On Monday 24 of June 2013 23:01:54 Timo Sirainen wrote: > On 24.6.2013, at 16.35, Pavel Herrmann <morpheus.i...@gmail.com> wrote: > > I have a setup where my dovecot (2.0, if that makes a difference) > > authenticates against an LDAP directory. In my scenario, I have two types > > of users, lets call them "normal" and "privileged". What I need is for > > the normal user to have a fixed quota, but for the priviledged to have > > none. (The users do not exist on the underlying system, so I cant do > > quota based on FS) > > > > The issue is that my LDAP is actually an AD, and there is a fair amount of > > new accounts over the time (in other words, I cannot use LDAP attribute > > for storing quota, because the AD tools don't understand it, and I would > > have to add it manually for each new account). > > > > The approach I had in mind is using quota based on user group (I do have > > groups representing both normal and priviledged users), but I cannot find > > a way to set it up in dovecot. > > Am I missing something or does dovecot not support LDAP groups as > > attribute > > source? > > Sounds like you need to do two LDAP lookups and merge them. That requires > Dovecot v2.2.
Sure, I am open to upgrading, if it solves the issue. I would actually need more than 2 requests, as AD supports recursive groups (a group being member of another group), which I do use. One possible issue is that from what I can see on the wiki does not really work with how groups in LDAP usually work. What I would need is the opposite direction - locate a group that has "member=myUserDn" attribute, look whether it has quota attribute set, if not use the group DN as myUserDn and repeat the search. Granted, AD has a backlink "memberOf" attribute, but I am still left with recursively looking up whether the group has a quota attribute, and whether it is a member of another group (cyclic membership is not possible AFAIK). Is this possible with Dovecot 2.2? thanks Pavel Herrmann
