Return extra fields from passwd userdb

Steffen Kaiser Steffen.Kaiser at fh-bonn-rhein-sieg.de
Thu Jul 20 12:30:43 EEST 2017 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 20 Jul 2017, Michele Petrella wrote:

> To be more accurate, all users in ldap db need to use mail, but some users in 
> /etc/passwd file use mail too.

Does users exist in both passwd and ldap?

> For this reason I set up "driver=passwd" in userdb section and in 
> /etc/nsswitch.conf I set up "passwd:         files ldap".

If you did this for Dovecot, revert it.

> Now I want to use dovecot per user quota to limit ldap users mailbox size. I 
> need quota only for ldap users, no need for users in /etc/passwd file.
>
> Which is the correct configuration to do this?

use two databases for both passdb and userdb. One using pam / passwd, the 
other one the standard LDAP config.

see: 
https://wiki2.dovecot.org/Authentication/MultipleDatabases

Use LDAP instead of SQL userdb and passdb.

I guess, you will find posts in the sense "virtual and system users".

If there is no user in both databases, the order does not matter (except 
for speed); otherwise:

each database is tried in order of definition until a successful hit was 
found.

You can order the passdb's and userdb's differently, e.g. if passwd-passdb 
is first and the user's password match, and the ldap-userdb is first and 
you get a hit there, the user authentificates against passwd, but its data 
is retrieved from LDAP.
See comment in page: "look up users from SQL first (even if authentication 
was done using PAM!)"

> I understand that I need to use extra fields to obtain user quota from users 
> db. But you said "the userdb section cannot merge two databases together". So

You cannot merge, but use one-after-another.

> I can not use dovecot per user quota with "driver=passwd" in userdb section? 
> I could use only global quota?


> P.S.
> 1) I use dovecot-lda as delivery agent.
>
> 2) I send again my dovecot configuration:
>
> # 2.2.29.1 (e0b76e3): /var/etc/dovecot/dovecot.conf
> # Pigeonhole version 0.4.18 (29cc74d)
> # OS: Linux 3.10.55-gentoo i686 SuSE Linux 7.1 (i386)
> debug_log_path = /var/log/dovecot/dovecot_debug.log
> disable_plaintext_auth = no
> info_log_path = /var/log/state.mail/dovecot.pipe
> log_path = /var/log/dovecot/dovecot.log
> mail_debug = yes
> mail_gid = users
> mail_location = maildir:~/.maildir
> mail_plugins = acl quota
> mail_shared_explicit_inbox = yes
> mail_uid = vmail
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope encoded-character 
> vacation subaddress comparator-i;ascii-numeric relational regex imap4flags 
> copy include variables body enotify environment mailbox date index ihave 
> duplicate mime foreverypart extracttext
> namespace {
>  list = yes
>  location = maildir:/data/home/vmail/public
>  prefix = Public/
>  separator = /
>  subscriptions = no
>  type = public
> }
> namespace {
>  list = children
>  location = maildir:/data/home/%%n/.maildir:INDEX=~/.maildir/shared/%%u
>  prefix = Shared/%%u/
>  separator = /
>  subscriptions = no
>  type = shared
> }
> namespace inbox {
>  inbox = yes
>  list = yes
>  location =
>  mailbox Cestino {
>    special_use = \Trash
>  }
>  mailbox Drafts {
>    special_use = \Drafts
>  }
>  mailbox Junk {
>    special_use = \Junk
>  }
>  mailbox "Posta inviata" {
>    special_use = \Sent
>  }
>  mailbox Sent {
>    special_use = \Sent
>  }
>  mailbox "Sent Messages" {
>    special_use = \Sent
>  }
>  mailbox Trash {
>    special_use = \Trash
>  }
>  prefix =
>  separator = /
>  subscriptions = yes
>  type = private
> }
> passdb {
>  args = /etc/dovecot/passwd.masterusers
>  driver = passwd-file
>  master = yes
> }
> passdb {
>  driver = pam
> }
> plugin {
>  acl = vfile:/etc/dovecot/acl:cache_secs=300
>  acl_shared_dict = file:/var/lib/dovecot-dict/shared-mailboxes
>  quota = maildir:User quota
>  quota_rule = *:storage=5M
>  quota_rule2 = Trash:storage=+100M
>  quota_rule3 = SPAM:ignore
>  sieve = ~/.dovecot.sieve
>  sieve_before = /var/etc/dovecot/sieve/general/
>  sieve_dir = ~/sieve
>  sieve_execute_bin_dir = /usr/local/bin/dovecot/sieve-execute
>  sieve_filter_bin_dir = /usr/local/bin/dovecot/sieve-filter
>  sieve_global_dir = /var/etc/dovecot/sieve/global/
>  sieve_global_extensions = +vnd.dovecot.execute +vnd.dovecot.filter 
> +vnd.dovecot.pipe +editheader
>  sieve_pipe_bin_dir = /usr/local/bin/dovecot/sieve-pipe
>  sieve_plugins = sieve_extprograms
> }
> protocols = imap pop3 lmtp sieve
> service auth {
>  unix_listener auth-userdb {
>    group = users
>  }
> }
> service imap-postlogin {
>  executable = script-login /usr/local/bin/imap-postlogin.sh
>  user = $default_internal_user
> }
> service imap {
>  executable = imap imap-postlogin
> }
> ssl = no
> ssl_cert = </conf/etc/cert/certs/services/imap_pop/majornet.crt
> ssl_key =  # hidden, use -P to show it
> userdb {
>  driver = passwd
> }
> protocol lda {
>  info_log_path = /var/log/dovecot/dovecot-lda.log
>  log_path = /var/log/dovecot/dovecot-lda.log
>  mail_plugins = acl quota sieve
> }
> protocol imap {
>  mail_max_userip_connections = 20
>  mail_plugins = acl quota imap_acl imap_quota
> }
>
>
>>> userdb {
>>>  default_fields = quota_rule=*:bytes=%$
>>>  driver = passwd
>>> }
>> 
>>> I have problems in return extra fields from passwd userdb. My users are 
>>> partially in passwd files and partially in LDAP. Users who use mail are in 
>>> LDAP db.
>> 
>>> If I use "default_fields = quota_rule=*:bytes=100M" in userdb,
>> 
>>> if I use "default_fields = quota_rule=*:bytes=%{userdb:quotabytes}" in 
>>> userdb,
>> 
>> 1) default_fields supplies default values, if the userdb does not return 
>> them. Hence, you cannot reference a LDAP result.
>> 
>> 2) the userdb section cannot merge two databases together. You said "Users 
>> who use mail are in LDAP db", so you would one userdb with driver ldap.
>
>


- -- 

Steffen Kaiser

H Bonn-Rhein-Sieg         | e-mail: Steffen.Kaiser at H-BRS.DE
FB Informatik             | room  : C179
Grantham-Allee 20         | phone : +49 2241/865-203
53757 Sankt Augustin      |
Germany - Deutschland     | fax   : +49 2241/865-8203

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEVAwUBWXB4Q3Q8rp7BXVwTAQLBtgf/UeNwRnHz4y+5r71+Ni9oL1snzikq08rO
zr9v+7kc6XZjPjATEcbrdnp6F+zPgiTtEye2k/1aQhjDdAxzAWKGOATeAfA7AJfw
5bbmtfzOm7flkpfiiM2zBBbcwAPemLcdzMl6NAm3pg32oCnF93IkKPou/y7xjmdw
UAi4SxPaPQjUGqbkK6r3SFmDMPlUPAjQg2rqHBsc3gedJXy+milEKfwUiQhMtL7j
aflHATo4gwwMDwyu6+zAYzJDTa+g9IQ8LzKEOPZWtNL6eQcI+h8TVrdcZftObZUK
QETOnpN3IbFdIOfdrOlZ4Npe4BNby+dUGNViBP21ZNs9/nH0nvirOw==
=yLbr
-----END PGP SIGNATURE-----

More information about the dovecot mailing list