We have a customer with a large public folder hierarchy. They occasionally make requests to have the public folder ACLs changed; for example: "please give user X access to all public folders" (that's nearly 1700 folders). Worse: "please give user Y access to all sales folders" (there are 1450 sales folders).
The problem is that there are (naturally) spaces in the folder names, which makes command line manipulation challenging. We've ended up with some astonishingly hacky Python scripts that enter each folder starting with (for example) ".sales" and replacing the dovecot-acl file to try to fulfil the above requests. One day our script are going to get it wrong, or requests will become more complex ("give X access all sales/CustA folders, Y access to all sales/CustB folders, and Z access to all sales folders). There must be a Better Way.
How do others manage divergent ACLs within large public folder hierarchies?
Thanks, Keith