Re: Re[2]: LDAP + quotas
On Fri, 27 Jul 2001 21:04, Kevin J. Menard, Jr. wrote:
> >> What I ideally want to be able to do is assign each virtual host a
> >> group, and set that quota of that group to whatever their max
> >> allowed disk space is (for instance, 50 MB), and then have their web
> >> folder and all user mailboxes in that group be restricted to that 50 MB
> >> limit.
> >>
> >> Anyone know if this is possible? And if so, how to do it?
>
> RC> I suggest using two unix groups, one for web and the other for mail.
>
> Any particular reason why? :) I only suggested on group because I wanted
> the 50MB restriction imposed for mail + web combined. And if I do two
> groups in LDAP, am I gonna notice any slow downs worth noting? (I don't
No! I suggested two groups because having separate limits for web and mail
makes more sense to me. But if you want a single limit that's your choice.
> RC> Then store the quota in some suitable LDAP attribute (NB the standard
> RC> schemas don't have a suitable attribute).
>
> Recommend anyone in particular? RoomNumber might work :-P Or do you have
> some sort of schema you use on your own? I ended up using your services
> schema within my own OID since there isn't an official debian one yet :-P
I think that some type of quota attribute is needed. I suggest that you hack
one yourself in the short term. Hopefully we'll have an official Debian
schema that will satisfy your requirements before woody is released...
> RC> Eventually I think I'll develop a debian package of scripts for doing
> this RC> type of stuff, so if you write such a cron job then make sure you
> send me a RC> copy. ;)
>
> Sure can do. How often do you figure such a cron job should run? I mean,
> my quota values really don't change often. Actually, once they're set,
> that's usually about it. So, a cron job of once a day could maybe suffice,
> but if I'm creating a new virtual domain, and it doesn't have quotas til
> the end of the day, that might not be cool :-/
It's your decision. For the type of things I do 30 minutes would be the
largest amount of time that I'd want to wait.
> RC> I've got user names much longer than 8 characters without any problems.
> RC> After 31 characters the names can't be represented in utmp properly
> (which RC> can cause some minor hassles for login accounts and will stuff
> up Portslave RC> amoung other programs). But there's no problems for other
> things.
>
> RC> I've done tests with user-names around 60 characters long in LDAP and
> my RC> (admittedly basic) tests worked fine.
>
> Hmm . . . and they appear in ls fine? Maybe the period i'm using in the
> uid as user.domain.com is being interpretted as a group or something?
Not on 80 column displays!!!
> Thanks for the reply. This system could work. But I think the real
> solution would be to devise a way to have system quotas read directly from
> LDAP. Oh well. C'est la vie.
No way! You want the kernel to issue something that results in an LDAP read
on every file access?
--
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/projects.html Projects I am working on
http://www.coker.com.au/~russell/ My home page
Reply to: