[Dovecot] Dovecot and ACL
Hello,
I try to get per-mailbox-ACLs on dovecot.
So, I've modded dovecot.conf:
protocol imap { mail_plugins = acl }
and
plugin { acl = vfile }
When I telnet to dovecot an try the command "capability" there is nothing about acl. I need acl for "open-xchange" so I can share Mailboxes over the webinterface. Do I have to create the acl-file manually or does dovecot this automaticly?
reagrds
Daniel
-- Daniel Spannbauer Software Entwicklung marco Systemanalyse und Entwicklung GmbH Tel +49 8333 9233-27 Fax -11 Rechbergstr. 4 - 6, D 87727 Babenhausen Mobil +49 171 4033220 http://www.marco.de/ Email ds@marco.de Geschäftsführer Martin Reuter HRB 171775 Amtsgericht München
Le 8 juil. 09 à 09:14, Daniel Spannbauer a écrit :
Hello,
I try to get per-mailbox-ACLs on dovecot.
So, I've modded dovecot.conf:
protocol imap { mail_plugins = acl }
and
plugin { acl = vfile }
When I telnet to dovecot an try the command "capability" there is
nothing about acl. I need acl for "open-xchange" so I can share Mailboxes over the
webinterface. Do I have to create the acl-file manually or does dovecot this
automaticly?
Shouldn't this be a matter of enabling the imap_acl plugin?
But yes, the wiki is somewhat silent, since that plugin seems to be
mentioned only once and very briefly:
http://wiki.dovecot.org/SharedMailboxes/Shared
HTH, Axel
Axel Luttgens schrieb:
Le 8 juil. 09 à 09:14, Daniel Spannbauer a écrit :
Hello,
I try to get per-mailbox-ACLs on dovecot.
So, I've modded dovecot.conf:
protocol imap { mail_plugins = acl }
and
plugin { acl = vfile }
When I telnet to dovecot an try the command "capability" there is nothing about acl. I need acl for "open-xchange" so I can share Mailboxes over the webinterface. Do I have to create the acl-file manually or does dovecot this automaticly?
Shouldn't this be a matter of enabling the imap_acl plugin? But yes, the wiki is somewhat silent, since that plugin seems to be mentioned only once and very briefly: http://wiki.dovecot.org/SharedMailboxes/Shared
Hmmm, I don't have a imap_acl-Plugin.
Sorry but I forgot the Version: Version is 1.0.rc14
dovecot -n:
/etc/dovecot/dovecot.conf
protocols: imap imaps pop3 listen(default): * listen(imap): * listen(pop3): *:26 disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login first_valid_uid: 100 mail_location: maildir:~/maildir mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 pop3_uidl_format(default): pop3_uidl_format(imap): pop3_uidl_format(pop3): %08Xu%08Xv auth default: passdb: driver: pam userdb: driver: passwd
Regards
Daniel
HTH, Axel
-- Daniel Spannbauer Software Entwicklung marco Systemanalyse und Entwicklung GmbH Tel +49 8333 9233-27 Fax -11 Rechbergstr. 4 - 6, D 87727 Babenhausen Mobil +49 171 4033220 http://www.marco.de/ Email ds@marco.de Geschäftsführer Martin Reuter HRB 171775 Amtsgericht München
Le 8 juil. 09 à 11:55, Daniel Spannbauer a écrit :
[...]
Hmmm, I don't have a imap_acl-Plugin.
Sorry but I forgot the Version: Version is 1.0.rc14
Hmm, I guess you're out of luck then; from http://wiki.dovecot.org/ACL:
Dovecot v1.0 and v1.1 supports administrator-configured ACL
files. v1.2+ supports also IMAP ACL extension which allows
users to change ACLs themselves.Are there reasons for not trying to upgrade?
Axel
Axel Luttgens schrieb:
Le 8 juil. 09 à 11:55, Daniel Spannbauer a écrit :
[...]
Hmmm, I don't have a imap_acl-Plugin.
Sorry but I forgot the Version: Version is 1.0.rc14
Hmm, I guess you're out of luck then; from http://wiki.dovecot.org/ACL:
Dovecot v1.0 and v1.1 supports administrator-configured ACL files. v1.2+ supports also IMAP ACL extension which allows users to change ACLs themselves.Are there reasons for not trying to upgrade?
Hmmm, thats bad. Update isn't easy. I use SuSE 10.2 on a few machines. On SuSE with RPM dovecot has a lot of dependencies which should alll be solved :)
I try to build a new one from SuSE 11.1 on my old system and try it to install.
Thanks a lot
Regards
Daniel
Axel
-- Daniel Spannbauer Software Entwicklung marco Systemanalyse und Entwicklung GmbH Tel +49 8333 9233-27 Fax -11 Rechbergstr. 4 - 6, D 87727 Babenhausen Mobil +49 171 4033220 http://www.marco.de/ Email ds@marco.de Geschäftsführer Martin Reuter HRB 171775 Amtsgericht München
Daniel,
"Dovecot v1.0 and v1.1 supports administrator-configured ACL files. v1.2+ supports also IMAP ACL extension which allows users to change ACLs themselves." http://wiki.dovecot.org/ACL
I think to share mailboxes in OPen-Xchange, you will need Version 1.2 (IMap ACL extension)
An Alternate way using Soft Links: http://wiki.dovecot.org/SharedMailboxes/Symlinks
Regards,
Mario Antonio
Daniel Spannbauer wrote:
Hello,
I try to get per-mailbox-ACLs on dovecot.
So, I've modded dovecot.conf:
protocol imap { mail_plugins = acl }
and
plugin { acl = vfile }
When I telnet to dovecot an try the command "capability" there is nothing about acl. I need acl for "open-xchange" so I can share Mailboxes over the webinterface. Do I have to create the acl-file manually or does dovecot this automaticly?
reagrds
Daniel
Mario Antonio schrieb:
Daniel,
"Dovecot v1.0 and v1.1 supports administrator-configured ACL files. v1.2+ supports also IMAP ACL extension which allows users to change ACLs themselves." http://wiki.dovecot.org/ACL
I think to share mailboxes in OPen-Xchange, you will need Version 1.2 (IMap ACL extension)
An Alternate way using Soft Links: http://wiki.dovecot.org/SharedMailboxes/Symlinks
Regards,
Mario Antonio
Daniel Spannbauer wrote:
Hello,
I try to get per-mailbox-ACLs on dovecot.
So, I've modded dovecot.conf:
protocol imap { mail_plugins = acl }
and
plugin { acl = vfile }
When I telnet to dovecot an try the command "capability" there is nothing about acl. I need acl for "open-xchange" so I can share Mailboxes over the webinterface. Do I have to create the acl-file manually or does dovecot this automaticly?
Ok, now I have dovecot 1.2 running with configuerd per-user-acl with Plugins acl and imap-acl. Seems to work, now error in the logs at the moment. Bute wehn I log in over telnet port 143 theres no "acl" at the capabilities-String.
Can anybody tell me why?
Regards
Daniel
reagrds
Daniel
-- Daniel Spannbauer Software Entwicklung marco Systemanalyse und Entwicklung GmbH Tel +49 8333 9233-27 Fax -11 Rechbergstr. 4 - 6, D 87727 Babenhausen Mobil +49 171 4033220 http://www.marco.de/ Email ds@marco.de Geschäftsführer Martin Reuter HRB 171775 Amtsgericht München
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Fri, 10 Jul 2009, Daniel Spannbauer wrote:
Seems to work, now error in the logs at the moment. Bute wehn I log in over telnet port 143 theres no "acl" at the capabilities-String.
Can anybody tell me why?
You use the wrong/old/not-restarted demon ;-)
You are not logged in.
- OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready. 1 login user pwd 1 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH ACL RIGHTS=texk QUOTA] Logged in
Bye,
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBSlcOtHWSIuGy1ktrAQKutgf/cYYoHOgukqevKfQ5HXS655RtlbOfoRlz jF6BBBWX+A3BhoaVvHl80iJSumceHz+kt3Mv5UmZNSiVUTHeI/P6e3TFiu55hpD2 gtleEzVwXvU7q+HOmpMGc38oxmnMlRfMPa/PIUdtmcRv/tEupDw0ZIRZ/i46eAe+ bqJE9hQffP4KLcAVPIT2auTg8ImjXuQuzS8Qn3VL2d9/eWQm1nE59R8O+8S6Sb6E GBmUnMSlBMd50flcywBHQOj03UirUZx7reRMoozeuR2fZ1vF/Eiq0eGZD4f8HpJt H3+Cc2W/CQhKq3kk6Ign/mVcYpW9mTqtMxbFWDD12wDK9tp5Fpv5NQ== =YxW7 -----END PGP SIGNATURE-----
Steffen Kaiser schrieb:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Fri, 10 Jul 2009, Daniel Spannbauer wrote:
Seems to work, now error in the logs at the moment. Bute wehn I log in over telnet port 143 theres no "acl" at the capabilities-String.
Can anybody tell me why?
You use the wrong/old/not-restarted demon ;-)
You are not logged in.
- OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready. 1 login user pwd 1 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH ACL RIGHTS=texk QUOTA] Logged in
Bye,
/usr/sbin/dovecot --version gives me 1.2.0. Should be the rights deamon.
Regards
Daniel
- -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBSlcOtHWSIuGy1ktrAQKutgf/cYYoHOgukqevKfQ5HXS655RtlbOfoRlz jF6BBBWX+A3BhoaVvHl80iJSumceHz+kt3Mv5UmZNSiVUTHeI/P6e3TFiu55hpD2 gtleEzVwXvU7q+HOmpMGc38oxmnMlRfMPa/PIUdtmcRv/tEupDw0ZIRZ/i46eAe+ bqJE9hQffP4KLcAVPIT2auTg8ImjXuQuzS8Qn3VL2d9/eWQm1nE59R8O+8S6Sb6E GBmUnMSlBMd50flcywBHQOj03UirUZx7reRMoozeuR2fZ1vF/Eiq0eGZD4f8HpJt H3+Cc2W/CQhKq3kk6Ign/mVcYpW9mTqtMxbFWDD12wDK9tp5Fpv5NQ== =YxW7 -----END PGP SIGNATURE-----
-- Daniel Spannbauer Software Entwicklung marco Systemanalyse und Entwicklung GmbH Tel +49 8333 9233-27 Fax -11 Rechbergstr. 4 - 6, D 87727 Babenhausen Mobil +49 171 4033220 http://www.marco.de/ Email ds@marco.de Geschäftsführer Martin Reuter HRB 171775 Amtsgericht München
Le 11 juil. 09 à 18:00, Daniel Spannbauer a écrit :
Steffen Kaiser schrieb:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 10 Jul 2009, Daniel Spannbauer wrote:
Seems to work, now error in the logs at the moment. Bute wehn I log in over telnet port 143 theres no "acl" at the
capabilities-String. Can anybody tell me why? You use the wrong/old/not-restarted demon ;-) You are not logged in.
- OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID
ENABLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready. 1 login user pwd 1 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID
ENABLE SORT THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE
CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE
QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH ACL
RIGHTS=texk QUOTA] Logged in Bye,/usr/sbin/dovecot --version gives me 1.2.0. Should be the rights
deamon.
And what does your capability string currently look like?
Also, could you add "mail_debug = yes" to your config, restart
Dovecot, and show the corresponding log lines (in system.log then
mail.log)?
Axel
Daniel,
I think you need to use (make sure of the imap_acl configuration):
protocol imap { mail_plugins = acl imap_acl
}
Regards,
M.A.
Daniel Spannbauer wrote:
Mario Antonio schrieb:
Daniel,
"Dovecot v1.0 and v1.1 supports administrator-configured ACL files. v1.2+ supports also IMAP ACL extension which allows users to change ACLs themselves." http://wiki.dovecot.org/ACL
I think to share mailboxes in OPen-Xchange, you will need Version 1.2 (IMap ACL extension)
An Alternate way using Soft Links: http://wiki.dovecot.org/SharedMailboxes/Symlinks
Regards,
Mario Antonio
Daniel Spannbauer wrote:
Hello,
I try to get per-mailbox-ACLs on dovecot.
So, I've modded dovecot.conf:
protocol imap { mail_plugins = acl }
and
plugin { acl = vfile }
When I telnet to dovecot an try the command "capability" there is nothing about acl. I need acl for "open-xchange" so I can share Mailboxes over the webinterface. Do I have to create the acl-file manually or does dovecot this automaticly?
Ok, now I have dovecot 1.2 running with configuerd per-user-acl with Plugins acl and imap-acl. Seems to work, now error in the logs at the moment. Bute wehn I log in over telnet port 143 theres no "acl" at the capabilities-String.
Can anybody tell me why?
Regards
Daniel
reagrds
Daniel
Mario Antonio schrieb:
Daniel,
I think you need to use (make sure of the imap_acl configuration):
protocol imap { mail_plugins = acl imap_acl
}
Yes, thats in the conf-
dovecot -n:
1.2.0: /etc/dovecot/dovecot.conf
OS: Linux 2.6.18.2-34-default i686 openSUSE 10.2 (i586)
protocols: imap imaps pop3 listen(default): * listen(imap): * listen(pop3): *:26 ssl: no disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login first_valid_uid: 100 mail_location: maildir:~/maildir mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_plugins(default): acl imap_acl mail_plugins(imap): acl imap_acl mail_plugins(pop3): mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 auth default: passdb: driver: pam userdb: driver: passwd plugin: acl: vfile acl_shared_dict: file:/var/lib/dovecot/shared-mailboxes
participants (4)
-
Axel Luttgens
-
Daniel Spannbauer
-
Mario Antonio
-
Steffen Kaiser