public folder subscriptions sync issue with ldap user/group in dovecot-acl

Mike Fröhner mikefroehner at gmx.de
Wed Dec 14 09:16:02 UTC 2016


I made some additional tests and found that also local unix groups are 
not working in replacement for my ldap groups as discribed below.

Do groups in dovecot-acl intendedly not work?

On 12/13/2016 03:47 PM, Mike Fröhner wrote:
> Hello people,
>
> I am having an issue with 'doveadm sync'. I am currently trying to have
> two dovecots behind an haproxy (works fine). Therefore I configured
> these two dovecot server (imap-1/imap-2) to sync throught dsync. This
> works just partly. The sync of the maiboxes is fine, but the sync of the
> subscriptions file just works partly. It works for private folder
> subscription, but not completly for public folder subscription. I found
> two issues, if I am using LDAP (user/groups) in dovecot ACLs.
>
> 1. I would like to subscribe 2 public folder (public/test/test1 and
> public/test/test2).
>
> My user (ldaptestuser) is an ldap user and this user is member of the
> ldap group (ldaptestgroup) which does have all dovecot-acl rights on
> these folders.
>
> imap-1 # cat /opt/mail/_public/publictest/.test*/dovecot-acl
> group=ldaptestgroup akxeilprwts
> group=ldaptestgroup akxeilprwts
>
> I am now connecting with my mail client to imap-1 (throught haproxy) and
> the subscription to this folder works. The file which is written looks
> like:
>
> imap-1 # cat /opt/mail/ldaptestuser/Mails/subscriptions
> Sent
> publictest/test/test1
> publictest/test/test2
>
> Now I am awaiting the synch to imap-2, but the file which it written
> looks like:
>
> imap-2 # cat /opt/mail/ldaptestuser/Mails/subscriptions
> Sent
>
> If I modify the dovecot-acl for .test1 to
>
> imap-1 # cat /opt/mail/_public/publictest/.test1/dovecot-acl
> group=ldaptestgroup akxeilprwts
> user=ldaptestuser akxeilprwts
>
> and execute the subscription again - the synced file looks like:
>
> imap-2 # cat /opt/mail/ldaptestuser/Mails/subscriptions
> Sent
> publictest/test/test1
>
> The subscription of public folder test2 will also been synced, if I add
> my ldaptestuser to the acl file for this folder.
>
> 2. Another issue is to unsubscribe a public folder. If I unsubscribe
> folder test1, it is written to subscriptions file on the imap where I am
> connected, but it is NOT synced even if my user and group are configured
> at the dovecot-acl file. If I then unsubscribe a not public folder (like
> Sent), the former unsubscribed folder test1 is (faulty) subscribed
> again. But both imap do have the same subscriptions for my ldaptestuser
> user.
>
> I do have the behavior with dovecot-2.2.26 and dovecot-2.2.27 on
> CentOS-7 (selinux disabled).
>
> If you need more information like the dovecot -n or some other stuff
> give me a short notice.
>
> Mike;
>


More information about the dovecot mailing list