similar to: LDAP acl_groups - can multivalue LDAP be used

Hi, I found a 9 year old thread (https://www.dovecot.org/list/dovecot/2010-October/054407.html) concerning acl_groups in OpenLDAP. In this thread someone asked, if it is possible to provide ACLs as multi value in OpenLDAP. I know that Dovecot expects acl_groups as a comma separated list, so currently I do this with a single value. Did the code change a little bit and accepts multi values now?

Hi! I have some trouble with userdb, ldap an extrafields for acl_groups. There is a script in python, which fetches the groups and sets the environment-variable ACL_GROUPS to this groups. It works when i log in to imap (thunderbird for example shows my? public folders which are protected by acl_groups). But when it try doveadm mailbox list -u user.name the mailboxes are not listed and with

> Am 29.08.2019 um 11:30 schrieb R.N.S. via dovecot <dovecot at dovecot.org>: > > > >> Am 29.08.2019 um 11:23 schrieb Aki Tuomi via dovecot <dovecot at dovecot.org>: >> >> >> On 29.8.2019 12.18, R.N.S. via dovecot wrote: >>> >>>> Am 28.08.2019 um 20:02 schrieb Aki Tuomi via dovecot <dovecot at dovecot.org>:

On 29.8.2019 12.30, R.N.S. via dovecot wrote: > >> Am 29.08.2019 um 11:23 schrieb Aki Tuomi via dovecot <dovecot at dovecot.org>: >> >> >> On 29.8.2019 12.18, R.N.S. via dovecot wrote: >>>> Am 28.08.2019 um 20:02 schrieb Aki Tuomi via dovecot <dovecot at dovecot.org>: >>>> >>>> >>>>> On 28/08/2019 21:01

On 29.8.2019 12.18, R.N.S. via dovecot wrote: > >> Am 28.08.2019 um 20:02 schrieb Aki Tuomi via dovecot <dovecot at dovecot.org>: >> >> >>> On 28/08/2019 21:01 R.N.S. via dovecot <dovecot at dovecot.org> wrote: >>> >>> >>>> Am 28.08.2019 um 19:46 schrieb Jakobus Sch?rz via dovecot <dovecot at dovecot.org>:

Well, you don't have postlogin scripts when running doveadm. Those are executed by *-login and usually execute the actual protocol handler. Try env ACL_GROUPS=whatever doveadm mailbox list -u test.user Aki > On 04 February 2019 at 14:39 Jakobus Sch?rz <wertstoffe at nurfuerspam.de> wrote: > > > Hi! > > I have some trouble with userdb, ldap an extrafields for

> Am 29.08.2019 um 11:23 schrieb Aki Tuomi via dovecot <dovecot at dovecot.org>: > > > On 29.8.2019 12.18, R.N.S. via dovecot wrote: >> >>> Am 28.08.2019 um 20:02 schrieb Aki Tuomi via dovecot <dovecot at dovecot.org>: >>> >>> >>>> On 28/08/2019 21:01 R.N.S. via dovecot <dovecot at dovecot.org> wrote: >>>>

Hi, I use a post login script for imap, to fetch acl groups from LDAP. Because Dovecot can only deal with a single value, which must be a comma seperated list of groups, I decided to use a post login script do deal with multi values in LDAP: This looks like this in LDAP: rnsMSACLGroup: admin rnsMSACLGroup: automx rnsMSACLGroup: amavis rnsMSACLGroup: postfix rnsMSACLGroup: dovecot rnsMSACLGroup:

> Am 28.08.2019 um 20:02 schrieb Aki Tuomi via dovecot <dovecot at dovecot.org>: > > >> On 28/08/2019 21:01 R.N.S. via dovecot <dovecot at dovecot.org> wrote: >> >> >>> Am 28.08.2019 um 19:46 schrieb Jakobus Sch?rz via dovecot <dovecot at dovecot.org>: >>> >>> I think, i had the same problem as you. >>>

From the wiki: ACL groups support works by returning a comma-separated acl_groups extra field <http://wiki2.dovecot.org/UserDatabase/ExtraFields> from userdb, which contains all the groups the user belongs to. User's UNIX groups have no effect on ACLs (you can "enable" them by using a special post-login script <http://wiki2.dovecot.org/PostLoginScripting>).

Hi list, I have a question on auth caching in 2.2.18. I am using acl_groups for a master user, appended in a static userdb file # snip ############################### master at uma:{SHA}XXXX=::::::userdb_acl_groups=umareadmaster allow_nets=127.0.0.1 # snap ############################### and use this group in a global ACL file. I discovered this only works on first NOT-cached login

> On 28/08/2019 21:01 R.N.S. via dovecot <dovecot at dovecot.org> wrote: > > > > Am 28.08.2019 um 19:46 schrieb Jakobus Sch?rz via dovecot <dovecot at dovecot.org>: > > > > I think, i had the same problem as you. > > > > When dovecot runs lmtp, no user is logged in, so there is no user from > > which you can get groups. So i think, my

hi timo, I checked out the commit causing this. its this one: http://hg.dovecot.org/dovecot-2.2/diff/5e445c659f89/src/auth/auth-request.c#l1.32 if I move this block back as it was. everything is fine diff -r a46620d6e0ff -r 5e445c659f89 src/auth/auth-request.c --- a/src/auth/auth-request.c Tue May 05 13:35:52 2015 +0300 +++ b/src/auth/auth-request.c Tue May 05 14:16:31 2015 +0300 @@ -618,30

Further information below. > Am 28.08.2019 um 14:52 schrieb R.N.S. via dovecot <dovecot at dovecot.org>: > > Hi, > > I use a post login script for imap, to fetch acl groups from LDAP. Because Dovecot can only deal with a single value, which must be a comma seperated list of groups, I decided to use a post login script do deal with multi values in LDAP: > > This looks

Hi, Simple Scenario: Shared namespace and a specific UNIX group should have access to it. System is Debian lenny (stable). # cat /etc/dovecot/dovecot.conf [...] namespace public { separator = . prefix = Shared. location = maildir:/var/mail/shared } mail_executable = /usr/local/sbin/dovecot-imap-fix.sh mail_drop_priv_before_exec = no #just to make sure [...] # dpkg -l | grep dovecot ii

Hi, i want to use unix groups in my ACLs. http://wiki2.dovecot.org/ACL says, I can do that with a post-login script (http://wiki2.dovecot.org/PostLoginScripting). I have verified, that the script is running, and that ACL_GROUPS is correct. But I still can't access the Mailbox. Logfile says: Dec 3 11:19:35 mailint1 dovecot: imap(micha): Debug: acl vfile: reading file

On 14 Dec 2016, at 11.16, Mike Fr?hner <mikefroehner at gmx.de> wrote: > > I made some additional tests and found that also local unix groups are not working in replacement for my ldap groups as discribed below. > > Do groups in dovecot-acl intendedly not work? http://wiki2.dovecot.org/ACL <http://wiki2.dovecot.org/ACL> -> ACL groups support works by returning a

Hi! Please help me with this. The problem exists when quota-warning is executing: LOG: Jan 10 10:15:06 lmtp(85973): Debug: none: root=, index=, control=, inbox=, alt= Jan 10 10:15:06 lmtp(85973): Info: Connect from local Jan 10 10:15:06 lmtp(85973): Debug: Loading modules from directory: /usr/local/lib/dovecot Jan 10 10:15:06 lmtp(85973): Debug: Module loaded:

v2.1 supports now multiple LDAP fields in a template e.g.: user_attrs = \ homeDirectory=home, \ uidNumber=uid, \ gidNumber=gid, \ =mail=%{ldap:mailboxFormat}:%{ldap:homeDirectory} which is the same as: user_attrs = \ =home=%{ldap:homeDirectory}, \ =uid=%{ldap:uidNumber}, \ =gid=%{ldap:gidNumber}, \ =mail=%{ldap:mailboxFormat}:%{ldap:homeDirectory} I was also thinking about

Hi all! I have a corpus of virtual users ( user1 at domain.tld , user2 at domain.tld, user3 at domain.tld,..., usern at domain.tld ... ) authenticated against Active Directory. Is it possible to group some users (virtual) and give appropriate ACLs on a shared imap public folder using an ACL vfile? thanks in advance Dimitrios