On 02/01/2016 06:59 PM, Chris wrote:
Dear All,
is it possible to store ACLs in LDAP?
Does anyone happen to have a script that syncs ACLs read from LDAP with Dovecot?
- Chris Hi Chris,
for Dovecot in the mail stack of the Univention Corporate Server (UCS, a Open Source Linux server distribution) a mechanism to do that is implemented. It is used to set ACLs of shared folders stored in LDAP on Dovecots shared folders. Management of shared folders is done through a web/cmdline interface that stores its data in LDAP.
The ACLs are stored in attributes like this: DN: cn=folder@test.dom,cn=folder,cn=mail,dc=test,dc=dom sharedFolderUserACL: test1@test.dom write sharedFolderUserACL: test2@test.dom read
In https://forge.univention.org/websvn/filedetails.php?repname=dev&path=%2Fbranches%2Fucs-4.1%2Fucs-4.1-0%2Fmail%2Funivention-mail-dovecot%2Fmodules%2Funivention%2Fmail%2Fdovecot_shared_folder.py in doveadm_set_mailbox_acls() and imap_set_mailbox_acls() the attributes are read and used to set them on the folders.
The solution is very specific to UCS (uses its LDAP notifier-listener mechanism and their LDAP schema), but maybe you can adapt it.
Good luck Daniel