dovecot - Jul 2017 - how to make user iteration work (with active directory ldap)

We received no replies to this email that we sent a few days ago. We're 
not sure why. If we miss something that is obvious to everybody, kindly 
point it out.
We ?ould like to get iteration working, to be able to mass-delete 
specific emails from all mailboxes, in case of for example received 
virusses...

Here is my question again:

Hi,

User iteration doesn't work, we're getting:
> auth: Error: Trying to iterate users, but userdbs don't support it
The way I understand it, I need to set iterate_attrs and iterate_filter 
for iteration to work. I have set it (see configs below) and yet dovecot 
says "userdbs don't support it". What else do I need to do to
enable it?

Our config is against samba Active Directory ldap and generally works 
fine. Can anyone here take a quick look at the configs below, and tell 
me how to make
  doveadm user -u "*"
work?

Below are our configs. Any tips would be appreciated...!

MJ
> root at dovetest:/etc/dovecot# doveconf -n
> # 2.2.26.0 (23d1de6): /etc/dovecot/dovecot.conf
> # Pigeonhole version 0.4.16 (fed8554)
> # OS: Linux 3.16.0-4-amd64 x86_64 Debian 8.7 xfs
> auth_debug = yes
> auth_debug_passwords = yes
> auth_failure_delay = 400 secs
> auth_master_user_separator = *
> auth_mechanisms = plain login
> auth_username_format = %Ln
> auth_verbose = yes
> auth_verbose_passwords = plain
> debug_log_path = /var/log/dovecot/dovecot.debug
> deliver_log_format = %f | %s | msgid=%m: %$
> disable_plaintext_auth = no
> info_log_path = /var/log/dovecot/dovecot.info
> lda_mailbox_autocreate = yes
> lda_mailbox_autosubscribe = yes
> log_path = /var/log/dovecot/dovecot.err
> login_greeting = Dovecot ready.
> mail_gid = vmail
> mail_location = maildir:/var/vmail/%Ln/Maildir:LAYOUT=fs:DIRNAME=mAildir
> mail_plugins = acl lazy_expunge zlib quota mail_log notify
> mail_uid = vmail
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date ihave
> namespace {
>   list = children
>   location =
maildir:/var/vmail/%%u/Maildir:LAYOUT=fs:DIRNAME=mAildir:INDEX=/var/vmail/%u/shared/%%u
>   prefix = shared/%%n/
>   separator = /
>   subscriptions = no
>   type = shared
> }
> namespace inbox {
>   inbox = yes
>   location = 
>   mailbox "Deleted items" {
>     special_use = \Trash
>   }
>   mailbox Drafts {
>     special_use = \Drafts
>   }
>   mailbox Junk {
>     special_use = \Junk
>   }
>   mailbox Sent {
>     special_use = \Sent
>   }
>   mailbox "Sent items" {
>     special_use = \Sent
>   }
>   mailbox Trash {
>     special_use = \Trash
>   }
>   mailbox inbox {
>     auto = subscribe
>   }
>   prefix = 
>   separator = /
>   type = private
> }
> passdb {
>   args = /etc/dovecot/master-users
>   driver = passwd-file
>   master = yes
> }
> passdb {
>   args = failure_show_msg=yes dovecot
>   driver = pam
> }
> passdb {
>   args = /etc/dovecot/dovecot-ldap.conf.ext
>   driver = ldap
>   skip = authenticated
> }
> plugin {
>   acl = vfile
>   acl_shared_dict = file:/var/lib/dovecot/db/shared-mailboxes.db
>   mail_log_events = delete undelete expunge copy mailbox_delete
mailbox_rename append
>   mail_log_fields = uid box msgid from subject
>   quota = maildir
>   quota_rule = ?:storage=5G
>   quota_rule2 = Trash:storage=+100M
>   quota_warning = storage=97%% quota-warning 97 %u
>   quota_warning2 = storage=95%% quota-warning 95 %u
>   quota_warning3 = storage=90%% quota-warning 90 %u
>   quota_warning4 = storage=85%% quota-warning 85 %u
>   quota_warning5 = storage=80%% quota-warning 80 %u
>   quota_warning6 = -storage=100%% quota-warning below %u
>   sieve = ~/.dovecot.sieve
>   sieve_default = /var/lib/dovecot/default.sieve
>   sieve_dir = ~/sieve
> }
> protocols = imap lmtp sieve
> service auth {
>   unix_listener /var/spool/postfix/private/auth {
>     mode = 0666
>   }
>   unix_listener auth-userdb {
>     group = vmail
>     mode = 0666
>     user = vmail
>   }
> }
> service imap-login {
>   process_limit = 500
>   process_min_avail = 2
> }
> service quota-warning {
>   executable = script /usr/local/bin/quota-warning.sh
>   unix_listener quota-warning {
>     user = vmail
>   }
>   user = dovecot
> }
> ssl_ca = </etc/ssl/comodo/chain.crt
> ssl_cert = </etc/ssl/comodo/server.crt
> ssl_key =  # hidden, use -P to show it
> ssl_protocols = !SSLv2 !SSLv3
> userdb {
>   args = uid=vmail gid=vmail home=/var/vmail/%n allow_all_users=yes
>   driver = static
> }
> verbose_proctitle = yes
> protocol lda {
>   mail_plugins = acl lazy_expunge zlib quota mail_log notify sieve quota
> }
> protocol imap {
>   imap_max_line_length = 2 M
>   mail_max_userip_connections = 30
>   mail_plugins = acl lazy_expunge zlib quota mail_log notify imap_quota
imap_acl
> }
and dovecot-ldap.conf.ext:
> hosts = 127.0.0.1:391
> dn = cn=search,cn=users,dc=company,dc=com
> dnpass = secret
> tls = no
> debug_level = 0
> auth_bind = yes
> base = CN=Users, DC=samba, DC=cmpany, DC=com
> scope = subtree
> user_attrs =
=home=/var/vmail/%n/Maildir:LAYOUT=fs:DIRNAME=mAildir:INDEX=/var/vmail/%n/shared/%n,=mail=maildir:/var/vmail/%n/Maildir:LAYOUT=fs:DIRNAME=mAildir:INDEX=/var/vmail/%n/shared/%n
> user_filter =
(&(objectclass=person)(sAMAccountName=%n)(!(userAccountControl=514)))
> pass_filter =
(&(objectclass=person)(sAMAccountName=%n)(!(userAccountControl=514)))
> iterate_attrs = sAMAccountName=user
> iterate_filter = (objectClass=person)

On 07.07.2017 10:33, mj wrote:
> We received no replies to this email that we sent a few days ago.
> We're not sure why. If we miss something that is obvious to everybody,
> kindly point it out.
> We ?ould like to get iteration working, to be able to mass-delete
> specific emails from all mailboxes, in case of for example received
> virusses...
>
> Here is my question again:
>
> Hi,
>
> User iteration doesn't work, we're getting:
>> auth: Error: Trying to iterate users, but userdbs don't support it
>
> The way I understand it, I need to set iterate_attrs and
> iterate_filter for iteration to work. I have set it (see configs
> below) and yet dovecot says "userdbs don't support it". What
else do I
> need to do to enable it?
>
> Our config is against samba Active Directory ldap and generally works
> fine. Can anyone here take a quick look at the configs below, and tell
> me how to make
>  doveadm user -u "*"
> work?
>
> Below are our configs. Any tips would be appreciated...!
>
> MJ
>
>> userdb {
>>   args = uid=vmail gid=vmail home=/var/vmail/%n allow_all_users=yes
>>   driver = static
>> }
This needs to use driver = ldap, static userdb's are not iteratable.

Aki

Hi Aki,

Wow that was a quick reply! :-)
>>> userdb {
>>>    args = uid=vmail gid=vmail home=/var/vmail/%n
allow_all_users=yes
>>>    driver = static
>>> }
> 
> This needs to use driver = ldap, static userdb's are not iteratable.
Did that, and after changing args to point to a filename, everything 
popped into place :-)

Thanks for your assistance!

MJ