Hi, I'm trying to setup group based ACLs coming from OpenLDAP. My setup doesn't require a POSIX Group match. In the Dovecot configuration file I have this: "user_attrs = [...], mailAclGroups=acl_groups" as well as "acl = vfile:/usr/local/etc/dovecot/global-acls:cache_secs=300". The user has "public" in the LDAP attribute "mailAclGroups". It seems to get everything right. I checked with doveadm - and I see public ist listed as expected: cat /var/log/debug.log [...] Sep 16 23:39:04 WM-01 dovecot: auth: Debug: client passdb out: OK 1 user=leander at mydomain.localdomain acl_groups=public [...] cat /usr/local/etc/dovecot/global-acls INBOX owner lrwstipekxa Drafts owner lrwstipeka Sent owner lrwstipeka Spam owner lrwstipeka Trash owner lrwstipeka Public authenticated l Public group-override=public lrwstipekx Public/* group-override=public lrwstipekx doveadm mailbox list -u leander at mydomain.localdomain Drafts Sent Trash Spam Shared Public Public/Service Center Shared/test at mydomain.localdomain Shared/test at mydomain.localdomain/Drafts Shared/test at mydomain.localdomain/Sent Shared/test at mydomain.localdomain/Trash Shared/test at mydomain.localdomain/Spam INBOX But here comes the strange thing: telnet equal to Thunderbird: . LIST "" "*" * LIST (\HasNoChildren \Drafts) "/" Drafts * LIST (\HasNoChildren \Sent) "/" Sent * LIST (\HasNoChildren \Trash) "/" Trash * LIST (\HasNoChildren \Junk) "/" Spam * LIST (\Noselect \HasChildren) "/" Shared * LIST (\HasChildren) "/" Shared/test at mydomain.localdomain * LIST (\HasNoChildren) "/" Shared/test at mydomain.localdomain/Drafts * LIST (\HasNoChildren) "/" Shared/test at mydomain.localdomain/Sent * LIST (\HasNoChildren) "/" Shared/test at mydomain.localdomain/Trash * LIST (\HasNoChildren) "/" Shared/test at mydomain.localdomain/Spam * LIST (\HasNoChildren) "/" INBOX . OK List completed (0.000 + 0.000 + 0.092 secs). Public and Public/* shoul be listed as well, but it isn't. Any idea why it is behaving like this? Thanks Best regards Leander Sch?fer
Any idea? Am 17.09.16 um 00:44 schrieb Leander Sch?fer:> Hi, > > I'm trying to setup group based ACLs coming from OpenLDAP. My setup > doesn't require a POSIX Group match. In the Dovecot configuration file > I have this: "user_attrs = [...], mailAclGroups=acl_groups" as well as > "acl = vfile:/usr/local/etc/dovecot/global-acls:cache_secs=300". The > user has "public" in the LDAP attribute "mailAclGroups". It seems to > get everything right. I checked with doveadm - and I see public ist > listed as expected: > > cat /var/log/debug.log > [...] > Sep 16 23:39:04 WM-01 dovecot: auth: Debug: client passdb out: > OK 1 user=leander at mydomain.localdomain acl_groups=public > [...] > > cat /usr/local/etc/dovecot/global-acls > INBOX owner lrwstipekxa > Drafts owner lrwstipeka > Sent owner lrwstipeka > Spam owner lrwstipeka > Trash owner lrwstipeka > Public authenticated l > Public group-override=public lrwstipekx > Public/* group-override=public lrwstipekx > > > doveadm mailbox list -u leander at mydomain.localdomain > Drafts > Sent > Trash > Spam > Shared > Public > Public/Service Center > Shared/test at mydomain.localdomain > Shared/test at mydomain.localdomain/Drafts > Shared/test at mydomain.localdomain/Sent > Shared/test at mydomain.localdomain/Trash > Shared/test at mydomain.localdomain/Spam > INBOX > > > But here comes the strange thing: telnet equal to Thunderbird: > . LIST "" "*" > * LIST (\HasNoChildren \Drafts) "/" Drafts > * LIST (\HasNoChildren \Sent) "/" Sent > * LIST (\HasNoChildren \Trash) "/" Trash > * LIST (\HasNoChildren \Junk) "/" Spam > * LIST (\Noselect \HasChildren) "/" Shared > * LIST (\HasChildren) "/" Shared/test at mydomain.localdomain > * LIST (\HasNoChildren) "/" Shared/test at mydomain.localdomain/Drafts > * LIST (\HasNoChildren) "/" Shared/test at mydomain.localdomain/Sent > * LIST (\HasNoChildren) "/" Shared/test at mydomain.localdomain/Trash > * LIST (\HasNoChildren) "/" Shared/test at mydomain.localdomain/Spam > * LIST (\HasNoChildren) "/" INBOX > . OK List completed (0.000 + 0.000 + 0.092 secs). > > > Public and Public/* shoul be listed as well, but it isn't. Any idea > why it is behaving like this? > Thanks > > Best regards > Leander Sch?fer