Hi everyone,
I am having some trouble with shared folders in trying to replicate how we use
them with a Cyrus backend.
The auth database is Samba4 active directory, so I am using an LDAP lookup to
authenticate and forcing the UID and GID to be all the same. I have a post-login
script that sets the group ACL, and this seems to be working fine. /mnt/mail is
an NFS mount to a FreeNAS machine, and there is only one Dovecot server
connecting to that NFS share.
I have been able to get the inbox of the shared mailbox to appear in
Thunderbird, but I would like to allow all subfolders to have the same ACLs. Is
there a way to do this without having an ACL entry for each folder in the
dovecot-acl file? I also cannot seem to create folders under the shared inbox.
Thanks.
Below is the output of /mnt/mail/acl/shared-mailboxes
shared/shared-boxes/group/accounting/accounting
1
shared/shared-boxes/group/team1/team1
1
shared/shared-boxes/group/team2/team2
1
Below is the output of dovecot -n
# 2.1.7: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-22-pve x86_64 Debian 7.3 nfs
auth_mechanisms = plain login
auth_username_format = %n
mail_debug = yes
mail_location =
maildir:/mnt/mail/mailboxes/%n/Maildir:INDEX=/var/local/dovecot-indexes/%n
mail_plugins = acl
mail_shared_explicit_inbox = no
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date ihave
namespace {
  list = yes
  location =
maildir:/mnt/mail/mailboxes/%%n/Maildir:INDEX=/var/local/dovecot-shared/%%n
  prefix = ZGroup/%%n/
  separator = /
  subscriptions = no
  type = shared
}
namespace inbox {
  inbox = yes
  location   mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix   separator = /
  type = private
}
passdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
plugin {
  acl = vfile
  acl_defaults_from_inbox = yes
  acl_shared_dict = file:/mnt/mail/acl/shared-mailboxes
  sieve = ~/.dovecot.sieve
  sieve_dir = ~/sieve
}
protocols = " imap lmtp sieve"
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix
  }
}
service imap-postlogin {
  executable = script-login /usr/local/bin/postlogin.py
  user = vmail
}
service imap {
  executable = imap imap-postlogin
}
service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
    group = postfix
    mode = 0600
    user = postfix
  }
  user = vmail
}
ssl_cert = </etc/dovecot/dovecot.pem
ssl_key = </etc/dovecot/private/dovecot.pem
userdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
protocol lmtp {
  mail_plugins = quota sieve
}
protocol lda {
  mail_plugins = quota sieve
}
protocol imap {
  mail_plugins = acl imap_acl
}
On 24/01/2014, at 8:40 PM, Alex Ferrara <alex at receptiveit.com.au> wrote:> Hi everyone, > > I am having some trouble with shared folders in trying to replicate how we use them with a Cyrus backend. > > The auth database is Samba4 active directory, so I am using an LDAP lookup to authenticate and forcing the UID and GID to be all the same. I have a post-login script that sets the group ACL, and this seems to be working fine. /mnt/mail is an NFS mount to a FreeNAS machine, and there is only one Dovecot server connecting to that NFS share. > > I have been able to get the inbox of the shared mailbox to appear in Thunderbird, but I would like to allow all subfolders to have the same ACLs. Is there a way to do this without having an ACL entry for each folder in the dovecot-acl file? I also cannot seem to create folders under the shared inbox. > > Thanks. > > Below is the output of /mnt/mail/acl/shared-mailboxes > shared/shared-boxes/group/accounting/accounting > 1 > shared/shared-boxes/group/team1/team1 > 1 > shared/shared-boxes/group/team2/team2 > 1 > > Below is the output of dovecot -n > > # 2.1.7: /etc/dovecot/dovecot.conf > # OS: Linux 2.6.32-22-pve x86_64 Debian 7.3 nfs > auth_mechanisms = plain login > auth_username_format = %n > mail_debug = yes > mail_location = maildir:/mnt/mail/mailboxes/%n/Maildir:INDEX=/var/local/dovecot-indexes/%n > mail_plugins = acl > mail_shared_explicit_inbox = no > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave > namespace { > list = yes > location = maildir:/mnt/mail/mailboxes/%%n/Maildir:INDEX=/var/local/dovecot-shared/%%n > prefix = ZGroup/%%n/ > separator = / > subscriptions = no > type = shared > } > namespace inbox { > inbox = yes > location > mailbox Drafts { > special_use = \Drafts > } > mailbox Junk { > special_use = \Junk > } > mailbox Sent { > special_use = \Sent > } > mailbox "Sent Messages" { > special_use = \Sent > } > mailbox Trash { > special_use = \Trash > } > prefix > separator = / > type = private > } > passdb { > args = /etc/dovecot/dovecot-ldap.conf.ext > driver = ldap > } > plugin { > acl = vfile > acl_defaults_from_inbox = yes > acl_shared_dict = file:/mnt/mail/acl/shared-mailboxes > sieve = ~/.dovecot.sieve > sieve_dir = ~/sieve > } > protocols = " imap lmtp sieve" > service auth { > unix_listener /var/spool/postfix/private/auth { > group = postfix > mode = 0660 > user = postfix > } > } > service imap-postlogin { > executable = script-login /usr/local/bin/postlogin.py > user = vmail > } > service imap { > executable = imap imap-postlogin > } > service lmtp { > unix_listener /var/spool/postfix/private/dovecot-lmtp { > group = postfix > mode = 0600 > user = postfix > } > user = vmail > } > ssl_cert = </etc/dovecot/dovecot.pem > ssl_key = </etc/dovecot/private/dovecot.pem > userdb { > args = /etc/dovecot/dovecot-ldap.conf.ext > driver = ldap > } > protocol lmtp { > mail_plugins = quota sieve > } > protocol lda { > mail_plugins = quota sieve > } > protocol imap { > mail_plugins = acl imap_acl > }Any ideas? aF
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 24 Jan 2014, Alex Ferrara wrote:> I have been able to get the inbox of the shared mailbox to appear in > Thunderbird, but I would like to allow all subfolders to have the same > ACLs. Is there a way to do this without having an ACL entry for each > folder in the dovecot-acl file?No, currently you need one file per mailbox.> I also cannot seem to create folders > under the shared inbox.If the accessing user has the "k"-permission, there might be problems with the unix file permissions. Latter logs errors. I think I remember something that you cannot give ACLs to the top most root of some mail storages, e.g. in Maildir Maildir/dovecot-acl applies to the INBOX and there is no file for the "/" or something like that. Can you create a new mailbox below, say, the INBOX? - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUudeO3D1/YhP6VMHAQJiuQf+I5dAE718UK+sUb+H77ddW8xXkSQ81s4P yFYs+kRbgsjFEztrGQoRno/IWJ4YGpdjBrj6cH4/MwT/iSIibGggCkkpLaU1RD0O Wgs+w58sCPwVQFiopTjSOA0ItwtKvedphX/0l2bDkH90mdIi/Ck9Ih6mSSk0t52Y 4pvGl1GvEWGl2jLYaJIiq+YP85nQlxkNC8nT7UbaexsVz9qPMVLPFU4So81aHvPI 5MYhhflIGMw11P+NrlAMrohJ8D1Gb6foEW5T8NmAp4qu2mataUvGx6/jcTlQxRLU 19uC93vb1Gbf3AN2U3tKF48iU2lVY2lW1PXkE/F66idRJSWe+AUsUQ==XgAZ -----END PGP SIGNATURE-----