hello all
i'm currently using passdb to enable and disable various namespaces
conditionally : for example the following work
namespace/inbox/inbox=no
namespace/legacy_pfso/disabled=no
namespace/legacy_pfso/inbox=no
namespace/local_storage/disabled=no
namespace/comboINBOX_local_pfso/disabled=no
namespace/comboINBOX_local_pfso/inbox=yes
but i can't get things like the following to work
namespace/shared/disabled=yes
--
the shared namespace is configured as shown below
namespace shared {
type = shared
list = yes # children
disabled = yes
separator = /
prefix = shared/%%u/
location = imapc:~/dovemail/shared/%%u/
}
imapc_host = localhost
imapc_port = 143
imapc_password = superpassword # either super or a dummy
imapc_master_user = %u
--
it seems the shared namespaces do not have names any more so they can't
be modified dynamically
is there a way to circumvent ? something i missed ?
i'm running 2.2.22 but i can switch easily to 2.2.9 or any other version
providing master_user or one of the variables that can let me know if a
master login was performed is available in passdb
the reason i'm doing this is so i can prevent long chains/loops from
occuring : then accessed by imapc: , the passdb should disable the
shared namespace so it does not produce (an)other imapc connection(s)
thanks for your help
alexis
> > hello all > > i'm currently using passdb to enable and disable various namespaces > conditionally : for example the following work > > namespace/inbox/inbox=no > namespace/legacy_pfso/disabled=no > namespace/legacy_pfso/inbox=no > namespace/local_storage/disabled=no > namespace/comboINBOX_local_pfso/disabled=no > namespace/comboINBOX_local_pfso/inbox=yes > > but i can't get things like the following to work > > namespace/shared/disabled=yes > > -- > > the shared namespace is configured as shown below > > namespace shared { > type = shared > list = yes # children > disabled = yes > separator = / > prefix = shared/%%u/ > location = imapc:~/dovemail/shared/%%u/ > } > > imapc_host = localhost > imapc_port = 143 > imapc_password = superpassword # either super or a dummy > imapc_master_user = %u > > -- > > it seems the shared namespaces do not have names any more so they can't > be modified dynamically > > is there a way to circumvent ? something i missed ? > > i'm running 2.2.22 but i can switch easily to 2.2.9 or any other version > providing master_user or one of the variables that can let me know if a > master login was performed is available in passdb > > the reason i'm doing this is so i can prevent long chains/loops from > occuring : then accessed by imapc: , the passdb should disable the > shared namespace so it does not produce (an)other imapc connection(s) > > thanks for your help > > alexishi all bumping on my own... i've tried to declare the namespace inside the imap protocol and adding the following extra protocol and listner service imap-login-noshares { protocol = imapnoshares executable = imap-login inet_listener imapnoshares { address port = 20143 reuse_port = no ssl = no } $login_process_common_stuff } protocol imapnoshares { # we need to clone imap stuff here... maybe not everything but at least quota and the likes } unfortunately it seems that the protocol is still 'imap' : the passdb and userdb queries still contain imap as the protocol name, the log displays imap(username), and it looks like the shared namespace is active. the namespace is now declared like this protocol imap { namespace shared { type = shared list = yes # children #disabled = yes separator = / prefix = shared/%%u/ location = imapc:~/dovemail/shared/%%u/ } } any ideas ? has anybody managed to get acls to work with imapc ? thanks for your time alexis
On 04 Apr 2016, at 13:28, abi at oleane.net wrote:> > namespace shared { > type = shared > list = yes # children > disabled = yes > separator = / > prefix = shared/%%u/ > location = imapc:~/dovemail/shared/%%u/ > }Don't you get a warning with this? Warning: Obsolete setting in dovecot.conf:1: namespace shared {} has been replaced by namespace { type=shared } This is because of the v1.x dovecot.conf auto-conversion code. Try giving it a different name than "shared" and see if it works.
Le 06/04/2016 21:41, Timo Sirainen a ?crit :> On 04 Apr 2016, at 13:28, abi at oleane.net wrote: >> >> namespace shared { >> type = shared >> list = yes # children >> disabled = yes >> separator = / >> prefix = shared/%%u/ >> location = imapc:~/dovemail/shared/%%u/ >> } > > Don't you get a warning with this? > > Warning: Obsolete setting in dovecot.conf:1: namespace shared {} has been replaced by namespace { type=shared } > > This is because of the v1.x dovecot.conf auto-conversion code. Try giving it a different name than "shared" and see if it works. >yes i get this exact warning i tried with and without given the fact that other namespaces parameters can be changed dynamically through passdb by returning "namespace"/NAMESPACE_NAME/PARAMETER=VALUE, i was hoping to do the same with shared namespaces which is why i added a name i'm wondering : is using shared namespaces with non generic acls and imapc currently supported in dovecot ? i'm running into 2 problems : --> the acl files are looked up in the filesystem in ~loggedin_user/.../shared/sharing_user/ rather than in ~sharing_user so the filesystem paths are not translated. i can circumvent with symlinks but i assume the ACLs should be looked up using imap or an extra location attribute could be added to the namespace so the acls are read in the proper location. --> the sharers might themselves have other people sharing with them so the imapc connections loop. i need a way to selectively disable the shared namespace. ( based on a specific port, the source address, something passed by imapc:, the fact that there is a master login... whatever works ) i'm ready to beta-test if that can help in any way thanks for your great work best regards alexis
> > This is because of the v1.x dovecot.conf auto-conversion code. Try giving it a different name than "shared" and see if it works. >hello it does, and there is no warning. i feel foolish i did not bother to try thanks, that solves part of the problem best regards alexis
hello.
i gave a different name to the namespace.
now i can properly disable it from passdb (so i do not produce a loops
with shared namespaces configured with imapc)
---
but providing a name breaks even local acls
with the following config
namespace sharedboxes {
type = shared
list = yes # children
disabled = no # should be yes, but this is convenient when
testing with doveadm
separator = / # useful ? does not change a thing... direcgt
access is ok, imapc is broken
prefix = shared/%%u/
# THIS MAKES USE OF THE LOCAL FILESYSTEM FOR THE REMOTE USER'S
MAILBOX LOCATION. WORKS BUT NOT CLUSTER-SAFE
# NOTE : specifying a separate INDEX allows for unshared flags
# NOTE : userdb sets mail location to
maildir:~/dovemail:INBOX=~/dovemail/.INBOX
location = maildir:%%h/dovemail/ #
:INDEXPVT=~/dovemail/private_indexes/%%u
# THIS ONE IS CLUSTER-SAFE BUT CURRENTLY DOES NOT WORK
#location = imapc:~/dovemail/shared/%%u/ # cache for shared indexes
}
acl debug produces the following output
# doveadm acl debug -u abi3 at oleane.fr.fto shared/abi2 at oleane.fr.fto/AA
doveadm(abi3 at oleane.fr.fto): Error: Mailbox
'shared.abi2 at oleane\2efr\2efto.AA' in namespace ''
doesn't exist in
/var/mailboxes/mail02b/fr.fto/o/l/oleane/abi3/home/dovemail/.shared.abi2 at
oleane\2efr\2efto.AA
---
but if i remove "sharedboxes", it works as expected
# doveadm acl debug -u abi3 at oleane.fr.fto shared/abi2 at oleane.fr.fto/AA
doveadm(abi3 at oleane.fr.fto): Info: Mailbox 'AA' is in namespace
'shared/abi2 at oleane.fr.fto/'
doveadm(abi3 at oleane.fr.fto): Info: Mailbox path:
/var/mailboxes/mail02b/fr.fto/o/l/oleane/abi2/home/dovemail/.AA
doveadm(abi3 at oleane.fr.fto): Info: All message flags are shared across
users in mailbox
doveadm(abi3 at oleane.fr.fto): Info: User abi3 at oleane.fr.fto has rights:
lookup read write write-seen write-deleted insert post expunge create
delete admin
doveadm(abi3 at oleane.fr.fto): Info: Mailbox found from dovecot-acl-list
doveadm(abi3 at oleane.fr.fto): Info: User abi2 at oleane.fr.fto found from
ACL shared dict
doveadm(abi3 at oleane.fr.fto): Info: Mailbox shared/abi2 at oleane.fr.fto/AA
is visible in LIST
i also tried changing the prefix to sharedboxes/%%u/ and changing the
debug command accordingly but that did not make a difference.
---
if i try the same config ( without naming the namespace ) with imapc (
using the location line that is commented in the above config sample )
it does not seem to loop when using doveadm debug, but it does not work
either
# doveadm acl debug -u abi3 at oleane.fr.fto shared/abi2 at oleane.fr.fto/AA
doveadm(abi3 at oleane.fr.fto): Info: Mailbox 'AA' is in namespace
'shared/abi2 at oleane.fr.fto/'
doveadm(abi3 at oleane.fr.fto): Info: Mailbox path:
/var/mailboxes/mail02b/fr.fto/o/l/oleane/abi3/home/dovemail/shared/abi2 at
oleane.fr.fto/.AA
doveadm(abi3 at oleane.fr.fto): Info: All message flags are shared across
users in mailbox
doveadm(abi3 at oleane.fr.fto): Info: User abi3 at oleane.fr.fto has no rights
for mailbox
doveadm(abi3 at oleane.fr.fto): Error: User abi3 at oleane.fr.fto is missing
'lookup' right
doveadm(abi3 at oleane.fr.fto): Info: Mailbox shared/abi2 at oleane.fr.fto/AA
is NOT visible in LIST
the log show that the proper dovecot-acl file is read when ~abi logs in
as ~abi2, but i do not see any trace of the acls being read over imap
nor directly in the filesystem
if i actually use imap, i produce a loop ( rather a storm in fact if i
setup many to many shares ) and end up with an empty shared namespace
what did i miss ?
thanks for your help
alex
Le 06/04/2016 21:41, Timo Sirainen a ?crit :> On 04 Apr 2016, at 13:28, abi at oleane.net wrote:
>> namespace shared {
>> type = shared
>> list = yes # children
>> disabled = yes
>> separator = /
>> prefix = shared/%%u/
>> location = imapc:~/dovemail/shared/%%u/
>> }
> Don't you get a warning with this?
>
> Warning: Obsolete setting in dovecot.conf:1: namespace shared {} has been
replaced by namespace { type=shared }
>
> This is because of the v1.x dovecot.conf auto-conversion code. Try giving
it a different name than "shared" and see if it works.
>