[Dovecot] [IDEA] Shared Folders via LDAP Lookups

Gavin Henry ghenry at suretecsystems.com
Sun Dec 3 16:03:37 UTC 2006


<quote who="Timo Sirainen">
> On Thu, 2006-11-30 at 14:55 +0000, Gavin Henry wrote:
>> Our idea is either in the namespace declaration or if a folder has a
>> dovecot-shared file/symlink, have a ldap lookup defined in say,
>> dovecot-ldap-shares.conf or dovecot-ldap.conf, that queries a dn and
>> looks
>> for memberUID or a group dn, then those uids/groups can get into the
>> IMAP
>> maildir.
>
> I guess this could work as a simpler ACL plugin backend, if you only
> needed "all access" vs. "none access". Or the ACLs could be defined in
> LDAP as well. I'd rather not touch LDAP more than I have to, though. :)

It would be excellent if the ACLs could be in LDAP too.

I'm thinking along the lines of how samba stores account flags in a
directory, e.g. sambaAcctFlags: [U          ]

We could add this to a dovecot.schema e.g.

dovecotACLflags:

etc.

>
> I was also going to add support for defining multiple groups in
> dovecot-auth (either as plain names or name=GID lists to give access to
> multiple GIDs). Once that works, it's also possible to support group
> ACLs in the vfile ACL backend too.

Excellent.




>
>



More information about the dovecot mailing list