Re: LDAP + quotas

To: "Kevin J. Menard, Jr." <kmenard@wpi.edu>, debian-isp@lists.debian.org
Subject: Re: LDAP + quotas
From: Russell Coker <russell@coker.com.au>
Date: Fri, 27 Jul 2001 16:17:42 +0200
Message-id: <[🔎] 20010727141743.1D67514AA@lyta.coker.com.au>
Reply-to: Russell Coker <russell@coker.com.au>
In-reply-to: <[🔎] 4011714955.20010725114457@wpi.edu>
References: <[🔎] 4011714955.20010725114457@wpi.edu>

On Wed, 25 Jul 2001 17:44, Kevin J. Menard, Jr. wrote:
>     What I ideally want to be able to do is assign each virtual host a
>     group, and set that quota of that group to whatever their max allowed
>     disk space is (for instance, 50 MB), and then have their web folder and
>     all user mailboxes in that group be restricted to that 50 MB limit.
>
>     Anyone know if this is possible?  And if so, how to do it?

I suggest using two unix groups, one for web and the other for mail.  Then 
store the quota in some suitable LDAP attribute (NB the standard schemas 
don't have a suitable attribute).

Then write a cron job which calls the following LDAP query:
ldapsearch -x 
"(&(modifyTimestamp>=20010531105821Z)(objectClass=posixAccount))" uidNumber 
gidNumber quota | grep -v ^# | grep -v ^dn:

and then sets up quota entries from the "quota" attribute.  The 
modifyTimestamp attribute value should have the time of the last time the 
cron job ran.

Eventually I think I'll develop a debian package of scripts for doing this 
type of stuff, so if you write such a cron job then make sure you send me a 
copy.  ;)

>     Also, anyway to get ls to output the full username?  I think it
>     truncates at 8 characters by default, which is sort of a pain, since
> all my uids are of the form user.domain.com.  I mean, it's not that bad,
> because the users are restricted to their web folder, so only seeing the
> first 8 characters is usually good enough, but ideally, the other way would
> be best.  Or perhaps I have to roll my own with perl or something?

I've got user names much longer than 8 characters without any problems.  
After 31 characters the names can't be represented in utmp properly (which 
can cause some minor hassles for login accounts and will stuff up Portslave 
amoung other programs).  But there's no problems for other things.

I've done tests with user-names around 60 characters long in LDAP and my 
(admittedly basic) tests worked fine.

-- 
http://www.coker.com.au/bonnie++/     Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/       Postal SMTP/POP benchmark
http://www.coker.com.au/projects.html Projects I am working on
http://www.coker.com.au/~russell/     My home page

Reply to:

Follow-Ups:
- Re[2]: LDAP + quotas
  - From: "Kevin J. Menard, Jr." <kmenard@wpi.edu>

References:
- LDAP + quotas
  - From: "Kevin J. Menard, Jr." <kmenard@wpi.edu>

Prev by Date: Re: can't find myisamchk on potato
Next by Date: Re[2]: LDAP + quotas
Previous by thread: LDAP + quotas
Next by thread: Re[2]: LDAP + quotas
Index(es):
- Date
- Thread