On 23.11.2012, at 17.53, Sven Hartge wrote:
BTW. Do you have multiple Dovecot backend servers? Director works only when you're not using shared mailboxes..
You can't reliably do it if the mailboxes are accessed directly via NFS. The current idea to solve this is to use imapc backend with master users, so the actual mailbox access for each user is always done by only one server. I think someone already managed to configure such a setup.
This was me.
It works (with one minor quirk, more on this later) in my current test setup like so:
a) 1 to X user-servers with the users mailboxes on them b) 1 shared-server with the shared mailboxes on them
For implementing shared mailboxes between all user servers, I think what would need to be developed is:
imapc_host = m-st-sh-01.example.com imapc_master_user = %u imapc_user = shared
Somehow being able to set "imapc_user = %%u" where %%u expands to the shared namespace's username. Or maybe setting the imapc_user automatically to that when accessing it via type=shared namespace.
Note: You CANNOT have ACLs activated on the users-servers, because this will interfere with the permissions of ht IMAPShared namespace, rendering the mailboxes located in there unavailable for your users.
And some way to disable ACLs for shared namespaces that use imapc. Not sure what would be a nice way of doing this.
The attached patch contains these two changes. The first one I could commit immediately. The second one probably would need to be configurable somehow (maybe a generic disable_acls=yes setting for namespace?)
Now the mentioned quirk: Because all connections on the shared-server are made to the same user "shared" and are coming from very few IPs (the 1 to X user-servers), you need to set a very high mail_max_userip_connections value.
I set mine to 1000 just to be sure.
---> But: I have NOT configured login_trusted_networks, so this may be my error in that case.
I don't think that setting helps.