still the same? root at buserver:/etc/dovecot# doveadm user test2 at onnet.ch field valueuserdb lookup: user test2 at onnet.ch doesn't exist relevant config output from doveconf -n userdb { args = /etc/dovecot/dovecot-ldap.conf driver = ldap result_success = continue-ok } userdb { args = username_format=%Lu /etc/dovecot/share.passwd driver = passwd-file result_failure = continue-ok skip = notfound } but, did you read my last note anyway? IMPORTANT NOTE: anyway.. even with this options set (acl and acl_globals_only) the user test at onnet.ch <mailto:test at onnet.ch> is still able to share its own folders?! root at buserver:/etc/dovecot# doveadm user test at onnet.ch field value uid 5000 gid 5000 home /var/spool/postfix/virtual/onnet.ch/test/ mail maildir:~/Maildir quota_rule *:bytes=1073741824 acl vfile:/etc/dovecot/dovecot-acl acl_globals_only yes root at buserver:/etc/dovecot# telnet localhost 143 Trying ::1... Connected to localhost. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=LOGIN] Dovecot ready. . login test at onnet.ch ********* . OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS SPECIAL-USE BINARY MOVE QUOTA ACL RIGHTS=texk] Logged in . SETACL Inbox test2 at onnet.ch lrwstipekxa . OK Setacl complete. . GETACL Inbox * ACL Inbox test2 at onnet.ch akxeilprwtscd test at onnet.ch lrwstipekxacd . OK Getacl completed. Cheers> On 7 Aug 2018, at 12:05, Aki Tuomi <aki.tuomi at dovecot.fi> wrote: > > Hmm. if you put it *after* the ldap userdb, it should not have prevented users from logging in. > > What happens if you do > userdb { > driver = passwd-file > args = .... > skip = notfound > result_failure = continue-ok > } > > Aki >-------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20180807/454617d2/attachment.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3696 bytes Desc: not available URL: <https://dovecot.org/pipermail/dovecot/attachments/20180807/454617d2/attachment.p7s>
Okay, this seems to be due to the fact that the option ?use_globals_only" is supported only in v2.2.31+ We are on Debian jessie with dovecot v2.2.13 ? even an upgrade to current stable stretch won?t help (dovecot v2.2.27). So we will wait until the packages find their way into the repository. thanks anyway> On 7 Aug 2018, at 13:00, Simeon Ott <simeon.ott at onnet.ch> wrote: > but, did you read my last note anyway? > IMPORTANT NOTE: anyway.. even with this options set (acl and acl_globals_only) the user test at onnet.ch <mailto:test at onnet.ch> is still able to share its own folders?! > > root at buserver:/etc/dovecot# doveadm user test at onnet.ch <mailto:test at onnet.ch> > field value > uid 5000 > gid 5000 > home /var/spool/postfix/virtual/onnet.ch/test/ <http://onnet.ch/test/> > mail maildir:~/Maildir > quota_rule *:bytes=1073741824 > acl vfile:/etc/dovecot/dovecot-acl > acl_globals_only yes > > root at buserver:/etc/dovecot# telnet localhost 143 > Trying ::1... > Connected to localhost. > Escape character is '^]'. > * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=LOGIN] Dovecot ready. > . login test at onnet.ch <mailto:test at onnet.ch> ********* > . OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS SPECIAL-USE BINARY MOVE QUOTA ACL RIGHTS=texk] Logged in > . SETACL Inbox test2 at onnet.ch <mailto:test2 at onnet.ch> lrwstipekxa > . OK Setacl complete. > . GETACL Inbox > * ACL Inbox test2 at onnet.ch <mailto:test2 at onnet.ch> akxeilprwtscd test at onnet.ch <mailto:test at onnet.ch> lrwstipekxacd > . OK Getacl completed.-------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20180808/030672fa/attachment-0001.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3696 bytes Desc: not available URL: <https://dovecot.org/pipermail/dovecot/attachments/20180808/030672fa/attachment-0001.p7s>
http://repo.dovecot.org/ <http://repo.dovecot.org/> Sami> On 8 Aug 2018, at 10.27, Simeon Ott <simeon.ott at onnet.ch> wrote: > > Okay, this seems to be due to the fact that the option ?use_globals_only" is supported only in v2.2.31+ > We are on Debian jessie with dovecot v2.2.13 ? even an upgrade to current stable stretch won?t help (dovecot v2.2.27). So we will wait until the packages find their way into the repository. > > thanks anyway > > >> On 7 Aug 2018, at 13:00, Simeon Ott <simeon.ott at onnet.ch <mailto:simeon.ott at onnet.ch>> wrote: >> but, did you read my last note anyway? >> IMPORTANT NOTE: anyway.. even with this options set (acl and acl_globals_only) the user test at onnet.ch <mailto:test at onnet.ch> is still able to share its own folders?! >> >> root at buserver:/etc/dovecot# doveadm user test at onnet.ch <mailto:test at onnet.ch> >> field value >> uid 5000 >> gid 5000 >> home /var/spool/postfix/virtual/onnet.ch/test/ <http://onnet.ch/test/> >> mail maildir:~/Maildir >> quota_rule *:bytes=1073741824 >> acl vfile:/etc/dovecot/dovecot-acl >> acl_globals_only yes >> >> root at buserver:/etc/dovecot# telnet localhost 143 >> Trying ::1... >> Connected to localhost. >> Escape character is '^]'. >> * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=LOGIN] Dovecot ready. >> . login test at onnet.ch <mailto:test at onnet.ch> ********* >> . OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS SPECIAL-USE BINARY MOVE QUOTA ACL RIGHTS=texk] Logged in >> . SETACL Inbox test2 at onnet.ch <mailto:test2 at onnet.ch> lrwstipekxa >> . OK Setacl complete. >> . GETACL Inbox >> * ACL Inbox test2 at onnet.ch <mailto:test2 at onnet.ch> akxeilprwtscd test at onnet.ch <mailto:test at onnet.ch> lrwstipekxacd >> . OK Getacl completed. >-------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20180808/76666986/attachment.html>