Re[2]: LDAP + quotas
Hey Russell,
Friday, July 27, 2001, 10:17:42 AM, you wrote:
RC> On Wed, 25 Jul 2001 17:44, Kevin J. Menard, Jr. wrote:
>> What I ideally want to be able to do is assign each virtual host a
>> group, and set that quota of that group to whatever their max allowed
>> disk space is (for instance, 50 MB), and then have their web folder and
>> all user mailboxes in that group be restricted to that 50 MB limit.
>>
>> Anyone know if this is possible? And if so, how to do it?
RC> I suggest using two unix groups, one for web and the other for mail.
Any particular reason why? :) I only suggested on group because I wanted
the 50MB restriction imposed for mail + web combined. And if I do two
groups in LDAP, am I gonna notice any slow downs worth noting? (I don't
assume I would, but this would start to complicate a simple posixAccout
posixGroup system).
RC> Then store the quota in some suitable LDAP attribute (NB the standard
RC> schemas don't have a suitable attribute).
Recommend anyone in particular? RoomNumber might work :-P Or do you have
some sort of schema you use on your own? I ended up using your services
schema within my own OID since there isn't an official debian one yet :-P
RC> Then write a cron job which calls the following LDAP query:
RC> ldapsearch -x
"(&(modifyTimestamp>>=20010531105821Z)(objectClass=posixAccount))" uidNumber
RC> gidNumber quota | grep -v ^# | grep -v ^dn:
RC> and then sets up quota entries from the "quota" attribute. The
RC> modifyTimestamp attribute value should have the time of the last time the
RC> cron job ran.
RC> Eventually I think I'll develop a debian package of scripts for doing this
RC> type of stuff, so if you write such a cron job then make sure you send me a
RC> copy. ;)
Sure can do. How often do you figure such a cron job should run? I mean,
my quota values really don't change often. Actually, once they're set,
that's usually about it. So, a cron job of once a day could maybe suffice,
but if I'm creating a new virtual domain, and it doesn't have quotas til the
end of the day, that might not be cool :-/
RC> I've got user names much longer than 8 characters without any problems.
RC> After 31 characters the names can't be represented in utmp properly (which
RC> can cause some minor hassles for login accounts and will stuff up Portslave
RC> amoung other programs). But there's no problems for other things.
RC> I've done tests with user-names around 60 characters long in LDAP and my
RC> (admittedly basic) tests worked fine.
Hmm . . . and they appear in ls fine? Maybe the period i'm using in the uid
as user.domain.com is being interpretted as a group or something?
Thanks for the reply. This system could work. But I think the real
solution would be to devise a way to have system quotas read directly from
LDAP. Oh well. C'est la vie.
--
Kevin
Reply to: