On 28 March 2012 09:39, Bruce, Andrew <abr...@tumnus.co.nz> wrote: > On 28 March 2012 09:36, Bruce, Andrew <abr...@tumnus.co.nz> wrote: >> On 27 March 2012 19:14, Nikita Koshikov <koshi...@gmail.com> wrote: >>> On Tue, 27 Mar 2012 13:57:04 +1300 >>> Bruce, Andrew wrote: >>> >>> Hi there, >>> >>> We're setting up a Dovecot virtual email setup - we've got everything >>> working perfect with LDAP logins authenticating against AD and so >>> forth, but we're having issues with retrieving the maxStorage value >>> from AD (this is a pre-setup field in AD that we'd like to use to set >>> per user quotas). >>> >>> In our LDAP lookup, we have the maxStorage entry listed under >>> user_attrs for the quota (user_attrs = >>> maxStorage=quota_rule=*:storage=%$M), and in the debug logs, can see >>> it trying to get the entry, but it fails with: >>> Mar 27 13:19:27 auth: Debug: ldap(username@site,192.168.1.5): user >>> search: base=dc=site,dc=local scope=subtree >>> filter=(&(objectClass=person)(| (userPrincipalName=username@site) >>> (|(mail=username@site)(samAccountName=username@site)))) >>> fields=maxStorage >>> Mar 27 13:19:27 auth: Debug: ldap(username@site,192.168.1.5): no >>> fields returned by the server >>> >>> At this point, we then see the default quota applied. >>> >> Try to change your quota rule to be like: >> maxStorage=quota_rule=*:bytes=%$ >> ^^^^^^^^^ >> And put the value in bytes to maxStorage - if I remember correct - this is >> integer field and no K\M\G values is valid here. >> >> PS We successfully using maxStorage field to obtain non-default quota from >> AD, dovecot version 2.0.x >>> >>> If we change the name of the field from maxStorage to instanceType we >>> see the value show up in the logs and passed through to the quota >>> system and applied successfully: >>> Mar 27 11:09:01 auth: Debug: ldap(username@site,192.168.1.5): user >>> search: base=dc=site,dc=local scope=subtree >>> filter=(&(objectClass=person)(| (userPrincipalName=username@site) >>> (|(mail=username@site)(samAccountName=username@site)))) >>> fields=instanceType >>> Mar 27 11:09:01 auth: Debug: ldap(username@site,192.168.1.5): result: >>> instanceType(quota_rule=*:storage=%$M)=*:storage=4M >>> Mar 27 11:09:01 auth: Debug: master out: USER 3901227009 >>> username@site quota_rule=*:storage=4M >>> >>> >>> Which seems a bit weird. >>> >>> If we use ldapsearch and pass it the same search string and look for >>> the field maxStorage, we clearly see the field and the value being >>> returned. The result looks the same if we also lookup instanceType. >>> >>> We're using Dovecot 2.0.9. >>> >>> Does anyone have any idea as to why we can't use this field? >>> >>> Thanks, >>> >>> Andrew > > Tried your suggestion Nikita, no joy unfortunately. It still looks > like the value never gets returned from the LDAP server to Dovecot. > It definitely has something in the field (equivalent of 10GB, but in > bytes as suggested) and I changed the user_attrs also, but still get > the same "no fields returned by the server" error message. > > Modifying the user_attrs to lookup from a different field > (instanceType) definitely works. > > What exact version are you using - perhaps it's a problem with our > copy of 2.0.9. > > Thanks, > > Andrew
Further investigation shows that there are a few other fields that we can't retrieve in Dovecot, but can using the same search string and lookup user with ldapsearch. maxStorage is obviously one, but I tried a couple of other fields of varying types: mobile - Octet String and logonCount - Integer. Doesn't seem to be the type that restricts the search, just some fields won't return.
