Duplicate users with multiple userdb iteration

Slavko linux at slavino.sk
Mon Jul 5 11:39:40 EEST 2021


Hi,

recently i decided to use quota_over_flag with passwd_file userdb. The
main idea is to prevent dovecot (or vmail) user to have write access to
file with passwords.

To do it, i setup separate userdb as this (SQL userdb is SQLite based,
thus the same problem with write):

passdb {
  args = /etc/dovecot/dovecot-sql.conf.ext
  driver = sql
}
userdb {
  args = username_format=%u /etc/dovecot/over_quota
  default_fields = quota_over_flag=1
  driver = passwd-file
  result_internalfail = continue-fail
  result_success = continue-fail
}
userdb {
  args = /etc/dovecot/dovecot-sql.conf.ext
  driver = sql
}

For testing i add one user into over_quota file:

slavko at slavino.eu:::::::

With this setting the doveadm user with user in over_quota seems to
work:

doveadm user slavko at slavino.eu
field	value
uid	20000
gid	20000
home	/srv/vmail/slavino.eu/slavko
mail	maildir:~/Maildir
quota_over_flag	1
quota_rule	*:storage=0M
quota2_rule	*:storage=0M

But the user iteration shows duplicate users:

doveadm user '*'
slavko at slavino.eu
slavko at slavino.eu
...

As we discussed on IRC, it is how iteration works, as it emit users as
soon as it meet it, but this doesn't correspond with "multiple userdb
are merged" in docs (for iteration).

I am surprised by this mainly because the particular userdb has set
result_success to "continue-fail" and thus have to set user not found as
with any user, which is not in this db. But it seems, that iteration
ignores this result.

I wrote this as we discussed via IRC, i am not subscribed, thus please
CC me.

regards

-- 
Slavko
http://slavino.sk
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 488 bytes
Desc: Digitálny podpis OpenPGP
URL: <https://dovecot.org/pipermail/dovecot/attachments/20210705/3e96bc28/attachment-0001.sig>


More information about the dovecot mailing list