search for: acl_groups

Hi! I have some trouble with userdb, ldap an extrafields for acl_groups. There is a script in python, which fetches the groups and sets the environment-variable ACL_GROUPS to this groups. It works when i log in to imap (thunderbird for example shows my? public folders which are protected by acl_groups). But when it try doveadm mailbox list -u user.name the mailboxe...

Well, you don't have postlogin scripts when running doveadm. Those are executed by *-login and usually execute the actual protocol handler. Try env ACL_GROUPS=whatever doveadm mailbox list -u test.user Aki > On 04 February 2019 at 14:39 Jakobus Sch?rz <wertstoffe at nurfuerspam.de> wrote: > > > Hi! > > I have some trouble with userdb, ldap an extrafields for acl_groups. > > There is a script in python, which fetches th...

...ally got it working with Lua. >>> >>> Changes to the auth-ldap.conf.ext file: >>> -------------------------------------------------- >>> userdb { >>> driver = ldap >>> args = /etc/dovecot/dovecot-ldap.conf.ext >>> >>> # Fetch acl_groups from LDAP with the Lua userdb script >>> skip = never >>> result_success = continue >>> result_failure = return-fail >>> >>> # Default fields can be used to specify defaults that LDAP may override >>> #default_fields = home=/home/virtual/%u &gt...

Hi list, I have a question on auth caching in 2.2.18. I am using acl_groups for a master user, appended in a static userdb file # snip ############################### master at uma:{SHA}XXXX=::::::userdb_acl_groups=umareadmaster allow_nets=127.0.0.1 # snap ############################### and use this group in a global ACL file. I discovered this only works on first NOT-c...

Hi, I found a 9 year old thread (https://www.dovecot.org/list/dovecot/2010-October/054407.html) concerning acl_groups in OpenLDAP. In this thread someone asked, if it is possible to provide ACLs as multi value in OpenLDAP. I know that Dovecot expects acl_groups as a comma separated list, so currently I do this with a single value. Did the code change a little bit and accepts multi values now? Would be nice to hav...

...as a string, instead of using post-login script. > I finally got it working with Lua. > > Changes to the auth-ldap.conf.ext file: > -------------------------------------------------- > userdb { > driver = ldap > args = /etc/dovecot/dovecot-ldap.conf.ext > > # Fetch acl_groups from LDAP with the Lua userdb script > skip = never > result_success = continue > result_failure = return-fail > > # Default fields can be used to specify defaults that LDAP may override > #default_fields = home=/home/virtual/%u > } > ------------------------------...

...that would allow returning the acl groups as a string, instead of using post-login script. I finally got it working with Lua. Changes to the auth-ldap.conf.ext file: -------------------------------------------------- userdb { driver = ldap args = /etc/dovecot/dovecot-ldap.conf.ext # Fetch acl_groups from LDAP with the Lua userdb script skip = never result_success = continue result_failure = return-fail # Default fields can be used to specify defaults that LDAP may override #default_fields = home=/home/virtual/%u } -------------------------------------------------- I created this au...

...lly got it working with Lua. >>> >>> Changes to the auth-ldap.conf.ext file: >>> -------------------------------------------------- >>> userdb { >>> driver = ldap >>> args = /etc/dovecot/dovecot-ldap.conf.ext >>> >>> # Fetch acl_groups from LDAP with the Lua userdb script >>> skip = never >>> result_success = continue >>> result_failure = return-fail >>> >>> # Default fields can be used to specify defaults that LDAP may override >>> #default_fields = home=/home/virtual/%u...

...-login script. >> I finally got it working with Lua. >> >> Changes to the auth-ldap.conf.ext file: >> -------------------------------------------------- >> userdb { >> driver = ldap >> args = /etc/dovecot/dovecot-ldap.conf.ext >> >> # Fetch acl_groups from LDAP with the Lua userdb script >> skip = never >> result_success = continue >> result_failure = return-fail >> >> # Default fields can be used to specify defaults that LDAP may override >> #default_fields = home=/home/virtual/%u >> } >> --...

Hi, Is there some kind of way to get acl_groups out of LDAP without having to maintain an entry with a list of groups 'a,b,c' and so on? Our groups have a list of 'member' attributes with CNs pointing at users. Ideally there would be a way to look this up directly. Alternately I could perhaps use an OpenLDAP overlay to show &...

...dovecot 2.2.15 > > everythings works fine. so might be a bug introduced between 2.2.16 and > 2.2.18 > > > > > > On 08/05/2015 04:30 PM, matthias lay wrote: >> Hi list, >> >> I have a question on auth caching in 2.2.18. >> >> I am using acl_groups for a master user, appended in a static userdb file >> >> # snip ############################### >> master at uma:{SHA}XXXX=::::::userdb_acl_groups=umareadmaster >> allow_nets=127.0.0.1 >> # snap ############################### >> >> and use this group in a...

> On 28/08/2019 21:01 R.N.S. via dovecot <dovecot at dovecot.org> wrote: > > > > Am 28.08.2019 um 19:46 schrieb Jakobus Sch?rz via dovecot <dovecot at dovecot.org>: > > > > I think, i had the same problem as you. > > > > When dovecot runs lmtp, no user is logged in, so there is no user from > > which you can get groups. So i think, my

...grep dovecot ii dovecot-common 1:1.0.15-2.3+lenny1 secure mail server that ii dovecot-imapd 1:1.0.15-2.3+lenny1 secure IMAP server that # cat /usr/local/sbin/dovecot-imap-fix.sh #!/bin/sh cat /var/mail/shared/.Office/dovecot-acl > /tmp/dovecot-$USER env >> /tmp/dovecot-$USER ACL_GROUPS=`groups $USER | tr ' ' ','` export ACL_GROUPS exec /usr/lib/dovecot/imap $* # ls -la -R /var/mail/shared/ # (cut the .,.. in output) /var/mail/shared/: total 28 drwxrwx--- 5 root office 4096 Dec 15 15:53 .Office drwxr-xr-x 2 root root 4096 Dec 14 16:55 cur -rw-r--r-- 1 root...

> Am 28.08.2019 um 19:46 schrieb Jakobus Sch?rz via dovecot <dovecot at dovecot.org>: > > I think, i had the same problem as you. > > When dovecot runs lmtp, no user is logged in, so there is no user from > which you can get groups. So i think, my solution is (not really sure, > if this is right, it's a long time ago, i played around) this transport > in exim

> Am 28.08.2019 um 20:02 schrieb Aki Tuomi via dovecot <dovecot at dovecot.org>: > > >> On 28/08/2019 21:01 R.N.S. via dovecot <dovecot at dovecot.org> wrote: >> >> >>> Am 28.08.2019 um 19:46 schrieb Jakobus Sch?rz via dovecot <dovecot at dovecot.org>: >>> >>> I think, i had the same problem as you. >>>

Hi all! I have a corpus of virtual users ( user1 at domain.tld , user2 at domain.tld, user3 at domain.tld,..., usern at domain.tld ... ) authenticated against Active Directory. Is it possible to group some users (virtual) and give appropriate ACLs on a shared imap public folder using an ACL vfile? thanks in advance Dimitrios

Hi, i want to use unix groups in my ACLs. http://wiki2.dovecot.org/ACL says, I can do that with a post-login script (http://wiki2.dovecot.org/PostLoginScripting). I have verified, that the script is running, and that ACL_GROUPS is correct. But I still can't access the Mailbox. Logfile says: Dec 3 11:19:35 mailint1 dovecot: imap(micha): Debug: acl vfile: reading file /var/mail/mailboxes/shared/mails/server-root/dovecot-acl Dec 3 11:19:35 mailint1 dovecot: imap(micha): Debug: acl vfile: reading file /var/mail/mai...

From the wiki: ACL groups support works by returning a comma-separated acl_groups extra field <http://wiki2.dovecot.org/UserDatabase/ExtraFields> from userdb, which contains all the groups the user belongs to. User's UNIX groups have no effect on ACLs (you can "enable" them by using a special post-login script <http://wiki2.dovecot.org/PostLoginScripti...

I think, i had the same problem as you. When dovecot runs lmtp, no user is logged in, so there is no user from which you can get groups. So i think, my solution is (not really sure, if this is right, it's a long time ago, i played around) this transport in exim for local delivery dovecot_delivery:????????????? ? debug_print = "T: dovecot_delivery_pipe for $local_part@$domain translates

> On 28/08/2019 21:07 R.N.S. via dovecot <dovecot at dovecot.org> wrote: > > > > Am 28.08.2019 um 20:02 schrieb Aki Tuomi via dovecot <dovecot at dovecot.org>: > > > > > >> On 28/08/2019 21:01 R.N.S. via dovecot <dovecot at dovecot.org> wrote: > >> > >> > >>> Am 28.08.2019 um 19:46 schrieb Jakobus Sch?rz via