dovecot - Sep 2011 - Shared Mailboxes with VirtualUsers and mail_location retrieved from ldap

Hello,

I spend a couple of days configurating a new installation of dovecot 2.0.14 with
virtual accounts and NFS storage for maildir home/mail directories.


At this point I need shared mailboxes but since user mail/home locations are
ldap attributes, how is it supposed I must configure this for shared mailboxes?

for the users' mail/home directories I set this line:

user_attrs = mailbox=mail=maildir:/var/maildir/%$,homeFilter=home

creating a namespace like the below one for shared mbx throw a lot of errors:


namespace {
? type = shared
? separator = /
? prefix = shared/%%u/
? subscriptions = no
? list = children
? #location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u
? location = mailbox=mail=maildir:/var/maildir/%$
}
I would like to hear if anyone has this configuration running. Thank you.


???? /--------------/

uris = ldap://ldap.example.com
dn = cn=user,ou=People,dc=example,dc=com
dnpass = secret
sasl_bind = no
tls = no
auth_bind = yes
ldap_version = 3
base = dc=example,dc=com
deref = never
scope = subtree
user_attrs = mailbox=mail=maildir:/var/maildir/%$,homeFilter=home
user_filter = (&(objectClass=CourierMailAccount)(uid=%u))
pass_filter = (&(objectClass=CourierMailAccount)(uid=%u))




# dovecot -n
# 2.0.14: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.34.7-0.7-xen x86_64 openSUSE 11.3 (x86_64) 
auth_debug = yes
auth_debug_passwords = yes
auth_verbose = yes
auth_verbose_passwords = plain
base_dir = /var/run/dovecot/
disable_plaintext_auth = no
mail_debug = yes
mail_fsync = always
mail_gid = 5000
mail_nfs_index = yes
mail_nfs_storage = yes
mail_plugins = acl
mail_uid = 5000
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date
mmap_disable = yes
namespace {
? list = children
? location = mailbox=mail=maildir:/var/maildir/%$
? prefix = shared/%%u/
? separator = /
? subscriptions = no
? type = shared
}
namespace {
? inbox = yes
? location = 
? prefix = INBOX.
? separator = .
}
passdb {
? args = /etc/dovecot/dovecot-ldap.conf.ext
? driver = ldap
}
plugin {
? acl = vfile
? sieve = ~/.dovecot.sieve
? sieve_dir = ~/sieve
}
protocols = imap
ssl = no
userdb {
? args = /etc/dovecot/dovecot-ldap.conf.ext
? driver = ldap
}
verbose_proctitle = yes
protocol imap {
? mail_max_userip_connections = 100
? mail_plugins = acl imap_acl autocreate
}

On 6.9.2011, at 14.27, mailing lists wrote:
> I spend a couple of days configurating a new installation of dovecot 2.0.14
with virtual accounts and NFS storage for maildir home/mail directories.
> 
> 
> At this point I need shared mailboxes but since user mail/home locations
are ldap attributes, how is it supposed I must configure this for shared
mailboxes?
> 
> for the users' mail/home directories I set this line:
> 
> user_attrs = mailbox=mail=maildir:/var/maildir/%$,homeFilter=home
Are home dirs and mail dirs related in any way? The only way you can get it
working is by using home dirs, e.g.:

user_attrs = mailbox=home=/var/maildir/%$

Then in dovecot.conf:

mail_location = maildir:~/
> namespace {
>   type = shared
>   separator = /
>   prefix = shared/%%u/
>   subscriptions = no
>   list = children
location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u

Of course, if you're already now using separate home dirs for some stuff,
this won't really work.

Hello,


On 09/07/2011 07:22 PM, Timo Sirainen wrote:
> On 6.9.2011, at 14.27, mailing lists wrote:
>> At this point I need shared mailboxes but since user mail/home
locations are ldap attributes, how is it supposed I must configure this for
shared mailboxes?
>>
>> for the users' mail/home directories I set this line:
>>
>> user_attrs = mailbox=mail=maildir:/var/maildir/%$,homeFilter=home
> 
> Are home dirs and mail dirs related in any way? The only way you can get it
working is by using home dirs, e.g.:
>
> user_attrs = mailbox=home=/var/maildir/%$
yes, my virtual users have separate directories for home and mail. Their
locations are stored in ldap attributes (with random generated paths), so a flat
scheme like /var/maildr/%%u isn't valid.


for typical (virtual) users the location returned looks like:

Sep? 8 12:48:33 imap1 dovecot: auth: Debug: ldap(user012,::1): result:
mailbox(mail=maildir:/var/maildir/%$)=vol06/1/15/user012
homeFilter(home)=/var/mailfilter/vol06/1/15/user012

...
Sep? 8 12:54:50 imap1 dovecot: imap(user012): Debug: maildir++:
root=/var/maildir/vol06/1/15/user012, index=, control=,
inbox=/var/maildir/vol06/1/15/user012, alt

?
> Then in dovecot.conf:
> 
> mail_location = maildir:~/
>
>> namespace {
>>??? type = shared
>>??? separator = /
>>??? prefix = shared/%%u/
>>??? subscriptions = no
>>??? list = children
>
> location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u
this is that I see in? logs and not shared folders are seen by imap clients:


Sep? 8 12:57:11 imap1 dovecot: imap(user012): Debug: Namespace : type=shared,
prefix=shared.%u., sep=., inbox=no, hidden=no, list=children, subscriptions=no
location=maildir:%h/Maildir:INDEX=~/Maildir/shared/%u
Sep? 8 12:57:11 imap1 dovecot: imap(user012): Debug: shared:
root=/var/run/dovecot/, index=, control=, inbox=, altSep? 8 12:57:11 imap1
dovecot: imap(user012): Debug: acl: initializing backend with data: vfile


I fail to understand how %%u is retrieved from ldap...



? /----------/


# dovecot -n
# 2.0.14: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.34.7-0.7-xen x86_64 openSUSE 11.3 (x86_64) 
auth_debug = yes
auth_debug_passwords = yes
auth_verbose = yes
auth_verbose_passwords = plain
base_dir = /var/run/dovecot/
disable_plaintext_auth = no
mail_debug = yes
mail_fsync = always
mail_gid = 5000
mail_location = maildir:~/
mail_nfs_index = yes
mail_nfs_storage = yes
mail_plugins = acl
mail_uid = 5000
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date
mmap_disable = yes
namespace {
? inbox = yes
? location = 
? prefix = INBOX.
? separator = .
}
namespace {
? list = children
? location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u
? prefix = shared.%%u.
? separator = .
? subscriptions = no
? type = shared
}
passdb {
? args = /etc/dovecot/dovecot-ldap.conf.ext
? driver = ldap
}
plugin {
? acl = vfile
? acl_shared_dict = file:/var/maildir/shared-mailboxes
? sieve = ~/.dovecot.sieve
? sieve_dir = ~/sieve
}
protocols = imap
ssl = no
userdb {
? args = /etc/dovecot/dovecot-ldap.conf.ext
? driver = ldap
}
verbose_proctitle = yes
protocol imap {
? mail_max_userip_connections = 100
? mail_plugins = acl imap_acl autocreate
}

On 09/08/2011 03:07 PM, Timo Sirainen wrote:
> On Thu, 2011-09-08 at 12:14 +0100, mailing lists wrote:
> 
>> yes, my virtual users have separate directories for home and mail.
>> Their locations are stored in ldap attributes (with random generated
>> paths), so a flat scheme like /var/maildr/%%u isn't valid.
> 
> Sorry, you're out of luck with that kind of a setup. Only the %%h can
> look up a home directory from LDAP. Maybe some day in future there will
> be other variables that can be looked up.
and how to I might configure dovecot to use the mail directory as a subdirectory
of the home directory?

this way all lookups for home (with %%h fetched from ldap) will return the
correct locationand mail will be in (i.e.) ~/mailSubDir

is this configuration possible?

On Fri, Sep 09, 2011 at 08:18:40AM +0100, mailing lists
wrote:
> 
> and how to I might configure dovecot to use the mail directory as a
subdirectory of the home directory?
> 
> this way all lookups for home (with %%h fetched from ldap) will return the
correct locationand mail will be in (i.e.) ~/mailSubDir
> 
> is this configuration possible?
In the main dovecot.conf:

	mail_location = maildir:~/mailSubDir

In the ldap-config:

	user_attrs = homeFilter=home	



  -jf

(I'm sorry for breaking the thread with each mail) 

On 09/09/2011 10:04 AM, Jan-Frode Myklebust wrote:
> On Fri, Sep 09, 2011 at 08:18:40AM +0100, mailing lists wrote:
>>
>> and how to I might configure dovecot to use the mail directory as a
subdirectory of the home directory?
>>
>> this way all lookups for home (with %%h fetched from ldap) will return
the correct locationand mail will be in (i.e.) ~/mailSubDir
>>
>> is this configuration possible?
> 
> In the main dovecot.conf:
> 
> ??? mail_location = maildir:~/mailSubDir
> 
> In the ldap-config:
> 
> ??? user_attrs = homeFilter=home 

and which is the value for the location directive in namespace declaration ??


namespace {
? list = children
? location = maildir:%%h/mailSubDir:INDEX=~/mailSubDIr/shared/%%u
? prefix = shared.%%u.
? separator = .
? subscriptions = no
? type = shared
}


with the above conf. no shared folders are seen by tests users and afaik %%h is
retrieved from ldap.


this is that I had done until now:

# telnet localhost 143
Trying ::1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE
AUTH=PLAIN] Dovecot ready.
. login user001 secret
. OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT
SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAME

. create INBOX.docs-user001
. OK Create completed.

. setacl INBOX.docs-user001 user002 lr
. OK Setacl complete.
. logout
* BYE Logging out 
. OK Logout completed.
Connection closed by foreign host.
# telnet localhost 143
Trying ::1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE
AUTH=PLAIN] Dovecot ready.
. login user002 secret
. OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT
SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAME

. create INBOX.docs-user002
. OK Create completed.
. setacl INBOX.docs-user002 user001 lr
. OK Setacl complete.
. logout
* BYE Logging out 
. OK Logout completed.
Connection closed by foreign host.

?# cat /var/maildir/shared-mailboxes 
shared/shared-boxes/user/user002/user001
1
shared/shared-boxes/user/user002/user002
1
shared/shared-boxes/user/user001/user001
1
shared/shared-boxes/user/user001/user002
1

# cat /var/maildir/vol04/4/46/user001/.docs-user001/dovecot-acl 
user=user002 lr

# cat /var/maildir/vol05/4/40/user002/.docs-user002/dovecot-acl
user=user001 lr


# telnet localhost 143
Trying ::1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE
AUTH=PLAIN] Dovecot ready.
. login user001 secret
. OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT
SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN
NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT
SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS ACL RIGHTS=texk] Logged in
. namespace
* NAMESPACE (("INBOX." ".")) (("shared."
".")) NIL
. OK Namespace completed.
. list "shared." "*"
. OK List completed.



? /--------------/

# grep? ^[^#] /etc/dovecot/dovecot-ldap.conf.ext

uris = ldap://ldap.example.com
dn = cn=testuser,dc=example,dc=com
dnpass = secret
sasl_bind = no
tls = no
auth_bind = yes
ldap_version = 3
base = dc=example,dc=com
deref = never
scope = subtree
user_attrs = mailbox=mail=maildir:/var/maildir/%$,homeFilter=home
user_filter = (&(objectClass=CourierMailAccount)(uid=%u))
pass_filter = (&(objectClass=CourierMailAccount)(uid=%u))




# dovecot -n
# 2.0.14: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.34.7-0.7-xen x86_64 openSUSE 11.3 (x86_64) 
auth_debug = yes
auth_debug_passwords = yes
auth_verbose = yes
auth_verbose_passwords = plain
base_dir = /var/run/dovecot/
disable_plaintext_auth = no
mail_debug = yes
mail_fsync = always
mail_gid = 5000
mail_location = maildir:~/mailSubDir
mail_nfs_index = yes
mail_nfs_storage = yes
mail_plugins = acl
mail_uid = 5000
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date
mmap_disable = yes
namespace {
? inbox = yes
? location = 
? prefix = INBOX.
? separator = .
}
namespace {
? list = children
? location = maildir:%%h/mailSubDir:INDEX=~/mailSubDir/shared/%%u
? prefix = shared.%%u.
? separator = .
? subscriptions = no
? type = shared
}
passdb {
? args = /etc/dovecot/dovecot-ldap.conf.ext
? driver = ldap
}
plugin {
? acl = vfile
? acl_shared_dict = file:/var/maildir/shared-mailboxes
? sieve = ~/.dovecot.sieve
? sieve_dir = ~/sieve
}
protocols = imap lmtp
service lmtp {
? inet_listener lmtp {
??? port = 24
? }
? unix_listener lmtp {
??? user = vmail
? }
}
ssl = no
userdb {
? args = /etc/dovecot/dovecot-ldap.conf.ext
? driver = ldap
}
verbose_proctitle = yes
protocol lmtp {
? mail_plugins = acl
}
protocol lda {
? mail_plugins = acl
}
protocol imap {
? mail_max_userip_connections = 100
? mail_plugins = acl imap_acl autocreate
}

and for the time that user001 execute the imap 'list' command, this is
the log trace in dovecot:

Sep? 9 13:09:12 imap1 dovecot: imap(user001): Debug: Namespace : type=shared,
prefix=shared.%u., sep=., inbox=no, hidden=no, list=children, subscriptions=no
location=maildir:%h/mailSubDir:INDEX=~/mailSubDir/shared/%u
Sep? 9 13:09:12 imap1 dovecot: imap(user001): Debug: shared:
root=/var/run/dovecot/, index=, control=, inbox=, alt[...]

Sep? 9 13:10:44 imap1 dovecot: auth: Debug: master in: USER?? 1?????? user002
service=lib-storage
Sep? 9 13:10:44 imap1 dovecot: auth: Debug: ldap(user002): user search:
base=dc=example,dc=com scope=subtree
filter=(&(objectClass=CourierMailAccount)(uid=user002))
fields=mailbox,homeFilter
Sep? 9 13:10:44 imap1 dovecot: auth: Debug: ldap(user002): result:
mailbox(mail=maildir:/var/maildir/%$)=vol05/4/40/user002
homeFilter(home)=/var/mailfilter/vol05/4/40/user002
Sep? 9 13:10:44 imap1 dovecot: auth: Debug: master out: USER? 1?????? user002
mail=maildir:/var/maildir/vol05/4/40/user002???
home=/var/mailfilter/vol05/4/40/user002
Sep? 9 13:10:44 imap1 dovecot: imap(user001): Debug: auth input: user002
mail=maildir:/var/maildir/vol05/4/40/user002
home=/var/mailfilter/vol05/4/40/user002
Sep? 9 13:10:44 imap1 dovecot: imap(user001): Debug: maildir++:
root=/var/mailfilter/vol05/4/40/user002/mailSubDir,
index=/var/mailfilter/vol04/4/46/user001/mailSubDir/shared/user002, control=,
inbox=/var/mailfilter/vol05/4/40/user002/mailSubDir, alt=
Sep? 9 13:10:44 imap1 dovecot: imap(user001): Debug: acl: initializing backend
with data: vfile
Sep? 9 13:10:44 imap1 dovecot: imap(user001): Debug: acl: acl username = user001
Sep? 9 13:10:44 imap1 dovecot: imap(user001): Debug: acl: owner = 0
Sep? 9 13:10:44 imap1 dovecot: imap(user001): Debug: acl vfile: Global ACL
directory: (none)
Sep? 9 13:10:44 imap1 dovecot: imap(user001): Debug: acl: Mailbox not in
dovecot-acl-list: shared.user002.INBOX