ACL and LDAP

Daniel Tröder troeder at univention.de
Mon Feb 1 18:42:17 UTC 2016


On 02/01/2016 06:59 PM, Chris wrote:
> Dear All,
> 
> is it possible to store ACLs in LDAP?
> 
> Does anyone happen to have a script that syncs ACLs read from LDAP with
> Dovecot?
> 
> - Chris
Hi Chris,

for Dovecot in the mail stack of the Univention Corporate Server (UCS, a
Open Source Linux server distribution) a mechanism to do that is
implemented.
It is used to set ACLs of shared folders stored in LDAP on Dovecots
shared folders. Management of shared folders is done through a
web/cmdline interface that stores its data in LDAP.

The ACLs are stored in attributes like this:
DN: cn=folder at test.dom,cn=folder,cn=mail,dc=test,dc=dom
  sharedFolderUserACL: test1 at test.dom write
  sharedFolderUserACL: test2 at test.dom read

In
https://forge.univention.org/websvn/filedetails.php?repname=dev&path=%2Fbranches%2Fucs-4.1%2Fucs-4.1-0%2Fmail%2Funivention-mail-dovecot%2Fmodules%2Funivention%2Fmail%2Fdovecot_shared_folder.py
in doveadm_set_mailbox_acls() and imap_set_mailbox_acls() the attributes
are read and used to set them on the folders.

The solution is very specific to UCS (uses its LDAP notifier-listener
mechanism and their LDAP schema), but maybe you can adapt it.

Good luck
Daniel

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20160201/0645f645/attachment.sig>


More information about the dovecot mailing list