On 17-02-2022 10:17, Aki Tuomi wrote:
On 17/02/2022 11:16 Kees van Vloten keesvanvloten@gmail.com wrote:
On 17-02-2022 10:02, Aki Tuomi wrote:
On 17/02/2022 10:39 Kees van Vloten keesvanvloten@gmail.com wrote:
On 17-02-2022 09:16, Aki Tuomi wrote:
On 17/02/2022 10:14 Kees van Vloten keesvanvloten@gmail.com wrote:
On 17-02-2022 07:28, Aki Tuomi wrote: >> On 16/02/2022 21:40 Kees van Vloten keesvanvloten@gmail.com wrote: >> >> Hi Team, >> >> >> I am trying to setup mailbox sharing. But although user test2 shares >> INBOX with test1, it is not visible for user1. >> >> doveadm acl get -u test2 INBOX >> ID Global Rights >> user=test1 admin create delete expunge insert lookup post read >> write write-deleted write-seen >> >> cat /srv/mail/dovecot/lib/shared-mailboxes.db >> shared/shared-boxes/user/test1/test2@example.com >> 1 >> >> Log output: >> > <snip /> I think your problem is that you are using test1 and test2 as usernames, but shared folder is for test2@example.com
The sharing must happen with same user names as your users are logging in.
Aki
Users are logging in with username only (and in most situations with a krb5 ticket):
auth_username_format = %Lu
Is there a way to prevent sharing as the %n name (test2@example.com)?
Or is the better approach to login with %n (and would that work with gssapi login)? Why not use auth_username_format=%Ln then?
Also consistently use %n instead of %u in your configuration. Also doveadm acl set -u test2 user=test1 and so on.
etc.
Aki
Solved !! But a bit different then the above suggestion. There was a discrepancy between users logged in with a krb5-ticket and users without.
passdb { args = /etc/dovecot/ldap_user_to_principal.conf.ext driver = ldap pass = yes } passdb { driver = pam }
The issue was in ldap_user_to_principal.conf.ext, it contained:
pass_attrs =
=user=%u,
=nopassword=Y,
=k5principals=%{ldap:userPrincipalName}
I changed user to %n and now it is handled the same as handling through pam for users without ticket.
Now the ACLs look alright:
cat /srv/mail/dovecot/lib/shared-mailboxes.db shared/shared-boxes/user/test1/test2 1
doveadm acl get -u test2 INBOX ID Global Rights user=test1 admin create delete expunge insert lookup post read write write-deleted write-seen
And even better, the 'test2' mailbox shows up in the mail-client of 'test1'.
Thank for your help, Aki. It did help to point me in the right direction !
- Kees