acl_group not working not working correctly
Hi,
I'm trying to setup group based ACLs coming from OpenLDAP. My setup doesn't require a POSIX Group match. In the Dovecot configuration file I have this: "user_attrs = [...], mailAclGroups=acl_groups" as well as "acl = vfile:/usr/local/etc/dovecot/global-acls:cache_secs=300". The user has "public" in the LDAP attribute "mailAclGroups". It seems to get everything right. I checked with doveadm - and I see public ist listed as expected:
cat /var/log/debug.log
[...]
Sep 16 23:39:04 WM-01 dovecot: auth: Debug: client passdb out: OK
1 user=leander@mydomain.localdomain acl_groups=public
[...]
cat /usr/local/etc/dovecot/global-acls INBOX owner lrwstipekxa Drafts owner lrwstipeka Sent owner lrwstipeka Spam owner lrwstipeka Trash owner lrwstipeka Public authenticated l Public group-override=public lrwstipekx Public/* group-override=public lrwstipekx
doveadm mailbox list -u leander@mydomain.localdomain Drafts Sent Trash Spam Shared Public Public/Service Center Shared/test@mydomain.localdomain Shared/test@mydomain.localdomain/Drafts Shared/test@mydomain.localdomain/Sent Shared/test@mydomain.localdomain/Trash Shared/test@mydomain.localdomain/Spam INBOX
But here comes the strange thing: telnet equal to Thunderbird: . LIST "" "*"
- LIST (\HasNoChildren \Drafts) "/" Drafts
- LIST (\HasNoChildren \Sent) "/" Sent
- LIST (\HasNoChildren \Trash) "/" Trash
- LIST (\HasNoChildren \Junk) "/" Spam
- LIST (\Noselect \HasChildren) "/" Shared
- LIST (\HasChildren) "/" Shared/test@mydomain.localdomain
- LIST (\HasNoChildren) "/" Shared/test@mydomain.localdomain/Drafts
- LIST (\HasNoChildren) "/" Shared/test@mydomain.localdomain/Sent
- LIST (\HasNoChildren) "/" Shared/test@mydomain.localdomain/Trash
- LIST (\HasNoChildren) "/" Shared/test@mydomain.localdomain/Spam
- LIST (\HasNoChildren) "/" INBOX . OK List completed (0.000 + 0.000 + 0.092 secs).
Public and Public/* shoul be listed as well, but it isn't. Any idea why it is behaving like this? Thanks
Best regards Leander Schäfer
Any idea?
Am 17.09.16 um 00:44 schrieb Leander Schäfer:
Hi,
I'm trying to setup group based ACLs coming from OpenLDAP. My setup doesn't require a POSIX Group match. In the Dovecot configuration file I have this: "user_attrs = [...], mailAclGroups=acl_groups" as well as "acl = vfile:/usr/local/etc/dovecot/global-acls:cache_secs=300". The user has "public" in the LDAP attribute "mailAclGroups". It seems to get everything right. I checked with doveadm - and I see public ist listed as expected:
cat /var/log/debug.log [...] Sep 16 23:39:04 WM-01 dovecot: auth: Debug: client passdb out: OK 1 user=leander@mydomain.localdomain acl_groups=public [...]
cat /usr/local/etc/dovecot/global-acls INBOX owner lrwstipekxa Drafts owner lrwstipeka Sent owner lrwstipeka Spam owner lrwstipeka Trash owner lrwstipeka Public authenticated l Public group-override=public lrwstipekx Public/* group-override=public lrwstipekx
doveadm mailbox list -u leander@mydomain.localdomain Drafts Sent Trash Spam Shared Public Public/Service Center Shared/test@mydomain.localdomain Shared/test@mydomain.localdomain/Drafts Shared/test@mydomain.localdomain/Sent Shared/test@mydomain.localdomain/Trash Shared/test@mydomain.localdomain/Spam INBOX
But here comes the strange thing: telnet equal to Thunderbird: . LIST "" "*"
- LIST (\HasNoChildren \Drafts) "/" Drafts
- LIST (\HasNoChildren \Sent) "/" Sent
- LIST (\HasNoChildren \Trash) "/" Trash
- LIST (\HasNoChildren \Junk) "/" Spam
- LIST (\Noselect \HasChildren) "/" Shared
- LIST (\HasChildren) "/" Shared/test@mydomain.localdomain
- LIST (\HasNoChildren) "/" Shared/test@mydomain.localdomain/Drafts
- LIST (\HasNoChildren) "/" Shared/test@mydomain.localdomain/Sent
- LIST (\HasNoChildren) "/" Shared/test@mydomain.localdomain/Trash
- LIST (\HasNoChildren) "/" Shared/test@mydomain.localdomain/Spam
- LIST (\HasNoChildren) "/" INBOX . OK List completed (0.000 + 0.000 + 0.092 secs).
Public and Public/* shoul be listed as well, but it isn't. Any idea why it is behaving like this? Thanks
Best regards Leander Schäfer
participants (1)
-
Leander Schäfer