Problems with dsync and global acls

Michał Węgrzynek mwegrzynek at litex.pl
Thu Jun 12 12:04:43 UTC 2014 

Hi all!

I have 2 servers running dsync tcp replication between them. After 
setting global ACLs to

* user=admin lrwstipekxa

on both hosts, I get the following errors during replication for every 
folder:

dsync-local(mwegrzynek): Error: Mailbox Trash: Failed to set attribute 
vendor/vendor.dovecot/pvt/acl/user=admin: Invalid right ''

This error first manifested in version 2.2.13, there were no such errors 
in 2.2.9 (stock Ubuntu 14.04) version.

Am I doing something wrong?

My configuration:

# 2.2.13.3 (6dab0352ccb3+): /etc/dovecot/dovecot.conf
# OS: Linux 3.13.0-29-generic x86_64 Ubuntu 14.04 LTS ext4
auth_cache_size = 10 M
auth_gssapi_hostname = $ALL
auth_krb5_keytab = /etc/dovecot/krb5.keytab
auth_master_user_separator = *
auth_mechanisms = plain login gssapi
auth_username_chars = 
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@()
auth_username_format = %Ln
auth_verbose = yes
default_client_limit = 10000
default_process_limit = 1000
default_vsz_limit = 2 G
doveadm_port = 12345
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
lmtp_rcpt_check_quota = yes
lmtp_save_to_detail_mailbox = yes
mail_gid = vmail
mail_home = /var/mail/users/%u
mail_location = mdbox:/var/mail/users/%u/mdbox
mail_plugins = acl quota virtual zlib listescape fts fts_squat notify 
replication
mail_prefetch_count = 20
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope 
encoded-character vacation subaddress comparator-i;ascii-numeric 
relational regex imap4flags copy include variables body enotify 
environment mailbox date ihave duplicate
mdbox_preallocate_space = yes
namespace dzielone {
   list = children
   location = mdbox:%%h/mdbox:INDEXPVT=~/shared/%%u
   prefix = Dzielone/%%u/
   separator = /
   subscriptions = no
   type = shared
}
namespace inbox {
   inbox = yes
   list = yes
   location =
   mailbox Drafts {
     auto = subscribe
     special_use = \Drafts
   }
   mailbox Junk {
     auto = subscribe
     special_use = \Junk
   }
   mailbox Sent {
     auto = subscribe
     special_use = \Sent
   }
   mailbox Trash {
     auto = subscribe
     special_use = \Trash
   }
   prefix =
   separator = /
   subscriptions = yes
   type = private
}
namespace publiczne {
   list = children
   location = mdbox:/var/mail/public:INDEXPVT=~/public
   prefix = Publiczne/
   separator = /
   subscriptions = no
   type = public
}
passdb {
   args = /etc/dovecot/passwd.masterusers
   driver = passwd-file
   master = yes
}
passdb {
   args = /etc/dovecot/dovecot-ldap.passdb.ext
   driver = ldap
}
plugin {
   acl = vfile:/etc/dovecot/global-acls:cache_secs=300
   acl_shared_dict = file:/var/mail/config/shared-mailboxes
   fts = squat
   fts_squat = partial=4 full=10
   mail_replica = tcps:xxx.yyy.zzz
   quota = dict:User quota::file:%h/dovecot-quota
   sieve = ~/.dovecot.sieve
   sieve_dir = ~/sieve
   zlib_save = gz
   zlib_save_level = 6
}
pop3_uidl_format = %v.%u
protocols = imap pop3 lmtp sieve
quota_full_tempfail = yes
replication_dsync_parameters = -d -l 60 -n inbox -U
service aggregator {
   fifo_listener replication-notify-fifo {
     user = vmail
   }
   unix_listener replication-notify {
     user = vmail
   }
}
service auth {
   unix_listener /var/spool/postfix/private/dovecot-auth {
     group = postfix
     mode = 0660
     user = postfix
   }
   unix_listener auth-userdb {
     group = vmail
     user = vmail
   }
}
service doveadm {
   inet_listener {
     port = 12345
     ssl = yes
   }
   process_limit = 10
}
service imap-login {
   inet_listener imap {
     port = 143
   }
   inet_listener imaps {
     port = 993
     ssl = yes
   }
}
service lmtp {
   unix_listener /var/spool/postfix/private/dovecot-lmtp {
     group = postfix
     mode = 0600
     user = postfix
   }
}
service managesieve-login {
   inet_listener sieve {
     port = 4190
   }
}
service pop3-login {
   inet_listener pop3 {
     port = 110
   }
   inet_listener pop3s {
     port = 995
     ssl = yes
   }
}
service replicator {
   process_min_avail = 1
   unix_listener replicator-doveadm {
     mode = 0600
     user = vmail
   }
}
ssl_ca = </etc/ssl/certs/xxx.pem
ssl_cert = </etc/ssl/certs/default.pem
ssl_cipher_list = 
ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM
ssl_client_ca_file = /etc/ssl/certs/xxx.pem
ssl_key = </etc/ssl/private/default.key
userdb {
   driver = prefetch
}
userdb {
   args = /etc/dovecot/dovecot-ldap.userdb.ext
   driver = ldap
}
protocol lmtp {
   mail_plugins = acl quota virtual zlib listescape fts fts_squat notify 
replication sieve
}
protocol lda {
   mail_plugins = acl quota virtual zlib listescape fts fts_squat notify 
replication sieve
}
protocol imap {
   mail_plugins = acl quota virtual zlib listescape fts fts_squat notify 
replication imap_acl imap_zlib imap_quota
}

Thanks in advance for your help,

-- 
*Michał Węgrzynek*

More information about the dovecot mailing list