Hi!
I have some trouble with userdb, ldap an extrafields for acl_groups.
There is a script in python, which fetches the groups and sets the
environment-variable ACL_GROUPS to this groups.
It works when i log in to imap (thunderbird for example shows my? public
folders which are protected by acl_groups).
But when it try
doveadm mailbox list -u user.name
the mailboxes are not listed and with -Dv i get "permission denied, no
lookup rights".
in my dovecot-ldap-userdb.conf.ext is
hosts = ldap.server.example
dn = cn=service_id,ou=mailserver,ou=system,ou=services,dc=server,dc=example
dnpass = protectedpassword12345
tls = yes
tls_ca_cert_file = /etc/ssl/certs/ca-certificates.crt
tls_require_cert = demand
ldap_version = 3
base = ou=users,dc=server,dc=example
deref = always
scope = subtree
user_attrs
=home={ldap:dcMailMessageStore},system_groups_user=%u,allow_all_users=yes,=acl_groups=%{env:ACL_GROUPS}
user_filter
(&(objectClass=posixAccount)(uid=%u)(!(sn=NoLogin))(|(memberof=cn=perm-app-mymail_admins,ou=mymail,ou=apps,ou=services,dc=schuerz,dc=at)(memberof=cn=perm-app-mymail_users,ou=mymail,ou=apps,ou=services,dc=schuerz,dc=at)))
when i change acl_groups=%{env:ACL_GROUPS} to acl_gropus=mygroup, the
doveadm mailbox list command shows my public mailbox
So how do i get my acl_groups from the postlogin-script output into
userdb-query?
Even, when i do on the shell
ACL_GROUPS=mygroup doveadm mailbox list -u user.name
the ACL_GROUPS Environment is ignored by the doveadm-command...
thank you
jakob
Well, you don't have postlogin scripts when running doveadm. Those are executed by *-login and usually execute the actual protocol handler. Try env ACL_GROUPS=whatever doveadm mailbox list -u test.user Aki> On 04 February 2019 at 14:39 Jakobus Sch?rz <wertstoffe at nurfuerspam.de> wrote: > > > Hi! > > I have some trouble with userdb, ldap an extrafields for acl_groups. > > There is a script in python, which fetches the groups and sets the > environment-variable ACL_GROUPS to this groups. > It works when i log in to imap (thunderbird for example shows my? public > folders which are protected by acl_groups). > > But when it try > > doveadm mailbox list -u user.name > > the mailboxes are not listed and with -Dv i get "permission denied, no > lookup rights". > > in my dovecot-ldap-userdb.conf.ext is > > hosts = ldap.server.example > dn = cn=service_id,ou=mailserver,ou=system,ou=services,dc=server,dc=example > dnpass = protectedpassword12345 > tls = yes > tls_ca_cert_file = /etc/ssl/certs/ca-certificates.crt > tls_require_cert = demand > ldap_version = 3 > base = ou=users,dc=server,dc=example > deref = always > scope = subtree > user_attrs > =home={ldap:dcMailMessageStore},system_groups_user=%u,allow_all_users=yes,=acl_groups=%{env:ACL_GROUPS} > user_filter > (&(objectClass=posixAccount)(uid=%u)(!(sn=NoLogin))(|(memberof=cn=perm-app-mymail_admins,ou=mymail,ou=apps,ou=services,dc=schuerz,dc=at)(memberof=cn=perm-app-mymail_users,ou=mymail,ou=apps,ou=services,dc=schuerz,dc=at))) > > > when i change acl_groups=%{env:ACL_GROUPS} to acl_gropus=mygroup, the > doveadm mailbox list command shows my public mailbox > > > So how do i get my acl_groups from the postlogin-script output into > userdb-query? > > Even, when i do on the shell > > ACL_GROUPS=mygroup doveadm mailbox list -u user.name > > the ACL_GROUPS Environment is ignored by the doveadm-command... > > > thank you > > > jakob >
Hi Aki! The command didn't work. The protected mailbox is not shown. It's not the big problem, when doveadm does not show the public mailbox. The problem is, i have a sieve-filter, which puts some emails to this mailboxes... and the sieve-filter does not work too... the same problem "permission denied" in case of not knowing the acl_groups from ldap...? The sievefilter is a global-filter not a users sievefilter... how can i handle global mail-filtering for all users into one public mailbox? lg jakob Am 04.02.19 um 13:44 schrieb Aki Tuomi:> Well, you don't have postlogin scripts when running doveadm. Those are executed by *-login and usually execute the actual protocol handler. > > Try > > env ACL_GROUPS=whatever doveadm mailbox list -u test.user > > Aki > >> On 04 February 2019 at 14:39 Jakobus Sch?rz <wertstoffe at nurfuerspam.de> wrote: >> >> >> Hi! >> >> I have some trouble with userdb, ldap an extrafields for acl_groups. >> >> There is a script in python, which fetches the groups and sets the >> environment-variable ACL_GROUPS to this groups. >> It works when i log in to imap (thunderbird for example shows my? public >> folders which are protected by acl_groups). >> >> But when it try >> >> doveadm mailbox list -u user.name >> >> the mailboxes are not listed and with -Dv i get "permission denied, no >> lookup rights". >> >> in my dovecot-ldap-userdb.conf.ext is >> >> hosts = ldap.server.example >> dn = cn=service_id,ou=mailserver,ou=system,ou=services,dc=server,dc=example >> dnpass = protectedpassword12345 >> tls = yes >> tls_ca_cert_file = /etc/ssl/certs/ca-certificates.crt >> tls_require_cert = demand >> ldap_version = 3 >> base = ou=users,dc=server,dc=example >> deref = always >> scope = subtree >> user_attrs >> =home={ldap:dcMailMessageStore},system_groups_user=%u,allow_all_users=yes,=acl_groups=%{env:ACL_GROUPS} >> user_filter >> (&(objectClass=posixAccount)(uid=%u)(!(sn=NoLogin))(|(memberof=cn=perm-app-mymail_admins,ou=mymail,ou=apps,ou=services,dc=schuerz,dc=at)(memberof=cn=perm-app-mymail_users,ou=mymail,ou=apps,ou=services,dc=schuerz,dc=at))) >> >> >> when i change acl_groups=%{env:ACL_GROUPS} to acl_gropus=mygroup, the >> doveadm mailbox list command shows my public mailbox >> >> >> So how do i get my acl_groups from the postlogin-script output into >> userdb-query? >> >> Even, when i do on the shell >> >> ACL_GROUPS=mygroup doveadm mailbox list -u user.name >> >> the ACL_GROUPS Environment is ignored by the doveadm-command... >> >> >> thank you >> >> >> jakob >>