[Dovecot] migration dove 2.0 2.1 shared namespace acl broken
Hi Tim, after upgrade to 2.1 acl with shared namespace seems to be broken it looks like depend to
No lookup right to mailbox: shared/
it runs perfect under 2.0.20
Best Regards
MfG Robert Schetterer
Germany/Munich/Bavaria
Am 17.04.2012 13:47, schrieb Robert Schetterer:
Hi Tim,
i should get some "o"
after upgrade to 2.1 acl with shared namespace seems to be broken it looks like depend to
No lookup right to mailbox: shared/
it runs perfect under 2.0.20
looks its depended to bug handling
doveadm acl debug
shows on both versions
Fatal: ACL shared dict iteration failed
but dove 2.1 does handle this in another way means, results in no rights , and no list for that
-- Best Regards
MfG Robert Schetterer
Germany/Munich/Bavaria
Am 18.04.2012 19:01, schrieb Timo Sirainen:
On 17.4.2012, at 17.40, Robert Schetterer wrote:
doveadm acl debug
shows on both versions
Fatal: ACL shared dict iteration failed
Doesn't it show any other error message before this? Either to terminal or to error log? What's your doveconf -n?
Hi Timo, i didnt found more usefull errors before all are like Debug: acl: No lookup right to mailbox: but that istn true, i checked it in the filesystem and tried new acls etc ( and they working under 2.0.20 )
to me it looks like some acl check/list problem perhaps depend on stuff like in i.e http://hg.dovecot.org/dovecot-2.1/rev/65a75939ac2c
as i said the old 2.0.20 works still fine on the other server the only change i did was with virtual and namespace inbox to get special_use working
this is from the dove version
# 2.1.4 (85ad4baedd43): /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-37-server x86_64 Ubuntu 10.04.4 LTS auth_cache_negative_ttl = 0 auth_cache_size = 50 M auth_debug = yes auth_debug_passwords = yes auth_master_user_separator = * auth_mechanisms = plain login auth_socket_path = /var/run/dovecot/auth-userdb auth_verbose = yes auth_verbose_passwords = plain auth_worker_max_count = 300 dict { acl = mysql:/etc/dovecot/dovecot-dict-acl-sql.conf.ext expire = mysql:/etc/dovecot/dovecot-dict-expire-sql.conf.ext quotadict = mysql:/etc/dovecot/dovecot-dict-quota-sql.conf.ext } disable_plaintext_auth = no first_valid_gid = 1001 first_valid_uid = 1001 hostname = mail01.example.com last_valid_gid = 1001 last_valid_uid = 1001 listen = * login_greeting = imap, pop ready mail_access_groups = vmail mail_debug = yes mail_fsync = always mail_gid = 1001 mail_location = maildir:~/ mail_nfs_index = yes mail_nfs_storage = yes mail_plugins = " stats zlib expire virtual fts fts_squat mail_log autocreate notify acl listescape" mail_privileged_group = vmail mail_uid = 1001 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave imapflags notify mmap_disable = yes namespace { list = yes location = maildir:/usr/local/virtual/%%d/%%u:INDEX=~/shared/%%d/%%u prefix = shared/%%u/ separator = / subscriptions = no type = shared } namespace inbox { hidden = no list = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } mailbox name { special_use = \Drafts \Junk \Sent \Trash } prefix = separator = / subscriptions = yes } namespace real { hidden = yes list = no location = prefix = RealMails/ separator = / } namespace virtual { hidden = yes list = no location = virtual:/etc/dovecot/virtual2:LAYOUT=maildir++:INDEX=~/virtual prefix = virtual/ separator = / } passdb { args = /etc/dovecot/dovecot-sql-master.conf.ext driver = sql master = yes pass = yes } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { acl = vfile:/etc/dovecot/global-acls:cache_secs=300 acl_shared_dict = proxy::acl autocreate = Trash autocreate2 = Junk autocreate3 = Sent autocreate4 = Drafts autocreate5 = Templates autocreate6 = Hostmaster-Backup autocreate7 = archiv-backup-mailspooler autosubscribe = Trash autosubscribe2 = Junk autosubscribe3 = Sent autosubscribe4 = Drafts autosubscribe5 = Templates expire = Trash expire2 = Trash/* expire3 = Junk expire4 = Junk/* expire5 = Hostmaster-Backup expire6 = Hostmaster-Backup/* expire7 = archiv-backup-mailspooler/* expire_dict = proxy::expire fts = squat home = /usr/local/virtual/%d/%u mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid size mail_log_group_events = yes quota = dict:::proxy::quotadict quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u sieve = /usr/local/virtual/%d/%u/dovecot.sieve sieve_before = /etc/dovecot/sieve/global.sieve sieve_dir = /usr/local/virtual/%d/%u/sieve sieve_execute_bin_dir = /usr/lib/dovecot/sieve-execute sieve_execute_socket_dir = sieve-execute sieve_extensions = +notify +imapflags sieve_filter_bin_dir = /usr/lib/dovecot/sieve-filter sieve_filter_socket_dir = sieve-filter sieve_global_dir = /etc/dovecot/sieve/ sieve_global_extensions = +vnd.dovecot.execute +vnd.dovecot.pipe +vnd.dovecot.filter sieve_global_path = /etc/dovecot/sieve/global.sieve sieve_pipe_bin_dir = /usr/lib/dovecot/sieve-pipe sieve_pipe_socket_dir = sieve-pipe sieve_plugins = sieve_extprograms stats_refresh = 30 secs stats_track_cmds = yes zlib_save = gz zlib_save_level = 6 } postmaster_address = hostmaster@mail01.example.com protocols = imap pop3 lmtp sieve sendmail_path = /usr/lib/sendmail service anvil { client_limit = 1000 } service auth-worker { user = root } service auth { client_limit = 1000 unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { group = vmail mode = 0600 user = vmail } } service dict { extra_groups = vmail unix_listener dict { group = vmail mode = 0660 } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } process_min_avail = 8 service_count = 1 } service imap-postlogin { executable = script-login /usr/local/bin/postlogin_imap.sh } service imap { executable = imap imap-postlogin process_limit = 1024 vsz_limit = 256 M } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } vsz_limit = 256 M } service managesieve-login { inet_listener { address = 127.0.0.1 212.52.224.210 212.52.224.205 port = 2000 } vsz_limit = 256 M } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } } service pop3-postlogin { executable = script-login /usr/local/bin/postlogin_pop3.sh } service pop3 { executable = pop3 pop3-postlogin process_limit = 1024 } service quota-warning { executable = script /usr/local/bin/quota-warning.sh unix_listener quota-warning { mode = 0666 user = vmail } user = vmail } service stats { fifo_listener stats-mail { mode = 0600 user = vmail } } ssl_ca =
-- Best Regards
MfG Robert Schetterer
Germany/Munich/Bavaria
Am 18.04.2012 19:44, schrieb Robert Schetterer:
Am 18.04.2012 19:01, schrieb Timo Sirainen:
On 17.4.2012, at 17.40, Robert Schetterer wrote:
doveadm acl debug
shows on both versions
Fatal: ACL shared dict iteration failed
Doesn't it show any other error message before this? Either to terminal or to error log? What's your doveconf -n?
Hi Timo, i didnt found more usefull errors before all are like Debug: acl: No lookup right to mailbox: but that istn true, i checked it in the filesystem and tried new acls etc ( and they working under 2.0.20 )
to me it looks like some acl check/list problem perhaps depend on stuff like in i.e http://hg.dovecot.org/dovecot-2.1/rev/65a75939ac2c
as i said the old 2.0.20 works still fine on the other server the only change i did was with virtual and namespace inbox to get special_use working
this is from the dove version
# 2.1.4 (85ad4baedd43): /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-37-server x86_64 Ubuntu 10.04.4 LTS auth_cache_negative_ttl = 0 auth_cache_size = 50 M auth_debug = yes auth_debug_passwords = yes auth_master_user_separator = * auth_mechanisms = plain login auth_socket_path = /var/run/dovecot/auth-userdb auth_verbose = yes auth_verbose_passwords = plain auth_worker_max_count = 300 dict { acl = mysql:/etc/dovecot/dovecot-dict-acl-sql.conf.ext expire = mysql:/etc/dovecot/dovecot-dict-expire-sql.conf.ext quotadict = mysql:/etc/dovecot/dovecot-dict-quota-sql.conf.ext } disable_plaintext_auth = no first_valid_gid = 1001 first_valid_uid = 1001 hostname = mail01.example.com last_valid_gid = 1001 last_valid_uid = 1001 listen = * login_greeting = imap, pop ready mail_access_groups = vmail mail_debug = yes mail_fsync = always mail_gid = 1001 mail_location = maildir:~/ mail_nfs_index = yes mail_nfs_storage = yes mail_plugins = " stats zlib expire virtual fts fts_squat mail_log autocreate notify acl listescape" mail_privileged_group = vmail mail_uid = 1001 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave imapflags notify mmap_disable = yes namespace { list = yes location = maildir:/usr/local/virtual/%%d/%%u:INDEX=~/shared/%%d/%%u prefix = shared/%%u/ separator = / subscriptions = no type = shared } namespace inbox { hidden = no list = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } mailbox name { special_use = \Drafts \Junk \Sent \Trash } prefix = separator = / subscriptions = yes } namespace real { hidden = yes list = no location = prefix = RealMails/ separator = / } namespace virtual { hidden = yes list = no location = virtual:/etc/dovecot/virtual2:LAYOUT=maildir++:INDEX=~/virtual prefix = virtual/ separator = / } passdb { args = /etc/dovecot/dovecot-sql-master.conf.ext driver = sql master = yes pass = yes } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { acl = vfile:/etc/dovecot/global-acls:cache_secs=300 acl_shared_dict = proxy::acl autocreate = Trash autocreate2 = Junk autocreate3 = Sent autocreate4 = Drafts autocreate5 = Templates autocreate6 = Hostmaster-Backup autocreate7 = archiv-backup-mailspooler autosubscribe = Trash autosubscribe2 = Junk autosubscribe3 = Sent autosubscribe4 = Drafts autosubscribe5 = Templates expire = Trash expire2 = Trash/* expire3 = Junk expire4 = Junk/* expire5 = Hostmaster-Backup expire6 = Hostmaster-Backup/* expire7 = archiv-backup-mailspooler/* expire_dict = proxy::expire fts = squat home = /usr/local/virtual/%d/%u mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid size mail_log_group_events = yes quota = dict:::proxy::quotadict quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u sieve = /usr/local/virtual/%d/%u/dovecot.sieve sieve_before = /etc/dovecot/sieve/global.sieve sieve_dir = /usr/local/virtual/%d/%u/sieve sieve_execute_bin_dir = /usr/lib/dovecot/sieve-execute sieve_execute_socket_dir = sieve-execute sieve_extensions = +notify +imapflags sieve_filter_bin_dir = /usr/lib/dovecot/sieve-filter sieve_filter_socket_dir = sieve-filter sieve_global_dir = /etc/dovecot/sieve/ sieve_global_extensions = +vnd.dovecot.execute +vnd.dovecot.pipe +vnd.dovecot.filter sieve_global_path = /etc/dovecot/sieve/global.sieve sieve_pipe_bin_dir = /usr/lib/dovecot/sieve-pipe sieve_pipe_socket_dir = sieve-pipe sieve_plugins = sieve_extprograms stats_refresh = 30 secs stats_track_cmds = yes zlib_save = gz zlib_save_level = 6 } postmaster_address = hostmaster@mail01.example.com protocols = imap pop3 lmtp sieve sendmail_path = /usr/lib/sendmail service anvil { client_limit = 1000 } service auth-worker { user = root } service auth { client_limit = 1000 unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { group = vmail mode = 0600 user = vmail } } service dict { extra_groups = vmail unix_listener dict { group = vmail mode = 0660 } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } process_min_avail = 8 service_count = 1 } service imap-postlogin { executable = script-login /usr/local/bin/postlogin_imap.sh } service imap { executable = imap imap-postlogin process_limit = 1024 vsz_limit = 256 M } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } vsz_limit = 256 M } service managesieve-login { inet_listener { address = 127.0.0.1 212.52.224.210 212.52.224.205 port = 2000 } vsz_limit = 256 M } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } } service pop3-postlogin { executable = script-login /usr/local/bin/postlogin_pop3.sh } service pop3 { executable = pop3 pop3-postlogin process_limit = 1024 } service quota-warning { executable = script /usr/local/bin/quota-warning.sh unix_listener quota-warning { mode = 0666 user = vmail } user = vmail } service stats { fifo_listener stats-mail { mode = 0600 user = vmail } } ssl_ca =
Hi Timo, i did some more tests in shared namespace prefix
shared/%%u/ is not working
shared/%%n/ is working
i cant use that cause of mutiple domains naming convention ,users are user@domain.de etc
-- Best Regards
MfG Robert Schetterer
Germany/Munich/Bavaria
On 19.4.2012, at 17.45, Robert Schetterer wrote:
Hi Timo, i did some more tests in shared namespace prefix
shared/%%u/ is not working
shared/%%n/ is working
i cant use that cause of mutiple domains naming convention ,users are user@domain.de etc
I can't really think of why that would make a difference. I did a few tests and couldn't reproduce the problem. Try if changing the location in the shared namespace makes a difference:
namespace { list = yes location = maildir:%%h:INDEX=~/shared/%%d/%%u prefix = shared/%%u/ separator = / subscriptions = no type = shared }
BTW. You could remove autocreate plugin by moving the rest of the autocreates to mailbox { auto=create } settings.
Am 19.04.2012 17:41, schrieb Timo Sirainen:
On 19.4.2012, at 17.45, Robert Schetterer wrote:
Hi Timo, i did some more tests in shared namespace prefix
shared/%%u/ is not working
shared/%%n/ is working
i cant use that cause of mutiple domains naming convention ,users are user@domain.de etc
I can't really think of why that would make a difference. I did a few tests and couldn't reproduce the problem. Try if changing the location in the shared namespace makes a difference:
namespace { list = yes location = maildir:%%h:INDEX=~/shared/%%d/%%u
hi Timo,
prefix = shared/%%u/ is not working !!! under 2.1 / it works under 2.0.20
prefix = shared/%%n/ is working
but then i see only users of my domain acl shared with their user part of i.e user@domain.de
--shared | user ( of my own domain )
i cant use this because i have to share cross domain and users may have same names in different domains
what i need is
--shared | user@domainwhatever.de
separator = / subscriptions = no type = shared }
BTW. You could remove autocreate plugin by moving the rest of the autocreates to mailbox { auto=create } settings. i know this
nevertheless i try location change
-- Best Regards
MfG Robert Schetterer
Germany/Munich/Bavaria
Am 19.04.2012 18:30, schrieb Robert Schetterer:
Am 19.04.2012 17:41, schrieb Timo Sirainen:
On 19.4.2012, at 17.45, Robert Schetterer wrote:
Hi Timo, i did some more tests in shared namespace prefix
shared/%%u/ is not working
shared/%%n/ is working
i cant use that cause of mutiple domains naming convention ,users are user@domain.de etc
I can't really think of why that would make a difference. I did a few tests and couldn't reproduce the problem. Try if changing the location in the shared namespace makes a difference:
namespace { list = yes location = maildir:%%h:INDEX=~/shared/%%d/%%u
hi Timo,
prefix = shared/%%u/ is not working !!! under 2.1 / it works under 2.0.20
prefix = shared/%%n/ is working
but then i see only users of my domain acl shared with their user part of i.e user@domain.de
--shared | user ( of my own domain )
i cant use this because i have to share cross domain and users may have same names in different domains
what i need is
--shared | user@domainwhatever.de
separator = / subscriptions = no type = shared }
BTW. You could remove autocreate plugin by moving the rest of the autocreates to mailbox { auto=create } settings. i know this
nevertheless i try location change
just for info location change to location = maildir:%%h:INDEX=~/shared/%%d/%%u does not lead to get it work
prefix = shared/%%u/ simply dont works
i have reverted back to exact namespace config of the 2.0.20 server, same result, so something broken in 2.1
-- Best Regards
MfG Robert Schetterer
Germany/Munich/Bavaria
prefix = shared/%%u/ simply dont works
i have reverted back to exact namespace config of the 2.0.20 server, same result, so something broken in 2.1
Hi Timo problem solved by removing listescape plugin the acl paths did / instead of dot in domainname
any chance to get listescape fixed ?
Best Regards
MfG Robert Schetterer
Germany/Munich/Bavaria
On 19.4.2012, at 23.27, Robert Schetterer wrote:
prefix = shared/%%u/ simply dont works
i have reverted back to exact namespace config of the 2.0.20 server, same result, so something broken in 2.1
Hi Timo problem solved by removing listescape plugin the acl paths did / instead of dot in domainname
any chance to get listescape fixed ?
Ah, that makes it easy to fix: http://hg.dovecot.org/dovecot-2.1/rev/63af3274fb6f
Am 23.04.2012 13:12, schrieb Timo Sirainen:
On 19.4.2012, at 23.27, Robert Schetterer wrote:
prefix = shared/%%u/ simply dont works
i have reverted back to exact namespace config of the 2.0.20 server, same result, so something broken in 2.1
Hi Timo problem solved by removing listescape plugin the acl paths did / instead of dot in domainname
any chance to get listescape fixed ?
Ah, that makes it easy to fix: http://hg.dovecot.org/dovecot-2.1/rev/63af3274fb6f
Hi Timo, for small tests problem seems to be fixed, thx youre great
-- Best Regards
MfG Robert Schetterer
Germany/Munich/Bavaria
participants (2)
-
Robert Schetterer
-
Timo Sirainen