enable/disable shared namespace in passdb
hello all
i'm currently using passdb to enable and disable various namespaces conditionally : for example the following work
namespace/inbox/inbox=no namespace/legacy_pfso/disabled=no namespace/legacy_pfso/inbox=no namespace/local_storage/disabled=no namespace/comboINBOX_local_pfso/disabled=no namespace/comboINBOX_local_pfso/inbox=yes
but i can't get things like the following to work
namespace/shared/disabled=yes
--
the shared namespace is configured as shown below
namespace shared { type = shared list = yes # children disabled = yes separator = / prefix = shared/%%u/ location = imapc:~/dovemail/shared/%%u/ }
imapc_host = localhost imapc_port = 143 imapc_password = superpassword # either super or a dummy imapc_master_user = %u
--
it seems the shared namespaces do not have names any more so they can't be modified dynamically
is there a way to circumvent ? something i missed ?
i'm running 2.2.22 but i can switch easily to 2.2.9 or any other version providing master_user or one of the variables that can let me know if a master login was performed is available in passdb
the reason i'm doing this is so i can prevent long chains/loops from occuring : then accessed by imapc: , the passdb should disable the shared namespace so it does not produce (an)other imapc connection(s)
thanks for your help
alexis
hello all
i'm currently using passdb to enable and disable various namespaces conditionally : for example the following work
namespace/inbox/inbox=no namespace/legacy_pfso/disabled=no namespace/legacy_pfso/inbox=no namespace/local_storage/disabled=no namespace/comboINBOX_local_pfso/disabled=no namespace/comboINBOX_local_pfso/inbox=yes
but i can't get things like the following to work
namespace/shared/disabled=yes
--
the shared namespace is configured as shown below
namespace shared { type = shared list = yes # children disabled = yes separator = / prefix = shared/%%u/ location = imapc:~/dovemail/shared/%%u/ }
imapc_host = localhost imapc_port = 143 imapc_password = superpassword # either super or a dummy imapc_master_user = %u
--
it seems the shared namespaces do not have names any more so they can't be modified dynamically
is there a way to circumvent ? something i missed ?
i'm running 2.2.22 but i can switch easily to 2.2.9 or any other version providing master_user or one of the variables that can let me know if a master login was performed is available in passdb
the reason i'm doing this is so i can prevent long chains/loops from occuring : then accessed by imapc: , the passdb should disable the shared namespace so it does not produce (an)other imapc connection(s)
thanks for your help
alexis
hi all
bumping on my own...
i've tried to declare the namespace inside the imap protocol and adding the following extra protocol and listner
service imap-login-noshares { protocol = imapnoshares executable = imap-login inet_listener imapnoshares { address = port = 20143 reuse_port = no ssl = no } $login_process_common_stuff }
protocol imapnoshares { # we need to clone imap stuff here... maybe not everything but at least quota and the likes }
unfortunately it seems that the protocol is still 'imap' : the passdb and userdb queries still contain imap as the protocol name, the log displays imap(username), and it looks like the shared namespace is active.
the namespace is now declared like this
protocol imap { namespace shared { type = shared list = yes # children #disabled = yes separator = / prefix = shared/%%u/ location = imapc:~/dovemail/shared/%%u/ } }
any ideas ?
has anybody managed to get acls to work with imapc ?
thanks for your time
alexis
On 04 Apr 2016, at 13:28, abi@oleane.net wrote:
namespace shared { type = shared list = yes # children disabled = yes separator = / prefix = shared/%%u/ location = imapc:~/dovemail/shared/%%u/ }
Don't you get a warning with this?
Warning: Obsolete setting in dovecot.conf:1: namespace shared {} has been replaced by namespace { type=shared }
This is because of the v1.x dovecot.conf auto-conversion code. Try giving it a different name than "shared" and see if it works.
Le 06/04/2016 21:41, Timo Sirainen a écrit :
On 04 Apr 2016, at 13:28, abi@oleane.net wrote:
namespace shared { type = shared list = yes # children disabled = yes separator = / prefix = shared/%%u/ location = imapc:~/dovemail/shared/%%u/ }
Don't you get a warning with this?
Warning: Obsolete setting in dovecot.conf:1: namespace shared {} has been replaced by namespace { type=shared }
This is because of the v1.x dovecot.conf auto-conversion code. Try giving it a different name than "shared" and see if it works.
yes i get this exact warning i tried with and without
given the fact that other namespaces parameters can be changed dynamically through passdb by returning "namespace"/NAMESPACE_NAME/PARAMETER=VALUE, i was hoping to do the same with shared namespaces which is why i added a name
i'm wondering : is using shared namespaces with non generic acls and imapc currently supported in dovecot ?
i'm running into 2 problems :
--> the acl files are looked up in the filesystem in ~loggedin_user/.../shared/sharing_user/ rather than in ~sharing_user so the filesystem paths are not translated. i can circumvent with symlinks but i assume the ACLs should be looked up using imap or an extra location attribute could be added to the namespace so the acls are read in the proper location.
--> the sharers might themselves have other people sharing with them so the imapc connections loop. i need a way to selectively disable the shared namespace. ( based on a specific port, the source address, something passed by imapc:, the fact that there is a master login... whatever works )
i'm ready to beta-test if that can help in any way
thanks for your great work
best regards
alexis
hello.
i gave a different name to the namespace. now i can properly disable it from passdb (so i do not produce a loops with shared namespaces configured with imapc)
but providing a name breaks even local acls
with the following config
namespace sharedboxes { type = shared list = yes # children disabled = no # should be yes, but this is convenient when testing with doveadm separator = / # useful ? does not change a thing... direcgt access is ok, imapc is broken prefix = shared/%%u/
# THIS MAKES USE OF THE LOCAL FILESYSTEM FOR THE REMOTE USER'S MAILBOX LOCATION. WORKS BUT NOT CLUSTER-SAFE # NOTE : specifying a separate INDEX allows for unshared flags # NOTE : userdb sets mail location to maildir:~/dovemail:INBOX=~/dovemail/.INBOX location = maildir:%%h/dovemail/ # :INDEXPVT=~/dovemail/private_indexes/%%u
# THIS ONE IS CLUSTER-SAFE BUT CURRENTLY DOES NOT WORK
#location = imapc:~/dovemail/shared/%%u/ # cache for shared indexes
}acl debug produces the following output
# doveadm acl debug -u abi3@oleane.fr.fto shared/abi2@oleane.fr.fto/AA doveadm(abi3@oleane.fr.fto): Error: Mailbox 'shared.abi2@oleane\2efr\2efto.AA' in namespace '' doesn't exist in /var/mailboxes/mail02b/fr.fto/o/l/oleane/abi3/home/dovemail/.shared.abi2@oleane\2efr\2efto.AA
but if i remove "sharedboxes", it works as expected
# doveadm acl debug -u abi3@oleane.fr.fto shared/abi2@oleane.fr.fto/AA doveadm(abi3@oleane.fr.fto): Info: Mailbox 'AA' is in namespace 'shared/abi2@oleane.fr.fto/' doveadm(abi3@oleane.fr.fto): Info: Mailbox path: /var/mailboxes/mail02b/fr.fto/o/l/oleane/abi2/home/dovemail/.AA doveadm(abi3@oleane.fr.fto): Info: All message flags are shared across users in mailbox doveadm(abi3@oleane.fr.fto): Info: User abi3@oleane.fr.fto has rights: lookup read write write-seen write-deleted insert post expunge create delete admin doveadm(abi3@oleane.fr.fto): Info: Mailbox found from dovecot-acl-list doveadm(abi3@oleane.fr.fto): Info: User abi2@oleane.fr.fto found from ACL shared dict doveadm(abi3@oleane.fr.fto): Info: Mailbox shared/abi2@oleane.fr.fto/AA is visible in LIST
i also tried changing the prefix to sharedboxes/%%u/ and changing the debug command accordingly but that did not make a difference.
if i try the same config ( without naming the namespace ) with imapc ( using the location line that is commented in the above config sample ) it does not seem to loop when using doveadm debug, but it does not work either
# doveadm acl debug -u abi3@oleane.fr.fto shared/abi2@oleane.fr.fto/AA doveadm(abi3@oleane.fr.fto): Info: Mailbox 'AA' is in namespace 'shared/abi2@oleane.fr.fto/' doveadm(abi3@oleane.fr.fto): Info: Mailbox path: /var/mailboxes/mail02b/fr.fto/o/l/oleane/abi3/home/dovemail/shared/abi2@oleane.fr.fto/.AA doveadm(abi3@oleane.fr.fto): Info: All message flags are shared across users in mailbox doveadm(abi3@oleane.fr.fto): Info: User abi3@oleane.fr.fto has no rights for mailbox doveadm(abi3@oleane.fr.fto): Error: User abi3@oleane.fr.fto is missing 'lookup' right doveadm(abi3@oleane.fr.fto): Info: Mailbox shared/abi2@oleane.fr.fto/AA is NOT visible in LIST
the log show that the proper dovecot-acl file is read when ~abi logs in as ~abi2, but i do not see any trace of the acls being read over imap nor directly in the filesystem
if i actually use imap, i produce a loop ( rather a storm in fact if i setup many to many shares ) and end up with an empty shared namespace
what did i miss ?
thanks for your help
alex
Le 06/04/2016 21:41, Timo Sirainen a écrit :
On 04 Apr 2016, at 13:28, abi@oleane.net wrote:
namespace shared { type = shared list = yes # children disabled = yes separator = / prefix = shared/%%u/ location = imapc:~/dovemail/shared/%%u/ } Don't you get a warning with this?
Warning: Obsolete setting in dovecot.conf:1: namespace shared {} has been replaced by namespace { type=shared }
This is because of the v1.x dovecot.conf auto-conversion code. Try giving it a different name than "shared" and see if it works.
participants (2)
-
abi@oleane.net
-
Timo Sirainen