Hi!
I have some trouble with userdb, ldap an extrafields for acl_groups.
There is a script in python, which fetches the groups and sets the environment-variable ACL_GROUPS to this groups. It works when i log in to imap (thunderbird for example shows my public folders which are protected by acl_groups).
But when it try
doveadm mailbox list -u user.name
the mailboxes are not listed and with -Dv i get "permission denied, no lookup rights".
in my dovecot-ldap-userdb.conf.ext is
hosts = ldap.server.example dn = cn=service_id,ou=mailserver,ou=system,ou=services,dc=server,dc=example dnpass = protectedpassword12345 tls = yes tls_ca_cert_file = /etc/ssl/certs/ca-certificates.crt tls_require_cert = demand ldap_version = 3 base = ou=users,dc=server,dc=example deref = always scope = subtree user_attrs = =home={ldap:dcMailMessageStore},system_groups_user=%u,allow_all_users=yes,=acl_groups=%{env:ACL_GROUPS} user_filter = (&(objectClass=posixAccount)(uid=%u)(!(sn=NoLogin))(|(memberof=cn=perm-app-mymail_admins,ou=mymail,ou=apps,ou=services,dc=schuerz,dc=at)(memberof=cn=perm-app-mymail_users,ou=mymail,ou=apps,ou=services,dc=schuerz,dc=at)))
when i change acl_groups=%{env:ACL_GROUPS} to acl_gropus=mygroup, the doveadm mailbox list command shows my public mailbox
So how do i get my acl_groups from the postlogin-script output into userdb-query?
Even, when i do on the shell
ACL_GROUPS=mygroup doveadm mailbox list -u user.name
the ACL_GROUPS Environment is ignored by the doveadm-command...
thank you
jakob
Well, you don't have postlogin scripts when running doveadm. Those are executed by *-login and usually execute the actual protocol handler.
Try
env ACL_GROUPS=whatever doveadm mailbox list -u test.user
Aki
On 04 February 2019 at 14:39 Jakobus Schürz wertstoffe@nurfuerspam.de wrote:
Hi!
I have some trouble with userdb, ldap an extrafields for acl_groups.
There is a script in python, which fetches the groups and sets the environment-variable ACL_GROUPS to this groups. It works when i log in to imap (thunderbird for example shows my public folders which are protected by acl_groups).
But when it try
doveadm mailbox list -u user.name
the mailboxes are not listed and with -Dv i get "permission denied, no lookup rights".
in my dovecot-ldap-userdb.conf.ext is
hosts = ldap.server.example dn = cn=service_id,ou=mailserver,ou=system,ou=services,dc=server,dc=example dnpass = protectedpassword12345 tls = yes tls_ca_cert_file = /etc/ssl/certs/ca-certificates.crt tls_require_cert = demand ldap_version = 3 base = ou=users,dc=server,dc=example deref = always scope = subtree user_attrs = =home={ldap:dcMailMessageStore},system_groups_user=%u,allow_all_users=yes,=acl_groups=%{env:ACL_GROUPS} user_filter = (&(objectClass=posixAccount)(uid=%u)(!(sn=NoLogin))(|(memberof=cn=perm-app-mymail_admins,ou=mymail,ou=apps,ou=services,dc=schuerz,dc=at)(memberof=cn=perm-app-mymail_users,ou=mymail,ou=apps,ou=services,dc=schuerz,dc=at)))
when i change acl_groups=%{env:ACL_GROUPS} to acl_gropus=mygroup, the doveadm mailbox list command shows my public mailbox
So how do i get my acl_groups from the postlogin-script output into userdb-query?
Even, when i do on the shell
ACL_GROUPS=mygroup doveadm mailbox list -u user.name
the ACL_GROUPS Environment is ignored by the doveadm-command...
thank you
jakob
Hi Aki!
The command didn't work. The protected mailbox is not shown.
It's not the big problem, when doveadm does not show the public mailbox. The problem is, i have a sieve-filter, which puts some emails to this mailboxes... and the sieve-filter does not work too... the same problem "permission denied" in case of not knowing the acl_groups from ldap... The sievefilter is a global-filter not a users sievefilter...
how can i handle global mail-filtering for all users into one public mailbox?
lg jakob
Am 04.02.19 um 13:44 schrieb Aki Tuomi:
Well, you don't have postlogin scripts when running doveadm. Those are executed by *-login and usually execute the actual protocol handler.
Try
env ACL_GROUPS=whatever doveadm mailbox list -u test.user
Aki
On 04 February 2019 at 14:39 Jakobus Schürz wertstoffe@nurfuerspam.de wrote:
Hi!
I have some trouble with userdb, ldap an extrafields for acl_groups.
There is a script in python, which fetches the groups and sets the environment-variable ACL_GROUPS to this groups. It works when i log in to imap (thunderbird for example shows my public folders which are protected by acl_groups).
But when it try
doveadm mailbox list -u user.name
the mailboxes are not listed and with -Dv i get "permission denied, no lookup rights".
in my dovecot-ldap-userdb.conf.ext is
hosts = ldap.server.example dn = cn=service_id,ou=mailserver,ou=system,ou=services,dc=server,dc=example dnpass = protectedpassword12345 tls = yes tls_ca_cert_file = /etc/ssl/certs/ca-certificates.crt tls_require_cert = demand ldap_version = 3 base = ou=users,dc=server,dc=example deref = always scope = subtree user_attrs = =home={ldap:dcMailMessageStore},system_groups_user=%u,allow_all_users=yes,=acl_groups=%{env:ACL_GROUPS} user_filter = (&(objectClass=posixAccount)(uid=%u)(!(sn=NoLogin))(|(memberof=cn=perm-app-mymail_admins,ou=mymail,ou=apps,ou=services,dc=schuerz,dc=at)(memberof=cn=perm-app-mymail_users,ou=mymail,ou=apps,ou=services,dc=schuerz,dc=at)))
when i change acl_groups=%{env:ACL_GROUPS} to acl_gropus=mygroup, the doveadm mailbox list command shows my public mailbox
So how do i get my acl_groups from the postlogin-script output into userdb-query?
Even, when i do on the shell
ACL_GROUPS=mygroup doveadm mailbox list -u user.name
the ACL_GROUPS Environment is ignored by the doveadm-command...
thank you
jakob
participants (2)
-
Aki Tuomi
-
Jakobus Schürz