[Dovecot] Acl Groups
Hi all!
I have a corpus of virtual users ( user1@domain.tld , user2@domain.tld, user3@domain.tld,..., usern@domain.tld ... ) authenticated against Active Directory.
Is it possible to group some users (virtual) and give appropriate ACLs on a shared imap public folder using an ACL vfile?
thanks in advance Dimitrios
On Wed, 2009-11-25 at 09:36 +0200, Dimitrios Karapiperis wrote:
I have a corpus of virtual users ( user1@domain.tld , user2@domain.tld, user3@domain.tld,..., usern@domain.tld ... ) authenticated against Active Directory.
Is it possible to group some users (virtual) and give appropriate ACLs on a shared imap public folder using an ACL vfile?
Yes, with v1.1+. You'll need to have your userdb lookup (or some other way, e.g. with post-login scripting) return a comma-separated acl_groups field. http://wiki.dovecot.org/ACL
O/H Timo Sirainen έγραψε:
On Wed, 2009-11-25 at 09:36 +0200, Dimitrios Karapiperis wrote:
I have a corpus of virtual users ( user1@domain.tld , user2@domain.tld, user3@domain.tld,..., usern@domain.tld ... ) authenticated against Active Directory.
Is it possible to group some users (virtual) and give appropriate ACLs on a shared imap public folder using an ACL vfile?
Yes, with v1.1+. You'll need to have your userdb lookup (or some other way, e.g. with post-login scripting) return a comma-separated acl_groups field. http://wiki.dovecot.org/ACL
Thanks for the reply.
//return a comma-separated acl_groups field. What does this mean, sorry I cannot usnderstand it. Is there somewhere some bits of configuration lines, so that it will be more clear.
Thanks Dimitrios
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wed, 25 Nov 2009, Δημήτριος Καραπιπέρης wrote:
//return a comma-separated acl_groups field. What does this mean, sorry I cannot usnderstand it. Is there somewhere some bits of configuration lines, so that it will be more clear.
Let your userdb return a field named acl_groups with a string value of:
group1,group2,group3
I guess, the group names themselves should be all 7bit alphanumeric.
How you do this, depends very much from your setup of userdb etc. The examples are on: http://wiki.dovecot.org/UserDatabase/ExtraFields
Regards,
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBSw5ilHWSIuGy1ktrAQLYAggAwbm+dfFxsPheSnVdsgx71QehrcLclBnz VlUgd555erfMsLt8iwVeFBiFFHqIXfi10QvweKx/N5BI7JQaecMq5ujfh9nUAjkB RCkxK4KX86VmnR62jXTitL60/LNlEYFGNSrxlC+b5egeqQsgUwqrTJVsB7kpwBjv VOGoXUp4gJ8lFemnCfxM090Oyl+h1aysnK/7KRICKal1yfkJGDp+aonblPLps7dk WnPFh1yxTealmkP07to+/c5yzFnP7YcGzfu4x/kfKswFatkYzKpzUOP+sy8vFqId BrdjwogtRH+BsQmu/HD3qD3nBL+769B1BwuVd4lk3lU2s8Qtpj8PFw== =WpOo -----END PGP SIGNATURE-----
O/H Steffen Kaiser έγραψε:
//return a comma-separated acl_groups field. What does this mean, sorry I cannot usnderstand it. Is there somewhere some bits of configuration lines, so that it will be more clear.
Let your userdb return a field named acl_groups with a string value of:
group1,group2,group3
I guess, the group names themselves should be all 7bit alphanumeric.
How you do this, depends very much from your setup of userdb etc. The examples are on: http://wiki.dovecot.org/UserDatabase/ExtraFields
Regards,
Thanks for the reply. I am wondering how this is possible with Active Directory.
thanks in advance Dimitrios
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Thu, 26 Nov 2009, Dimitrios Karapiperis wrote:
I am wondering how this is possible with Active Directory.
Oh:
Extend your AD schema :-)
use an attribute that is not used otherwise Usually an orgPerson has attributes like "street", "homePostalAddress", "description", or something like that. I do not use AD, so I don't know nothing about its working schema.
Regards,
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBSw6vc3WSIuGy1ktrAQIuuwgAkKVQtBY/lra0Wq3bbormT7e678J3JWwx G+qA61cQR6NtsOXqujYHexX+AK5xed51mUdMk8NOQG6wAgh2ZtY4Tq7CocDaD04u QbgktxEVHKk3ouMYT33RWQgag3Nr0Fji5nVQFEw5zaxkn0fRUOYExxbzVgMcdWIj ZW1QvLYusIZDcR0aoUq+kmyc+HOBAwTUtE+eIaBdbhOw72AYvCrFIHbcrIg3vtjL VKE0mbvTxWBUjv/IXC+RSMs9WgKxPQUkNWR2DTFm/j95h9Xelp/Q9L7U3l54bHCt YWnaVwJulfrs++gle6cqawH1RpiYqnyKAzg25ou5xBzk7J8Y4qSQEQ== =IS1q -----END PGP SIGNATURE-----
participants (4)
-
Dimitrios Karapiperis
-
Steffen Kaiser
-
Timo Sirainen
-
Δημήτριος Καραπιπέρης