[Dovecot] delegation of admin rights

Ed W lists at wildgooses.com
Mon May 23 18:38:53 EEST 2011


On 23/05/2011 16:07, Ariel Biener wrote:
>    We need to provide admin rights to faculty computer/IT staff, so they
> can have access to the mailboxes
> of their respective users. We use LDAP as an
> authentication/authorization backend.
> 
>     Currently, dovecot has a "master user" which can access all
> mailboxes. I am looking for a solution,
> preferably within dovecot, to create a delegation type of
> administration, allowing certain users to
> access the mailboxes of other users based on an LDAP filter or LDAP
> attribute value. If possible,
> allowing per protocol access(that is, I would like to give them IMAP
> access and not POP3) and within IMAP
> allowing only to view a mailbox, but not to change it, that would be
> even better.

If I were doing this in SQL, then I would construct my SQL query to
basically be true IFF some complicated where clause confirms the delegation?

Possibly you can do a similar query in LDAP?

Note one significant limitation is that the username is in the format
"admin*user" in variable %u.  This makes all your queries quite
tricky... I would recommend considering sponsoring some feature request
to have this split into two extra variables with the admin and usernames
split out?  In the case of LDAP that should make it possible to filter
on some admin attribute?

Also you have Checkpassword script option and you can do anything you
like in that script?

Good luck

Ed W


More information about the dovecot mailing list