[Dovecot] dovecot2 latest beta5 acl not working properly ?
Hi i tested acls with some clients horde/imp mulberry thunderbird squirrelmail kmail and i couldnt get it run proberly i have no problems testing setacl etc with plain telnet session, and i have no error in verbose logging but it looks like acl is only working partly with some clients so show acls is working mostly but setting only partly horde/imp and mulberry dont show any acls any idea?
Best Regards
MfG Robert Schetterer
Germany/Munich/Bavaria
Am 19.05.2010 12:11, schrieb Robert Schetterer:
Hi i tested acls with some clients horde/imp mulberry thunderbird squirrelmail kmail and i couldnt get it run proberly i have no problems testing setacl etc with plain telnet session, and i have no error in verbose logging but it looks like acl is only working partly with some clients so show acls is working mostly but setting only partly horde/imp and mulberry dont show any acls any idea?
i have no idea what changed in dovecot2 looks like capability anounce changed somehow
horde/imp does a check which seems to get workarounded by
horde/lib/Horde/IMAP/ACL/rfc2086.php
if (substr($this->_params['protocol'], 0, 4) != 'imap') { /* No point in going any further if it's not an IMAP server. */ $this->_error = PEAR::raiseError(_("Only IMAP servers support shared folders.")); $this->_supported = false; } elseif (!isset($this->_caps['acl'])) { /* If we couldn't get the server's capability, we'll assume ACL is not supported for now. */
----change---from---false---to---true
$this->_supported = true;
} else {
$this->_supported = true;
}anyway perhaps Timo knows more about capability in dove2, guess thats the reason why mulberry does not show acls too
-- Best Regards
MfG Robert Schetterer
Germany/Munich/Bavaria
On Wed, 2010-05-19 at 12:11 +0200, Robert Schetterer wrote:
but it looks like acl is only working partly with some clients so show acls is working mostly but setting only partly horde/imp and mulberry dont show any acls any idea?
They only look at the CAPABILITY list before login, not afterwards? ACL is listed only after login. (It's also sent to the client, but some clients just ignore the updated capability list.) I think this should be fixed on client side.
Am 25.05.2010 17:35, schrieb Timo Sirainen:
On Wed, 2010-05-19 at 12:11 +0200, Robert Schetterer wrote:
but it looks like acl is only working partly with some clients so show acls is working mostly but setting only partly horde/imp and mulberry dont show any acls any idea?
They only look at the CAPABILITY list before login, not afterwards? ACL is listed only after login. (It's also sent to the client, but some clients just ignore the updated capability list.) I think this should be fixed on client side.
oh Timo, it should be fixed, maybe you have chances at horde/imp getting fixes soon, and also upcomming tb versions with acl but who knows what "broken" clients are out in wild, maybe there should be a workaround parameter to behavior as before dovecot2
-- Best Regards
MfG Robert Schetterer
Germany/Munich/Bavaria
On Tue, 2010-05-25 at 19:17 +0200, Robert Schetterer wrote:
They only look at the CAPABILITY list before login, not afterwards? ACL is listed only after login. (It's also sent to the client, but some clients just ignore the updated capability list.) I think this should be fixed on client side.
oh Timo, it should be fixed, maybe you have chances at horde/imp getting fixes soon, and also upcomming tb versions with acl but who knows what "broken" clients are out in wild, maybe there should be a workaround parameter to behavior as before dovecot2
Well, there is a workaround that you can do: Set imap_capability manually to the value you want.
But I'm still continuing my crusade to get the clients fixed instead.
Am 25.05.2010 19:42, schrieb Timo Sirainen:
On Tue, 2010-05-25 at 19:17 +0200, Robert Schetterer wrote:
They only look at the CAPABILITY list before login, not afterwards? ACL is listed only after login. (It's also sent to the client, but some clients just ignore the updated capability list.) I think this should be fixed on client side.
oh Timo, it should be fixed, maybe you have chances at horde/imp getting fixes soon, and also upcomming tb versions with acl but who knows what "broken" clients are out in wild, maybe there should be a workaround parameter to behavior as before dovecot2
Well, there is a workaround that you can do: Set imap_capability manually to the value you want.
But I'm still continuing my crusade to get the clients fixed instead.
Hi Timo, dont wanna stop crusaders *g, at last all well known clients should be fixed, using acl isnt spreaded wide yet, but question, if setting imap_capability manual, is this addtional to capability or do i have to list all capability then manual also is there an example for manual in the wiki/conf ( i cant remember such ), an example with acl would be ideal
-- Best Regards
MfG Robert Schetterer
Germany/Munich/Bavaria
On Tue, 2010-05-25 at 21:56 +0200, Robert Schetterer wrote:
Well, there is a workaround that you can do: Set imap_capability manually to the value you want.
But I'm still continuing my crusade to get the clients fixed instead.
Hi Timo, dont wanna stop crusaders *g, at last all well known clients should be fixed, using acl isnt spreaded wide yet, but question, if setting imap_capability manual, is this addtional to capability or do i have to list all capability then manual
You need to list all of them. But not AUTH=* or STARTTLS or LOGINDISABLED, since those are added automatically.
also is there an example for manual in the wiki/conf ( i cant remember such ), an example with acl would be ideal
Nope. Get the pre-login capability and post-login capability and drop duplicates and the above mentioned capabilities and use that as the value.
Am 25.05.2010 22:09, schrieb Timo Sirainen:
On Tue, 2010-05-25 at 21:56 +0200, Robert Schetterer wrote:
Well, there is a workaround that you can do: Set imap_capability manually to the value you want.
But I'm still continuing my crusade to get the clients fixed instead.
Hi Timo, dont wanna stop crusaders *g, at last all well known clients should be fixed, using acl isnt spreaded wide yet, but question, if setting imap_capability manual, is this addtional to capability or do i have to list all capability then manual
You need to list all of them. But not AUTH=* or STARTTLS or LOGINDISABLED, since those are added automatically.
also is there an example for manual in the wiki/conf ( i cant remember such ), an example with acl would be ideal
Nope. Get the pre-login capability and post-login capability and drop duplicates and the above mentioned capabilities and use that as the value.
Hi Timo, i will do my tests with manual capability soon after upgrade to the latest hg dovecot2 version thx so far
-- Best Regards
MfG Robert Schetterer
Germany/Munich/Bavaria
participants (3)
-
Robert Schetterer
-
Thomas Leuxner
-
Timo Sirainen