-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu, 20 Jul 2017, Michele Petrella wrote:
To be more accurate, all users in ldap db need to use mail, but some users in
/etc/passwd file use mail too.
Does users exist in both passwd and ldap?
For this reason I set up "driver=passwd" in userdb section and in
/etc/nsswitch.conf I set up "passwd: files ldap".
If you did this for Dovecot, revert it.
Now I want to use dovecot per user quota to limit ldap users mailbox size. I
need quota only for ldap users, no need for users in /etc/passwd file.
Which is the correct configuration to do this?
use two databases for both passdb and userdb. One using pam / passwd, the
other one the standard LDAP config.
see:
https://wiki2.dovecot.org/Authentication/MultipleDatabases
Use LDAP instead of SQL userdb and passdb.
I guess, you will find posts in the sense "virtual and system users".
If there is no user in both databases, the order does not matter (except
for speed); otherwise:
each database is tried in order of definition until a successful hit was
found.
You can order the passdb's and userdb's differently, e.g. if passwd-passdb
is first and the user's password match, and the ldap-userdb is first and
you get a hit there, the user authentificates against passwd, but its data
is retrieved from LDAP.
See comment in page: "look up users from SQL first (even if authentication
was done using PAM!)"
I understand that I need to use extra fields to obtain user quota from users
db. But you said "the userdb section cannot merge two databases together". So
You cannot merge, but use one-after-another.
I can not use dovecot per user quota with "driver=passwd" in userdb section?
I could use only global quota?
P.S.
1) I use dovecot-lda as delivery agent.
2) I send again my dovecot configuration:
# 2.2.29.1 (e0b76e3): /var/etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.18 (29cc74d)
# OS: Linux 3.10.55-gentoo i686 SuSE Linux 7.1 (i386)
debug_log_path = /var/log/dovecot/dovecot_debug.log
disable_plaintext_auth = no
info_log_path = /var/log/state.mail/dovecot.pipe
log_path = /var/log/dovecot/dovecot.log
mail_debug = yes
mail_gid = users
mail_location = maildir:~/.maildir
mail_plugins = acl quota
mail_shared_explicit_inbox = yes
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags
copy include variables body enotify environment mailbox date index ihave
duplicate mime foreverypart extracttext
namespace {
list = yes
location = maildir:/data/home/vmail/public
prefix = Public/
separator = /
subscriptions = no
type = public
}
namespace {
list = children
location = maildir:/data/home/%%n/.maildir:INDEX=~/.maildir/shared/%%u
prefix = Shared/%%u/
separator = /
subscriptions = no
type = shared
}
namespace inbox {
inbox = yes
list = yes
location =
mailbox Cestino {
special_use = \Trash
}
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox "Posta inviata" {
special_use = \Sent
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
separator = /
subscriptions = yes
type = private
}
passdb {
args = /etc/dovecot/passwd.masterusers
driver = passwd-file
master = yes
}
passdb {
driver = pam
}
plugin {
acl = vfile:/etc/dovecot/acl:cache_secs=300
acl_shared_dict = file:/var/lib/dovecot-dict/shared-mailboxes
quota = maildir:User quota
quota_rule = *:storage=5M
quota_rule2 = Trash:storage=+100M
quota_rule3 = SPAM:ignore
sieve = ~/.dovecot.sieve
sieve_before = /var/etc/dovecot/sieve/general/
sieve_dir = ~/sieve
sieve_execute_bin_dir = /usr/local/bin/dovecot/sieve-execute
sieve_filter_bin_dir = /usr/local/bin/dovecot/sieve-filter
sieve_global_dir = /var/etc/dovecot/sieve/global/
sieve_global_extensions = +vnd.dovecot.execute +vnd.dovecot.filter
+vnd.dovecot.pipe +editheader
sieve_pipe_bin_dir = /usr/local/bin/dovecot/sieve-pipe
sieve_plugins = sieve_extprograms
}
protocols = imap pop3 lmtp sieve
service auth {
unix_listener auth-userdb {
group = users
}
}
service imap-postlogin {
executable = script-login /usr/local/bin/imap-postlogin.sh
user = $default_internal_user
}
service imap {
executable = imap imap-postlogin
}
ssl = no
ssl_cert = </conf/etc/cert/certs/services/imap_pop/majornet.crt
ssl_key = # hidden, use -P to show it
userdb {
driver = passwd
}
protocol lda {
info_log_path = /var/log/dovecot/dovecot-lda.log
log_path = /var/log/dovecot/dovecot-lda.log
mail_plugins = acl quota sieve
}
protocol imap {
mail_max_userip_connections = 20
mail_plugins = acl quota imap_acl imap_quota
}
userdb {
default_fields = quota_rule=*:bytes=%$
driver = passwd
}
I have problems in return extra fields from passwd userdb. My users are
partially in passwd files and partially in LDAP. Users who use mail are in
LDAP db.
If I use "default_fields = quota_rule=*:bytes=100M" in userdb,
if I use "default_fields = quota_rule=*:bytes=%{userdb:quotabytes}" in
userdb,
1) default_fields supplies default values, if the userdb does not return
them. Hence, you cannot reference a LDAP result.
2) the userdb section cannot merge two databases together. You said "Users
who use mail are in LDAP db", so you would one userdb with driver ldap.
- --
Steffen Kaiser
H Bonn-Rhein-Sieg | e-mail: steffen.kai...@h-brs.de
FB Informatik | room : C179
Grantham-Allee 20 | phone : +49 2241/865-203
53757 Sankt Augustin |
Germany - Deutschland | fax : +49 2241/865-8203
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEVAwUBWXB4Q3Q8rp7BXVwTAQLBtgf/UeNwRnHz4y+5r71+Ni9oL1snzikq08rO
zr9v+7kc6XZjPjATEcbrdnp6F+zPgiTtEye2k/1aQhjDdAxzAWKGOATeAfA7AJfw
5bbmtfzOm7flkpfiiM2zBBbcwAPemLcdzMl6NAm3pg32oCnF93IkKPou/y7xjmdw
UAi4SxPaPQjUGqbkK6r3SFmDMPlUPAjQg2rqHBsc3gedJXy+milEKfwUiQhMtL7j
aflHATo4gwwMDwyu6+zAYzJDTa+g9IQ8LzKEOPZWtNL6eQcI+h8TVrdcZftObZUK
QETOnpN3IbFdIOfdrOlZ4Npe4BNby+dUGNViBP21ZNs9/nH0nvirOw==
=yLbr
-----END PGP SIGNATURE-----
