<quote who="Timo Sirainen"> > On Thu, 2006-11-30 at 14:55 +0000, Gavin Henry wrote: >> Our idea is either in the namespace declaration or if a folder has a >> dovecot-shared file/symlink, have a ldap lookup defined in say, >> dovecot-ldap-shares.conf or dovecot-ldap.conf, that queries a dn and >> looks >> for memberUID or a group dn, then those uids/groups can get into the >> IMAP >> maildir. > > I guess this could work as a simpler ACL plugin backend, if you only > needed "all access" vs. "none access". Or the ACLs could be defined in > LDAP as well. I'd rather not touch LDAP more than I have to, though. :)
It would be excellent if the ACLs could be in LDAP too.
I'm thinking along the lines of how samba stores account flags in a directory, e.g. sambaAcctFlags: [U ]
We could add this to a dovecot.schema e.g.
dovecotACLflags:
etc.
I was also going to add support for defining multiple groups in dovecot-auth (either as plain names or name=GID lists to give access to multiple GIDs). Once that works, it's also possible to support group ACLs in the vfile ACL backend too.
Excellent.