trash:storage=+100M
>> quota_rule3 = SPAM:ignore
>> sieve = ~/.dovecot.sieve
>> sieve_before = /var/etc/dovecot/sieve/general/
>> sieve_dir = ~/sieve
>> sieve_execute_bin_dir = /usr/local/bin/dovecot/sieve-execute
>> sieve_filter_bin_dir = /usr/local/bin/dovecot/sieve-filter
>> sieve_global_dir = /var/etc/dovecot/sieve/global/
>> sieve_global_extensions = +vnd.dovecot.execute +vnd.dovecot.filter
>> +vnd.dovecot.pipe +editheader
>> sieve_pipe_bin_dir = /usr/local/bin/dovecot/sieve-pipe
>> sieve_plugins = sieve_extprograms
>> }
>> protocols = imap pop3 lmtp sieve
>> service auth {
>> unix_listener auth-userdb {
>> group = users
>> }
>> }
>> service imap-postlogin {
>> executable = script-login /usr/local/bin/imap-postlogin.sh
>> user = $default_internal_user
>> }
>> service imap {
>> executable = imap imap-postlogin
>> }
>> ssl = no
>> ssl_cert = </conf/etc/cert/certs/services/imap_pop/majornet.crt
>> ssl_key = # hidden, use -P to show it
>> userdb {
>> driver = passwd
>> }
>> protocol lda {
>> info_log_path = /var/log/dovecot/dovecot-lda.log
>> log_path = /var/log/dovecot/dovecot-lda.log
>> mail_plugins = acl quota sieve
>> }
>> protocol imap {
>> mail_max_userip_connections = 20
>> mail_plugins = acl quota imap_acl imap_quota
>> }
>>
>>
>>>> userdb {
>>>> default_fields = quota_rule=*:bytes=%$
>>>> driver = passwd
>>>> }
>>>
>>>> I have problems in return extra fields from passwd userdb. My users
>>>> are partially in passwd files and partially in LDAP. Users who use
>>>> mail are in LDAP db.
>>>
>>>> If I use "default_fields = quota_rule=*:bytes=100M" in userdb,
>>>
>>>> if I use "default_fields = quota_rule=*:bytes=%{userdb:quotabytes}"
>>>> in userdb,
>>>
>>> 1) default_fields supplies default values, if the userdb does not
>>> return them. Hence, you cannot reference a LDAP result.
>>>
>>> 2) the userdb section cannot merge two databases together. You said
>>> "Users who use mail are in LDAP db", so you would one userdb with
>>> driver ldap.
>>
>>
>
>
> - --
> Steffen Kaiser
>
> H Bonn-Rhein-Sieg | e-mail: Steffen.Kaiser at H-BRS.DE
> FB Informatik | room : C179
> Grantham-Allee 20 | phone : +49 2241/865-203
> 53757 Sankt Augustin |
> Germany - Deutschland | fax : +49 2241/865-8203
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQEVAwUBWXB4Q3Q8rp7BXVwTAQLBtgf/UeNwRnHz4y+5r71+Ni9oL1snzikq08rO
> zr9v+7kc6XZjPjATEcbrdnp6F+zPgiTtEye2k/1aQhjDdAxzAWKGOATeAfA7AJfw
> 5bbmtfzOm7flkpfiiM2zBBbcwAPemLcdzMl6NAm3pg32oCnF93IkKPou/y7xjmdw
> UAi4SxPaPQjUGqbkK6r3SFmDMPlUPAjQg2rqHBsc3gedJXy+milEKfwUiQhMtL7j
> aflHATo4gwwMDwyu6+zAYzJDTa+g9IQ8LzKEOPZWtNL6eQcI+h8TVrdcZftObZUK
> QETOnpN3IbFdIOfdrOlZ4Npe4BNby+dUGNViBP21ZNs9/nH0nvirOw==
> =yLbr
> -----END PGP SIGNATURE-----
--
AFA Systems Srl
Via G.Pastore
Zona Industriale B
86039 Termoli (CB) - Italia
tel.: +39 0875 724104
fax.: +39 0875 726084
www.afasystems.it
More information about the dovecot
mailing list