still the same?
root at buserver:/etc/dovecot# doveadm user test2 at onnet.ch
field valueuserdb lookup: user test2 at onnet.ch doesn't exist
relevant config output from doveconf -n
userdb {
args = /etc/dovecot/dovecot-ldap.conf
driver = ldap
result_success = continue-ok
}
userdb {
args = username_format=%Lu /etc/dovecot/share.passwd
driver = passwd-file
result_failure = continue-ok
skip = notfound
}
but, did you read my last note anyway?
IMPORTANT NOTE: anyway.. even with this options set (acl and acl_globals_only)
the user test at onnet.ch <mailto:test at onnet.ch> is still able to share
its own folders?!
root at buserver:/etc/dovecot# doveadm user test at onnet.ch
field value
uid 5000
gid 5000
home /var/spool/postfix/virtual/onnet.ch/test/
mail maildir:~/Maildir
quota_rule *:bytes=1073741824
acl vfile:/etc/dovecot/dovecot-acl
acl_globals_only yes
root at buserver:/etc/dovecot# telnet localhost 143
Trying ::1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE
AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
. login test at onnet.ch *********
. OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT
SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND
URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED
I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH
LIST-STATUS SPECIAL-USE BINARY MOVE QUOTA ACL RIGHTS=texk] Logged in
. SETACL Inbox test2 at onnet.ch lrwstipekxa
. OK Setacl complete.
. GETACL Inbox
* ACL Inbox test2 at onnet.ch akxeilprwtscd test at onnet.ch lrwstipekxacd
. OK Getacl completed.
Cheers
> On 7 Aug 2018, at 12:05, Aki Tuomi <aki.tuomi at dovecot.fi> wrote:
>
> Hmm. if you put it *after* the ldap userdb, it should not have prevented
users from logging in.
>
> What happens if you do
> userdb {
> driver = passwd-file
> args = ....
> skip = notfound
> result_failure = continue-ok
> }
>
> Aki
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://dovecot.org/pipermail/dovecot/attachments/20180807/454617d2/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3696 bytes
Desc: not available
URL:
<https://dovecot.org/pipermail/dovecot/attachments/20180807/454617d2/attachment.p7s>
Okay, this seems to be due to the fact that the option ?use_globals_only" is supported only in v2.2.31+ We are on Debian jessie with dovecot v2.2.13 ? even an upgrade to current stable stretch won?t help (dovecot v2.2.27). So we will wait until the packages find their way into the repository. thanks anyway> On 7 Aug 2018, at 13:00, Simeon Ott <simeon.ott at onnet.ch> wrote: > but, did you read my last note anyway? > IMPORTANT NOTE: anyway.. even with this options set (acl and acl_globals_only) the user test at onnet.ch <mailto:test at onnet.ch> is still able to share its own folders?! > > root at buserver:/etc/dovecot# doveadm user test at onnet.ch <mailto:test at onnet.ch> > field value > uid 5000 > gid 5000 > home /var/spool/postfix/virtual/onnet.ch/test/ <http://onnet.ch/test/> > mail maildir:~/Maildir > quota_rule *:bytes=1073741824 > acl vfile:/etc/dovecot/dovecot-acl > acl_globals_only yes > > root at buserver:/etc/dovecot# telnet localhost 143 > Trying ::1... > Connected to localhost. > Escape character is '^]'. > * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=LOGIN] Dovecot ready. > . login test at onnet.ch <mailto:test at onnet.ch> ********* > . OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS SPECIAL-USE BINARY MOVE QUOTA ACL RIGHTS=texk] Logged in > . SETACL Inbox test2 at onnet.ch <mailto:test2 at onnet.ch> lrwstipekxa > . OK Setacl complete. > . GETACL Inbox > * ACL Inbox test2 at onnet.ch <mailto:test2 at onnet.ch> akxeilprwtscd test at onnet.ch <mailto:test at onnet.ch> lrwstipekxacd > . OK Getacl completed.-------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20180808/030672fa/attachment-0001.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3696 bytes Desc: not available URL: <https://dovecot.org/pipermail/dovecot/attachments/20180808/030672fa/attachment-0001.p7s>
http://repo.dovecot.org/ <http://repo.dovecot.org/> Sami> On 8 Aug 2018, at 10.27, Simeon Ott <simeon.ott at onnet.ch> wrote: > > Okay, this seems to be due to the fact that the option ?use_globals_only" is supported only in v2.2.31+ > We are on Debian jessie with dovecot v2.2.13 ? even an upgrade to current stable stretch won?t help (dovecot v2.2.27). So we will wait until the packages find their way into the repository. > > thanks anyway > > >> On 7 Aug 2018, at 13:00, Simeon Ott <simeon.ott at onnet.ch <mailto:simeon.ott at onnet.ch>> wrote: >> but, did you read my last note anyway? >> IMPORTANT NOTE: anyway.. even with this options set (acl and acl_globals_only) the user test at onnet.ch <mailto:test at onnet.ch> is still able to share its own folders?! >> >> root at buserver:/etc/dovecot# doveadm user test at onnet.ch <mailto:test at onnet.ch> >> field value >> uid 5000 >> gid 5000 >> home /var/spool/postfix/virtual/onnet.ch/test/ <http://onnet.ch/test/> >> mail maildir:~/Maildir >> quota_rule *:bytes=1073741824 >> acl vfile:/etc/dovecot/dovecot-acl >> acl_globals_only yes >> >> root at buserver:/etc/dovecot# telnet localhost 143 >> Trying ::1... >> Connected to localhost. >> Escape character is '^]'. >> * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=LOGIN] Dovecot ready. >> . login test at onnet.ch <mailto:test at onnet.ch> ********* >> . OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS SPECIAL-USE BINARY MOVE QUOTA ACL RIGHTS=texk] Logged in >> . SETACL Inbox test2 at onnet.ch <mailto:test2 at onnet.ch> lrwstipekxa >> . OK Setacl complete. >> . GETACL Inbox >> * ACL Inbox test2 at onnet.ch <mailto:test2 at onnet.ch> akxeilprwtscd test at onnet.ch <mailto:test at onnet.ch> lrwstipekxacd >> . OK Getacl completed. >-------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20180808/76666986/attachment.html>