Rasim Kalimullin
2014-Aug-25 10:46 UTC
Problem overriding default quota limit for LDAP users
Hi! I install dovecot from debian-backports: dovecot --version 2.2.9 Dovecot is configured to multiple authorization: /etc/dovecot# cat conf.d/10-auth.conf |grep include #!include auth-deny.conf.ext !include auth-master.conf.ext #include auth-system.conf.ext !include auth-sql.conf.ext !include auth-ldap.conf.ext #!include auth-passwdfile.conf.ext #!include auth-checkpassword.conf.ext #!include auth-vpopmail.conf.ext #!include auth-static.conf.ext /etc/dovecot# grep -v '^ *\(#.*\)\?$' dovecot-sql.conf.ext driver = mysql connect = host=127.0.0.1 dbname=postfixadmin user=postfixadmin password=***** default_pass_scheme = MD5-CRYPT password_query = \ SELECT username, domain, password \ FROM mailbox WHERE username = '%u' AND domain = '%d' user_query = \ SELECT CONCAT('/var/mail/', maildir) AS home, 5000 AS uid, 5000 AS gid, CONCAT('*:bytes=', quota) AS quota_rule \ FROM mailbox WHERE username = '%u' AND domain = '%d' iterate_query = SELECT username AS user FROM mailbox /etc/dovecot# grep -v '^ *\(#.*\)\?$' dovecot-ldap.conf.ext hosts = ***.***.local ***.***.local dn = dovecot@***.local dnpass = ****** auth_bind = yes ldap_version = 3 base = ou=XXX,dc=***,dc=local deref = never scope = subtree user_attrs = \ =uid=5000, \ =gid=5000, \ =mail=maildir:/var/mail/%d/%{ldap:mail}, \ =home=/var/mail/%d/%u/, \ =quota_rule=*:bytes=%{ldap:quotaMail} user_filter (&(mail=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2))) pass_attrs = mail=user,userPassword=password pass_filter (&(mail=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2))) iterate_attrs = mail=user iterate_filter (&(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2))) default_pass_scheme = CRYPT quotamail attribute was added to Active Directory. Enable quota: /etc/dovecot# grep -v '^ *\(#.*\)\?$' conf.d/90-quota.conf plugin { quota_rule = *:storage=2G quota_rule2 = Trash:storage=+100M quota_grace = 10%% } ... plugin { quota = maildir:User quota } Per-user quota from SQL works fine: doveadm quota get -u i.ivanov@***.ru Quota name Type Value Limit % User quota STORAGE 8 1000000 0 User quota MESSAGE 14 - 0 Per-user quota from LDAP works too: doveadm quota get -u testmail@***.ru Quota name Type Value Limit % User quota STORAGE 962 2000 48 User quota MESSAGE 6 - 0 But if you do not set the attribute quotaMail: doveadm quota get -u e.etc@***.ru Quota name Type Value Limit % User quota STORAGE 0 - 0 User quota MESSAGE 0 - 0 And quota is unlimited. For comparison: doveadm user e.etc@***.ru field value uid 5000 gid 5000 home /var/mail/***.ru/e.etc@***.ru/ mail maildir:/var/mail/***.ru/e.etc@***.ru quota_rule *:bytes doveadm user testmail@***.ru field value uid 5000 gid 5000 home /var/mail/***.ru/testmail@***.ru/ mail maildir:/var/mail/****.ru/testmail@***.ru quota_rule *:bytes=2048576 Logs: Aug 25 16:15:40 mail dovecot: auth: Debug: master in: USER#0111#011e.etc@ ***.ru#011service=doveadm Aug 25 16:15:40 mail dovecot: auth-worker(15295): Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth Aug 25 16:15:40 mail dovecot: auth-worker(15295): Debug: Module loaded: /usr/lib/dovecot/modules/auth/libdriver_mysql.so Aug 25 16:15:40 mail dovecot: auth-worker(15295): Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth Aug 25 16:15:40 mail dovecot: auth-worker(15295): Debug: Module loaded: /usr/lib/dovecot/modules/auth/libauthdb_ldap.so Aug 25 16:15:40 mail dovecot: auth-worker(15295): Debug: sql(e.etc@***.ru): SELECT CONCAT('/var/mail/', maildir) AS home, 5000 AS uid, 5000 AS gid, CONCAT('*:bytes=', quota) AS quota_rule FROM mailbox WHERE username 'e.etc@***.ru' AND domain = '***.ru' Aug 25 16:15:40 mail dovecot: auth-worker(15295): sql(e.etc@***.ru): unknown user Aug 25 16:15:40 mail dovecot: auth: Debug: ldap(e.etc@***.ru): user search: base=ou=XXX,dc=***,dc=local scope=subtree filter=(&(mail=e.etc@***.ru)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2))) fields=mail,quotaMail Aug 25 16:15:40 mail dovecot: auth: Debug: ldap(e.etc@***.ru): result: mail=e.etc@***.ru; mail unused Aug 25 16:15:40 mail dovecot: auth: Debug: ldap(e.etc@***.ru): result: mail=e.etc@***.ru; quotaMail missing Aug 25 16:15:40 mail dovecot: auth: Debug: userdb out: USER#0111#011e.etc@ ***.ru#011uid=5000#011gid=5000#011mail=maildir:/var/mail/***.ru/e.etc@ ***.ru#011home=/var/mail/***.ru/e.etc@***.ru/#011quota_rule=*:bytesAug 25 16:15:42 mail dovecot: auth: Debug: master in: USER#0111#011testmail@ ***.ru#011service=doveadm Aug 25 16:15:42 mail dovecot: auth-worker(15295): Debug: sql(testmail@***.ru): SELECT CONCAT('/var/mail/', maildir) AS home, 5000 AS uid, 5000 AS gid, CONCAT('*:bytes=', quota) AS quota_rule FROM mailbox WHERE username 'testmail@***.ru' AND domain = '***.ru' Aug 25 16:15:42 mail dovecot: auth-worker(15295): sql(testmail@***.ru): unknown user Aug 25 16:15:42 mail dovecot: auth: Debug: ldap(testmail@***.ru): user search: base=ou=XXX,dc=***,dc=local scope=subtree filter=(&(mail=testmail@***.ru)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2))) fields=mail,quotaMail Aug 25 16:15:42 mail dovecot: auth: Debug: ldap(testmail@***.ru): result: mail=testmail@***.ru quotaMail=2048576; mail,quotaMail unused Aug 25 16:15:42 mail dovecot: auth: Debug: ldap(testmail@***.ru): result: mail=testmail@***.ru quotaMail=2048576 Aug 25 16:15:42 mail dovecot: auth: Debug: userdb out: USER#0111#011testmail@ ***.ru#011uid=5000#011gid=5000#011mail=maildir:/var/mail/***.ru/testmail@ ***.ru#011home=/var/mail/***.ru/testmail@ ***.ru/#011quota_rule=*:bytes=2048576 Information from: http://dovecot.org/list/dovecot/2012-July/084859.html v2.1.7 2012-05-29 Timo Sirainen * LDAP: Compatibility fix for v2.0: ldap: If attributes contain ldapAttr=key=template%$ and ldapAttr *doesn't exist, skip the key* instead of using "template" value with empty %$ part for the key. OK, if quotaMail not set, shall apply root quota. Check LDAP: ldapsearch -x -h ***.***.local -D 'dovecot' -W -b 'OU=XXX,dc=***,dc=local' -s sub '(&(objectCategory=user)(objectClass=user)(mail=testmail@***.ru*))'|grep quotaMail Enter LDAP Password: quotaMail: 2048576 ldapsearch -x -h ***.***.local -D 'dovecot' -W -b 'OU=XXX,dc=***,dc=local' -s sub '(&(objectCategory=user)(objectClass=user)(mail=e.etc@***.ru*))'|grep quotaMail Enter LDAP Password: root at mail:/etc/dovecot# LDAP attribute *doesn't exist. * But Dovecot thinks that the quota is 0 and disables the quota. I can to set all the users quotaMail attribute, but a lot of them. Can I use root quota when the per-user quota is not set? ?nd change a per-user quota specific users only, if necessary? I apologize for my English. Thank you! -- Rasim Kalimullin
Maybe Matching Threads
- Dovecot Master User: Access user's mailbox without owner's password
- dovecot 1.2 and quota_rules from AD
- Dovecot Master User: Access user's mailbox without owner's password
- Dovecot Master User: Access user's mailbox without owner's password
- Dovecot+Samba AD - authentication failure - SOLVED