[Dovecot] imap_acl and osx 10.7
Hello everybody,
I'm trying to setup public folder with ACLs on a Lion Server 10.7.5
unfortunately it seems that the imap_acl plugin is not loaded properly
do you have any advice?
cheers Piero
This is what i get from the log with imap_acl plugin enabled in protocol imap { }
Log file:
imap: Debug: Loading modules from directory: /usr/lib/dovecot Nov 22 09:08:14 xserve04 dovecot[87688]: imap: Error: dlopen(/usr/lib/dovecot/lib02_imap_acl_plugin.so) failed: dlopen(/usr/lib/dovecot/lib02_imap_acl_plugin.so, 10): Symbol not found: _acl_user_module Nov 22 09:08:14 xserve04 dovecot[87688]: imap: Error: Referenced from: /usr/lib/dovecot/lib02_imap_acl_plugin.so Nov 22 09:08:14 xserve04 dovecot[87688]: imap: Error: Expected in: flat namespace Nov 22 09:08:14 xserve04 dovecot[87688]: imap: Error: in /usr/lib/dovecot/lib02_imap_acl_plugin.so Nov 22 09:08:14 xserve04 dovecot[87688]: imap: Fatal: Couldn't load required plugins Nov 22 09:08:14 xserve04 dovecot[43220]: master: Error: service(imap): command startup failed, throttling
dovecot config
# 2.0.16apple1: /etc/dovecot/dovecot.conf # OS: Darwin 11.4.2 x86_64 acfs auth_debug = yes auth_debug_passwords = yes auth_gssapi_hostname = $ALL auth_mechanisms = cram-md5 x-plain-submit apop gssapi plain login auth_socket_path = /var/run/dovecot/auth-userdb auth_username_format = %n default_internal_user = _dovecot default_login_user = _dovenull disable_plaintext_auth = no first_valid_gid = 6 first_valid_uid = 6 hostname = mail.customer.com mail_access_groups = mail mail_debug = yes mail_location = maildir:/Volumes/XsanVolume/Mail/%u mail_log_prefix = "%s(pid %p user %u): " mail_plugins = quota zlib fts fts_sk acl managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave mdbox_rotate_size = 200 M namespace { inbox = yes location = prefix = separator = / type = private } namespace { hidden = yes list = children location = maildir:/Volumes/XsanVolume/Mail/Condivise/Interno:CONTROL=/Volumes/XsanVolume/Mail/Condivise/Indexes/%u/shared_Interno:INDEX=/Volumes/XsanVolume/Mail/Condivise/Indexes/%u/shared_Interno prefix = Interno/ separator = / subscriptions = no type = public } passdb { args = /etc/dovecot/submit.passdb driver = passwd-file pass = yes submit = yes } passdb { driver = od } plugin { acl = vfile fts = sk quota = maildir:User quota quota_warning = storage=100%% quota-exceeded %u quota_warning2 = storage=80%% quota-warning %u sieve = /Library/Server/Mail/Data/rules/%u/dovecot.sieve sieve_dir = /Library/Server/Mail/Data/rules/%u } postmaster_address = postmaster@xserve04.customer.com protocols = imap pop3 lmtp sieve quota_full_tempfail = yes service auth { extra_groups = _keytabusers idle_kill = 15 mins } service dns_client { unix_listener dns-client { mode = 0600 } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } service_count = 0 } service imap-postlogin { executable = script-login -d /etc/dovecot/acl_groups.sh unix_listener imap-postlogin { group = mail mode = 0600 user = _dovecot } user = _dovecot } service imap { client_limit = 5 executable = imap imap-postlogin process_limit = 200 service_count = 0 } service lmtp { unix_listener lmtp { mode = 0600 } } service managesieve-login { inet_listener sieve { port = 4190 } inet_listener sieve_deprecated { port = 2000 } } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } } service pop3 { client_limit = 5 process_limit = 200 service_count = 0 } service quota-exceeded { executable = script /usr/libexec/dovecot/quota-exceeded.sh unix_listener quota-exceeded { group = mail mode = 0660 user = _dovecot } user = _dovecot } service quota-warning { executable = script /usr/libexec/dovecot/quota-warning.sh unix_listener quota-warning { group = mail mode = 0660 user = _dovecot } user = _dovecot } ssl_ca =
-- Piero Zucchi
Apple Certified Trainer
Apple Certified Specialist Professional 10.8
Apple Certified Technical Coordinator 10.7
Apple Certified System Administrator 10.6 Apple Certified Technical Coordinator 10.6 Apple Certified Specialist - Mac Os X Directory Services 10.6 Apple Certified Specialist - Mobility and Security 10.6
Apple Certified System Administrator 10.5 Apple Certified Technical Coordinator 10.5 Apple Certified Support Professional 10.5
Apple Certified Pro - Final Cut Pro 7, Level 1
Am 22.11.2012 09:46, schrieb Piero Zucchi:
Hello everybody,
I'm trying to setup public folder with ACLs on a Lion Server 10.7.5
unfortunately it seems that the imap_acl plugin is not loaded properly
do you have any advice?
cheers Piero
i dont really remember but at some time there was a bug with acl plugin
try 2.0.21 or 2.1.10
compare your config against
Best Regards MfG Robert Schetterer
-- [*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Joerg Heidrich
Thank you for your quick reply, Robert. The configuration looks ok, so I will search for version related bugs although it would be very hard upgrading to a newer version, because apple patches apply up to 2.0.16.
cheers P.
2012/11/22 Robert Schetterer rs@sys4.de:
Am 22.11.2012 09:46, schrieb Piero Zucchi:
Hello everybody,
I'm trying to setup public folder with ACLs on a Lion Server 10.7.5
unfortunately it seems that the imap_acl plugin is not loaded properly
do you have any advice?
cheers Piero
i dont really remember but at some time there was a bug with acl plugin
try 2.0.21 or 2.1.10
compare your config against
Best Regards MfG Robert Schetterer
-- Piero Zucchi
Apple Certified Trainer
Apple Certified Technical Coordinator 10.8 Apple Certified Technical Coordinator 10.7 Apple Certified System Administrator 10.6 Apple Certified Technical Coordinator 10.6 Apple Certified Specialist - Mac Os X Directory Services 10.6 Apple Certified Specialist - Mobility and Security 10.6 Apple Certified System Administrator 10.5 Apple Certified Technical Coordinator 10.5 Apple Certified Support Professional 10.5 Apple Certified Pro - Final Cut Pro 7, Level 1
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Thu, 22 Nov 2012, Piero Zucchi wrote:
imap: Debug: Loading modules from directory: /usr/lib/dovecot Nov 22 09:08:14 xserve04 dovecot[87688]: imap: Error: dlopen(/usr/lib/dovecot/lib02_imap_acl_plugin.so) failed: dlopen(/usr/lib/dovecot/lib02_imap_acl_plugin.so, 10): Symbol not found: _acl_user_module
are you sure, that the module is from the very same Dovecot version? I had Symbol not found errors, because I changed the ./configure options and something was not installed properly. After starting from scratch and copying the config over, it worked.
Regards,
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBUK4YAmoxLS8a3A9mAQL6bQf/Z1/m/d0fgzPC/g6oA3bSQj4v344BcC7y SeCEHf4YRZITRP87gtGyJSyrK8DamupXSiM3eyutddl3aNUmsfhDoV0f2DVBkSeI soAQeMTSOal4214sUzJVK51kC448f1mdVLGhsCGI+FtUKSlq0K6XX4W+RTFQcEri Q1cq+Z+2fP42DfQlhXxvW3N4vJmqPDkARyCylu6IUs0S9xuc9mE1BF/aRQCGk6cv 68pD+Bt/PzfBNnm+TuA+xyZab90JrbZTh5pYnvf9i17xcEvi2VqRMAX6hfhg3FkV Wp7M5as+kY7op23cnCvULzdMMbKoZnPl3LEY+/YetU7gB0nyqlAW9g== =yB4V -----END PGP SIGNATURE-----
Hallo Steffen, yes, I'm quite sure since it's a default mac os x server installation, so I haven neither installed nor compiled anything.
P.
2012/11/22 Steffen Kaiser skdovecot@smail.inf.fh-brs.de:
are you sure, that the module is from the very same Dovecot version? I had Symbol not found errors, because I changed the ./configure options and something was not installed properly. After starting from scratch and copying the config over, it worked.
Regards,
- -- Steffen Kaiser
-- Piero Zucchi
Apple Certified Trainer
Apple Certified Specialist Professional 10.8
Apple Certified Technical Coordinator 10.7
Apple Certified System Administrator 10.6 Apple Certified Technical Coordinator 10.6 Apple Certified Specialist - Mac Os X Directory Services 10.6 Apple Certified Specialist - Mobility and Security 10.6
Apple Certified System Administrator 10.5 Apple Certified Technical Coordinator 10.5 Apple Certified Support Professional 10.5
Apple Certified Pro - Final Cut Pro 7, Level 1
Ciao Piero! :)
Apparently, you might be running into this:
http://dovecot.org/list/dovecot/2012-October/068723.html
OS X's dynamic linker is not among the forgiving ones (as far as I know from experience with other software). It looks like Apple shipped Dovecot without running any tests with the extra plugins (which I do not believe they do).
Unfortunately, even assuming this nails it, I wouldn't know off the top of my head how to fix it without recompiling from sources; install_name_tool(1) will only change the names of listed shared libraries, but not add new ones. Perhaps someone else has further advice on this matter.
Emanuele
On 22 November 2012 09:46, Piero Zucchi pzucchi@gmail.com wrote:
Hello everybody,
I'm trying to setup public folder with ACLs on a Lion Server 10.7.5
unfortunately it seems that the imap_acl plugin is not loaded properly
do you have any advice?
cheers Piero
This is what i get from the log with imap_acl plugin enabled in protocol imap { }
Log file:
imap: Debug: Loading modules from directory: /usr/lib/dovecot Nov 22 09:08:14 xserve04 dovecot[87688]: imap: Error: dlopen(/usr/lib/dovecot/lib02_imap_acl_plugin.so) failed: dlopen(/usr/lib/dovecot/lib02_imap_acl_plugin.so, 10): Symbol not found: _acl_user_module Nov 22 09:08:14 xserve04 dovecot[87688]: imap: Error: Referenced from: /usr/lib/dovecot/lib02_imap_acl_plugin.so Nov 22 09:08:14 xserve04 dovecot[87688]: imap: Error: Expected in: flat namespace Nov 22 09:08:14 xserve04 dovecot[87688]: imap: Error: in /usr/lib/dovecot/lib02_imap_acl_plugin.so Nov 22 09:08:14 xserve04 dovecot[87688]: imap: Fatal: Couldn't load required plugins Nov 22 09:08:14 xserve04 dovecot[43220]: master: Error: service(imap): command startup failed, throttling
dovecot config
# 2.0.16apple1: /etc/dovecot/dovecot.conf # OS: Darwin 11.4.2 x86_64 acfs auth_debug = yes auth_debug_passwords = yes auth_gssapi_hostname = $ALL auth_mechanisms = cram-md5 x-plain-submit apop gssapi plain login auth_socket_path = /var/run/dovecot/auth-userdb auth_username_format = %n default_internal_user = _dovecot default_login_user = _dovenull disable_plaintext_auth = no first_valid_gid = 6 first_valid_uid = 6 hostname = mail.customer.com mail_access_groups = mail mail_debug = yes mail_location = maildir:/Volumes/XsanVolume/Mail/%u mail_log_prefix = "%s(pid %p user %u): " mail_plugins = quota zlib fts fts_sk acl managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave mdbox_rotate_size = 200 M namespace { inbox = yes location = prefix = separator = / type = private } namespace { hidden = yes list = children location = maildir:/Volumes/XsanVolume/Mail/Condivise/Interno:CONTROL=/Volumes/XsanVolume/Mail/Condivise/Indexes/%u/shared_Interno:INDEX=/Volumes/XsanVolume/Mail/Condivise/Indexes/%u/shared_Interno prefix = Interno/ separator = / subscriptions = no type = public } passdb { args = /etc/dovecot/submit.passdb driver = passwd-file pass = yes submit = yes } passdb { driver = od } plugin { acl = vfile fts = sk quota = maildir:User quota quota_warning = storage=100%% quota-exceeded %u quota_warning2 = storage=80%% quota-warning %u sieve = /Library/Server/Mail/Data/rules/%u/dovecot.sieve sieve_dir = /Library/Server/Mail/Data/rules/%u } postmaster_address = postmaster@xserve04.customer.com protocols = imap pop3 lmtp sieve quota_full_tempfail = yes service auth { extra_groups = _keytabusers idle_kill = 15 mins } service dns_client { unix_listener dns-client { mode = 0600 } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } service_count = 0 } service imap-postlogin { executable = script-login -d /etc/dovecot/acl_groups.sh unix_listener imap-postlogin { group = mail mode = 0600 user = _dovecot } user = _dovecot } service imap { client_limit = 5 executable = imap imap-postlogin process_limit = 200 service_count = 0 } service lmtp { unix_listener lmtp { mode = 0600 } } service managesieve-login { inet_listener sieve { port = 4190 } inet_listener sieve_deprecated { port = 2000 } } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } } service pop3 { client_limit = 5 process_limit = 200 service_count = 0 } service quota-exceeded { executable = script /usr/libexec/dovecot/quota-exceeded.sh unix_listener quota-exceeded { group = mail mode = 0660 user = _dovecot } user = _dovecot } service quota-warning { executable = script /usr/libexec/dovecot/quota-warning.sh unix_listener quota-warning { group = mail mode = 0660 user = _dovecot } user = _dovecot } ssl_ca =
-- Piero Zucchi
Apple Certified Trainer
Apple Certified Specialist Professional 10.8
Apple Certified Technical Coordinator 10.7
Apple Certified System Administrator 10.6 Apple Certified Technical Coordinator 10.6 Apple Certified Specialist - Mac Os X Directory Services 10.6 Apple Certified Specialist - Mobility and Security 10.6
Apple Certified System Administrator 10.5 Apple Certified Technical Coordinator 10.5 Apple Certified Support Professional 10.5
Apple Certified Pro - Final Cut Pro 7, Level 1
ciao Emanuele! :)
Thanks so much for your answer :). I will file a bug on radar (apple) and see if they fix it or piss me off: "we do not support acl on email".
P.
2012/11/22 Emanuele Pucciarelli puccia+ml-dovecot@gmail.com:
Ciao Piero! :)
Apparently, you might be running into this:
http://dovecot.org/list/dovecot/2012-October/068723.html
OS X's dynamic linker is not among the forgiving ones (as far as I know from experience with other software). It looks like Apple shipped Dovecot without running any tests with the extra plugins (which I do not believe they do).
Unfortunately, even assuming this nails it, I wouldn't know off the top of my head how to fix it without recompiling from sources; install_name_tool(1) will only change the names of listed shared libraries, but not add new ones. Perhaps someone else has further advice on this matter.
Emanuele
On 22 November 2012 09:46, Piero Zucchi pzucchi@gmail.com wrote:
Hello everybody,
I'm trying to setup public folder with ACLs on a Lion Server 10.7.5
unfortunately it seems that the imap_acl plugin is not loaded properly
do you have any advice?
cheers Piero
This is what i get from the log with imap_acl plugin enabled in protocol imap { }
Log file:
imap: Debug: Loading modules from directory: /usr/lib/dovecot Nov 22 09:08:14 xserve04 dovecot[87688]: imap: Error: dlopen(/usr/lib/dovecot/lib02_imap_acl_plugin.so) failed: dlopen(/usr/lib/dovecot/lib02_imap_acl_plugin.so, 10): Symbol not found: _acl_user_module Nov 22 09:08:14 xserve04 dovecot[87688]: imap: Error: Referenced from: /usr/lib/dovecot/lib02_imap_acl_plugin.so Nov 22 09:08:14 xserve04 dovecot[87688]: imap: Error: Expected in: flat namespace Nov 22 09:08:14 xserve04 dovecot[87688]: imap: Error: in /usr/lib/dovecot/lib02_imap_acl_plugin.so Nov 22 09:08:14 xserve04 dovecot[87688]: imap: Fatal: Couldn't load required plugins Nov 22 09:08:14 xserve04 dovecot[43220]: master: Error: service(imap): command startup failed, throttling
dovecot config
# 2.0.16apple1: /etc/dovecot/dovecot.conf # OS: Darwin 11.4.2 x86_64 acfs auth_debug = yes auth_debug_passwords = yes auth_gssapi_hostname = $ALL auth_mechanisms = cram-md5 x-plain-submit apop gssapi plain login auth_socket_path = /var/run/dovecot/auth-userdb auth_username_format = %n default_internal_user = _dovecot default_login_user = _dovenull disable_plaintext_auth = no first_valid_gid = 6 first_valid_uid = 6 hostname = mail.customer.com mail_access_groups = mail mail_debug = yes mail_location = maildir:/Volumes/XsanVolume/Mail/%u mail_log_prefix = "%s(pid %p user %u): " mail_plugins = quota zlib fts fts_sk acl managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave mdbox_rotate_size = 200 M namespace { inbox = yes location = prefix = separator = / type = private } namespace { hidden = yes list = children location = maildir:/Volumes/XsanVolume/Mail/Condivise/Interno:CONTROL=/Volumes/XsanVolume/Mail/Condivise/Indexes/%u/shared_Interno:INDEX=/Volumes/XsanVolume/Mail/Condivise/Indexes/%u/shared_Interno prefix = Interno/ separator = / subscriptions = no type = public } passdb { args = /etc/dovecot/submit.passdb driver = passwd-file pass = yes submit = yes } passdb { driver = od } plugin { acl = vfile fts = sk quota = maildir:User quota quota_warning = storage=100%% quota-exceeded %u quota_warning2 = storage=80%% quota-warning %u sieve = /Library/Server/Mail/Data/rules/%u/dovecot.sieve sieve_dir = /Library/Server/Mail/Data/rules/%u } postmaster_address = postmaster@xserve04.customer.com protocols = imap pop3 lmtp sieve quota_full_tempfail = yes service auth { extra_groups = _keytabusers idle_kill = 15 mins } service dns_client { unix_listener dns-client { mode = 0600 } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } service_count = 0 } service imap-postlogin { executable = script-login -d /etc/dovecot/acl_groups.sh unix_listener imap-postlogin { group = mail mode = 0600 user = _dovecot } user = _dovecot } service imap { client_limit = 5 executable = imap imap-postlogin process_limit = 200 service_count = 0 } service lmtp { unix_listener lmtp { mode = 0600 } } service managesieve-login { inet_listener sieve { port = 4190 } inet_listener sieve_deprecated { port = 2000 } } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } } service pop3 { client_limit = 5 process_limit = 200 service_count = 0 } service quota-exceeded { executable = script /usr/libexec/dovecot/quota-exceeded.sh unix_listener quota-exceeded { group = mail mode = 0660 user = _dovecot } user = _dovecot } service quota-warning { executable = script /usr/libexec/dovecot/quota-warning.sh unix_listener quota-warning { group = mail mode = 0660 user = _dovecot } user = _dovecot } ssl_ca =
-- Piero Zucchi
Apple Certified Trainer
Apple Certified Specialist Professional 10.8
Apple Certified Technical Coordinator 10.7
Apple Certified System Administrator 10.6 Apple Certified Technical Coordinator 10.6 Apple Certified Specialist - Mac Os X Directory Services 10.6 Apple Certified Specialist - Mobility and Security 10.6
Apple Certified System Administrator 10.5 Apple Certified Technical Coordinator 10.5 Apple Certified Support Professional 10.5
Apple Certified Pro - Final Cut Pro 7, Level 1
-- Piero Zucchi
Apple Certified Trainer
Apple Certified Specialist Professional 10.8
Apple Certified Technical Coordinator 10.7
Apple Certified System Administrator 10.6 Apple Certified Technical Coordinator 10.6 Apple Certified Specialist - Mac Os X Directory Services 10.6 Apple Certified Specialist - Mobility and Security 10.6
Apple Certified System Administrator 10.5 Apple Certified Technical Coordinator 10.5 Apple Certified Support Professional 10.5
Apple Certified Pro - Final Cut Pro 7, Level 1
participants (4)
-
Emanuele Pucciarelli
-
Piero Zucchi
-
Robert Schetterer
-
Steffen Kaiser