search for: userdb_acl

Hello Is it possible to limit the ability of sharing it?s own mailboxes to only a few users? We have a few sensitive mailboxes of users where the ability to share via IMAP SETACL should be prevented. I tried the following so far? doveadm acl remove -u test at onnet.ch INBOX user=test at onnet.ch admin but when doing this the admin rights are still there doveadm acl rights -u test at

You could do userdb { ?? driver = username_format=%Lu passwd-file ?? args = /etc/dovecot/share.passwd } #? /etc/dovecot/share.passwd test at onnet.ch::::::: userdb_acl=vfile:/etc/dovecot/dovecot-acl userdb_acl_globals_only = yes should prevent the user from modifying any ACL files. Aki On 05.08.2018 17:04, Simeon Ott wrote: > Hello > > Is it possible to limit the ability of sharing it?s own mailboxes to > only a few users? > We have a few sensit...

...hole managesieve_logout_format = bytes=%i/%o managesieve_max_compile_errors = 5 managesieve_max_line_length = 65536 } root at buserver:/etc/dovecot# cat dovecot-acl root at buserver:/etc/dovecot# ?> means empty file root at buserver:/etc/dovecot# cat share.passwd test at onnet.ch:::::::userdb_acl=vfile:/etc/dovecot/dovecot-acl userdb_acl_globals_only=yes root at buserver:/etc/dovecot# sed -e '/^#/d' dovecot-ldap.conf hosts = localhost uris = ldap://localhost:389/ debug_level = 10 auth_bind = yes ldap_version = 3 base = ou=domains,dc=intra,dc=onnet,dc=ch deref = never scope = subtre...

...> ? managesieve_max_line_length = 65536 > } > > root at buserver:/etc/dovecot# cat dovecot-acl > root at buserver:/etc/dovecot# > > ?> means empty file > > root at buserver:/etc/dovecot# cat share.passwd? > test at onnet.ch > <mailto:test at onnet.ch>:::::::userdb_acl=vfile:/etc/dovecot/dovecot-acl > userdb_acl_globals_only=yes > > root at buserver:/etc/dovecot# sed -e '/^#/d' dovecot-ldap.conf > hosts = localhost > uris = ldap://localhost:389/ > debug_level = 10 > auth_bind = yes > ldap_version = 3 > base = ou=domains,dc=intra...

...>> } >> >> root at buserver:/etc/dovecot# cat dovecot-acl >> root at buserver:/etc/dovecot# >> >> ?> means empty file >> >> root at buserver:/etc/dovecot# cat share.passwd >> test at onnet.ch >> <mailto:test at onnet.ch>:::::::userdb_acl=vfile:/etc/dovecot/dovecot-acl >> userdb_acl_globals_only=yes >> >> root at buserver:/etc/dovecot# sed -e '/^#/d' dovecot-ldap.conf >> hosts = localhost >> uris = ldap://localhost:389/ >> debug_level = 10 >> auth_bind = yes >> ldap_version =...

...y for that! I was offline during writing my answer to your mail and so it left my outbox after the advice from Sami. >> >> The solution works well when using passwd userdbs only. I didn?t get it running in conjunction with ldap userdb. I tried to use an LDAP attribute and mapping it to userdb_acl_globals_only and another try with acl_globals_only. Both attributes were not considered by the lookup. Another try was to use a separate passwd-userdb for this attribute only. When placing the passwd-userdb before the ldap-userdb the ldap attributes are not considered. If the ldap-userdb is placed...

...t# cat dovecot-acl >>> root at buserver:/etc/dovecot# >>> >>> ?> means empty file >>> >>> root at buserver:/etc/dovecot# cat share.passwd? >>> test at onnet.ch <mailto:test at onnet.ch> >>> <mailto:test at onnet.ch>:::::::userdb_acl=vfile:/etc/dovecot/dovecot-acl >>> userdb_acl_globals_only=yes >>> >>> root at buserver:/etc/dovecot# sed -e '/^#/d' dovecot-ldap.conf >>> hosts = localhost >>> uris = ldap://localhost:389/ >>> debug_level = 10 >>> auth_bind = y...