Displaying 11 results from an estimated 11 matches for "userdb_acl_globals_on".
Did you mean:
userdb_acl_globals_only
2018 Aug 07
2
limit sharing ability to certain users
Sorry for that! I was offline during writing my answer to your mail and so it left my outbox after the advice from Sami.
The solution works well when using passwd userdbs only. I didn?t get it running in conjunction with ldap userdb. I tried to use an LDAP attribute and mapping it to userdb_acl_globals_only and another try with acl_globals_only. Both attributes were not considered by the lookup. Another try was to use a separate passwd-userdb for this attribute only. When placing the passwd-userdb before the ldap-userdb the ldap attributes are not considered. If the ldap-userdb is placed before the...
2018 Aug 05
4
limit sharing ability to certain users
Hello
Is it possible to limit the ability of sharing it?s own mailboxes to only a few users?
We have a few sensitive mailboxes of users where the ability to share via IMAP SETACL should be prevented.
I tried the following so far?
doveadm acl remove -u test at onnet.ch INBOX user=test at onnet.ch admin
but when doing this the admin rights are still there
doveadm acl rights -u test at
2018 Aug 07
2
limit sharing ability to certain users
...y for that! I was offline during writing my answer to your mail and so it left my outbox after the advice from Sami.
>>
>> The solution works well when using passwd userdbs only. I didn?t get it running in conjunction with ldap userdb. I tried to use an LDAP attribute and mapping it to userdb_acl_globals_only and another try with acl_globals_only. Both attributes were not considered by the lookup. Another try was to use a separate passwd-userdb for this attribute only. When placing the passwd-userdb before the ldap-userdb the ldap attributes are not considered. If the ldap-userdb is placed before the...
2018 Aug 06
0
limit sharing ability to certain users
You could do
userdb {
?? driver = username_format=%Lu passwd-file
?? args = /etc/dovecot/share.passwd
}
#? /etc/dovecot/share.passwd
test at onnet.ch::::::: userdb_acl=vfile:/etc/dovecot/dovecot-acl
userdb_acl_globals_only = yes
should prevent the user from modifying any ACL files.
Aki
On 05.08.2018 17:04, Simeon Ott wrote:
> Hello
>
> Is it possible to limit the ability of sharing it?s own mailboxes to
> only a few users?
> We have a few sensitive mailboxes of users where the ability to share
>...
2018 Aug 07
0
limit sharing ability to certain users
...> Sorry for that! I was offline during writing my answer to your mail and so it left my outbox after the advice from Sami.
>
> The solution works well when using passwd userdbs only. I didn?t get it running in conjunction with ldap userdb. I tried to use an LDAP attribute and mapping it to userdb_acl_globals_only and another try with acl_globals_only. Both attributes were not considered by the lookup. Another try was to use a separate passwd-userdb for this attribute only. When placing the passwd-userdb before the ldap-userdb the ldap attributes are not considered. If the ldap-userdb is placed before the...
2018 Aug 07
0
limit sharing ability to certain users
...hat! I was offline during writing my answer to your mail and so it left my outbox after the advice from Sami.
>>>
>>> The solution works well when using passwd userdbs only. I didn?t get it running in conjunction with ldap userdb. I tried to use an LDAP attribute and mapping it to userdb_acl_globals_only and another try with acl_globals_only. Both attributes were not considered by the lookup. Another try was to use a separate passwd-userdb for this attribute only. When placing the passwd-userdb before the ldap-userdb the ldap attributes are not considered. If the ldap-userdb is placed before the...
2018 Aug 06
2
limit sharing ability to certain users
Thanks for the advice Aki
> On 6 Aug 2018, at 07:26, Aki Tuomi <aki.tuomi at dovecot.fi> wrote:
>
> userdb {
> driver = username_format=%Lu passwd-file
> args = /etc/dovecot/share.passwd
> }
Something is wrong with the suggested driver configuration ? Leads to a fatal ? I think there is missing a driver name.
Any chance of doing this via LDAP attribute?
Here is
2018 Aug 07
2
limit sharing ability to certain users
...i/%o
managesieve_max_compile_errors = 5
managesieve_max_line_length = 65536
}
root at buserver:/etc/dovecot# cat dovecot-acl
root at buserver:/etc/dovecot#
?> means empty file
root at buserver:/etc/dovecot# cat share.passwd
test at onnet.ch:::::::userdb_acl=vfile:/etc/dovecot/dovecot-acl userdb_acl_globals_only=yes
root at buserver:/etc/dovecot# sed -e '/^#/d' dovecot-ldap.conf
hosts = localhost
uris = ldap://localhost:389/
debug_level = 10
auth_bind = yes
ldap_version = 3
base = ou=domains,dc=intra,dc=onnet,dc=ch
deref = never
scope = subtree
user_attrs = homeDirectory=home=/var/spool/postfix/...
2018 Aug 07
0
limit sharing ability to certain users
...}
>
> root at buserver:/etc/dovecot# cat dovecot-acl
> root at buserver:/etc/dovecot#
>
> ?> means empty file
>
> root at buserver:/etc/dovecot# cat share.passwd?
> test at onnet.ch
> <mailto:test at onnet.ch>:::::::userdb_acl=vfile:/etc/dovecot/dovecot-acl
> userdb_acl_globals_only=yes
>
> root at buserver:/etc/dovecot# sed -e '/^#/d' dovecot-ldap.conf
> hosts = localhost
> uris = ldap://localhost:389/
> debug_level = 10
> auth_bind = yes
> ldap_version = 3
> base = ou=domains,dc=intra,dc=onnet,dc=ch
> deref = never
> scope = subtree
&g...
2018 Aug 07
2
limit sharing ability to certain users
.../dovecot# cat dovecot-acl
>> root at buserver:/etc/dovecot#
>>
>> ?> means empty file
>>
>> root at buserver:/etc/dovecot# cat share.passwd
>> test at onnet.ch
>> <mailto:test at onnet.ch>:::::::userdb_acl=vfile:/etc/dovecot/dovecot-acl
>> userdb_acl_globals_only=yes
>>
>> root at buserver:/etc/dovecot# sed -e '/^#/d' dovecot-ldap.conf
>> hosts = localhost
>> uris = ldap://localhost:389/
>> debug_level = 10
>> auth_bind = yes
>> ldap_version = 3
>> base = ou=domains,dc=intra,dc=onnet,dc=ch
>>...
2018 Aug 07
0
limit sharing ability to certain users
...ovecot#
>>>
>>> ?> means empty file
>>>
>>> root at buserver:/etc/dovecot# cat share.passwd?
>>> test at onnet.ch <mailto:test at onnet.ch>
>>> <mailto:test at onnet.ch>:::::::userdb_acl=vfile:/etc/dovecot/dovecot-acl
>>> userdb_acl_globals_only=yes
>>>
>>> root at buserver:/etc/dovecot# sed -e '/^#/d' dovecot-ldap.conf
>>> hosts = localhost
>>> uris = ldap://localhost:389/
>>> debug_level = 10
>>> auth_bind = yes
>>> ldap_version = 3
>>> base = ou=domains,dc...