On 23/05/2024 04:42 EEST moso.mosoleu--- via dovecot dovecot@dovecot.org wrote:
It shouldn't be impossible, but I've tried countless ways and not even ChatGPT 4o was able to help me! :D
I use three LDIF files to get OpenLDAP ready for testing. In the first LDIF I just modify the schema to add the associatedDomain attributes (then I could configure the server to serve more than one domain). The second LDIF is to add 4 objects to the schema that I use to differentiate accounts that actually receive/send emails and have a password; another thing done in it is to add a "groupOfUniqueNamesWithMail" object that allows the "mail" and "mailEnabled" attributes that are then necessary to use in the entries created in the "shared-mailboxes" OU. Finally, the third LDIF populates the LDAP by creating OUs, user accounts and creating entries in "shared-mailboxes" that serve to say which user accounts have access to which other user accounts.
When I start the email server, sending and receiving emails works perfectly.
And mailbox shares work as expected if I manually use, for each share, the command:
doveadm acl set -u admin@mydomain.com.br INBOX user=user.1@mydomain.com.br lookup read write write-seen write-deleted insert post expunge create delete
But just as authentication works perfectly via LDAP, I believe there must be a way to configure Dovecot to dynamically adjust ACLs via LDAP.
Hi!
This has not yet been implemented in Dovecot.
Aki