ACL and LDAP
Daniel Tröder
troeder at univention.de
Mon Feb 1 18:42:17 UTC 2016
On 02/01/2016 06:59 PM, Chris wrote:
> Dear All,
>
> is it possible to store ACLs in LDAP?
>
> Does anyone happen to have a script that syncs ACLs read from LDAP with
> Dovecot?
>
> - Chris
Hi Chris,
for Dovecot in the mail stack of the Univention Corporate Server (UCS, a
Open Source Linux server distribution) a mechanism to do that is
implemented.
It is used to set ACLs of shared folders stored in LDAP on Dovecots
shared folders. Management of shared folders is done through a
web/cmdline interface that stores its data in LDAP.
The ACLs are stored in attributes like this:
DN: cn=folder at test.dom,cn=folder,cn=mail,dc=test,dc=dom
sharedFolderUserACL: test1 at test.dom write
sharedFolderUserACL: test2 at test.dom read
In
https://forge.univention.org/websvn/filedetails.php?repname=dev&path=%2Fbranches%2Fucs-4.1%2Fucs-4.1-0%2Fmail%2Funivention-mail-dovecot%2Fmodules%2Funivention%2Fmail%2Fdovecot_shared_folder.py
in doveadm_set_mailbox_acls() and imap_set_mailbox_acls() the attributes
are read and used to set them on the folders.
The solution is very specific to UCS (uses its LDAP notifier-listener
mechanism and their LDAP schema), but maybe you can adapt it.
Good luck
Daniel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20160201/0645f645/attachment.sig>
More information about the dovecot
mailing list