Re[2]: LDAP + quotas

To: Russell Coker <russell@coker.com.au>
Cc: debian-isp@lists.debian.org
Subject: Re[2]: LDAP + quotas
From: "Kevin J. Menard, Jr." <kmenard@wpi.edu>
Date: Fri, 27 Jul 2001 15:04:59 -0400
Message-id: <[🔎] 1022158732.20010727150459@wpi.edu>
Reply-to: "Kevin J. Menard, Jr." <kmenard@wpi.edu>
In-reply-to: <[🔎] 20010727141743.1D67514AA@lyta.coker.com.au>
References: <[🔎] 4011714955.20010725114457@wpi.edu> <[🔎] 20010727141743.1D67514AA@lyta.coker.com.au>

Hey Russell,

Friday, July 27, 2001, 10:17:42 AM, you wrote:

RC> On Wed, 25 Jul 2001 17:44, Kevin J. Menard, Jr. wrote:
>>     What I ideally want to be able to do is assign each virtual host a
>>     group, and set that quota of that group to whatever their max allowed
>>     disk space is (for instance, 50 MB), and then have their web folder and
>>     all user mailboxes in that group be restricted to that 50 MB limit.
>>
>>     Anyone know if this is possible?  And if so, how to do it?

RC> I suggest using two unix groups, one for web and the other for mail.

Any particular reason why? :)  I only suggested on group because I wanted
the 50MB restriction imposed for mail + web combined.  And if I do two
groups in LDAP, am I gonna notice any slow downs worth noting?  (I don't
assume I would, but this would start to complicate a simple posixAccout
posixGroup system).

RC> Then store the quota in some suitable LDAP attribute (NB the standard
RC> schemas don't have a suitable attribute).

Recommend anyone in particular?  RoomNumber might work :-P  Or do you have
some sort of schema you use on your own?  I ended up using your services
schema within my own OID since there isn't an official debian one yet :-P

RC> Then write a cron job which calls the following LDAP query:
RC> ldapsearch -x 
"(&(modifyTimestamp>>=20010531105821Z)(objectClass=posixAccount))" uidNumber 
RC> gidNumber quota | grep -v ^# | grep -v ^dn:

RC> and then sets up quota entries from the "quota" attribute.  The 
RC> modifyTimestamp attribute value should have the time of the last time the 
RC> cron job ran.

RC> Eventually I think I'll develop a debian package of scripts for doing this 
RC> type of stuff, so if you write such a cron job then make sure you send me a 
RC> copy.  ;)

Sure can do.  How often do you figure such a cron job should run?  I mean,
my quota values really don't change often.  Actually, once they're set,
that's usually about it.  So, a cron job of once a day could maybe suffice,
but if I'm creating a new virtual domain, and it doesn't have quotas til the
end of the day, that might not be cool :-/

RC> I've got user names much longer than 8 characters without any problems.  
RC> After 31 characters the names can't be represented in utmp properly (which 
RC> can cause some minor hassles for login accounts and will stuff up Portslave 
RC> amoung other programs).  But there's no problems for other things.

RC> I've done tests with user-names around 60 characters long in LDAP and my 
RC> (admittedly basic) tests worked fine.

Hmm . . . and they appear in ls fine?  Maybe the period i'm using in the uid
as user.domain.com is being interpretted as a group or something?

Thanks for the reply.  This system could work.  But I think the real
solution would be to devise a way to have system quotas read directly from
LDAP.  Oh well.  C'est la vie.

-- 
 Kevin

Reply to:

Follow-Ups:
- Re: Re[2]: LDAP + quotas
  - From: Russell Coker <russell@coker.com.au>

References:
- LDAP + quotas
  - From: "Kevin J. Menard, Jr." <kmenard@wpi.edu>
- Re: LDAP + quotas
  - From: Russell Coker <russell@coker.com.au>

Prev by Date: Re: LDAP + quotas
Next by Date: name of mod_auth_mysql package
Previous by thread: Re: LDAP + quotas
Next by thread: Re: Re[2]: LDAP + quotas
Index(es):
- Date
- Thread