[Dovecot] My "%%" variables in the namespace settings do not appear to be expanding.
Hello,
I've been using the dovecot 1.2.x branch server software for a
while now. With the advent of the 2.0.x branch going 'stable' I
decided to attempt a migration and make use of some of the features
that I've not needed before. One of these is the shared
folder/namespace feature. No luck. I've hit a wall and can not
determine the problem. At the moment it looks like a bug to me,
but it may well be that I'm missing some related configuration, or
file permission.
I can not get the %% variable expansion in a namespace to work.
What I end up with, on an IMAP connection is a directory named, for
instance, '%h'. The same goes for any of the %% variables used at
this point. My current set-up is 'not' the same as the current
setup and I'm using virtual users that are not 'live' on the
current system.
I would really appreciate it if someone could cast an eye over my
config and let me know if I've missed something obvious.
Thanks.
Kenneth Cope
kenneth@CopeOnThe.net
I'm using a dovecot compiled with the following options:
./configure --prefix=/usr/local/dovecot-2.0.1 \
--enable-dependency-tracking INSTALL_DATA="install -c -p -m644" \
--docdir=/usr/local/dovecot-2.0.1/docs/ --disable-static \
--disable-rpath --with-nss --with-zlib --with-bzlib --with-libcap \
--with-ssl=openssl --with-ssldir=/usr/local/dovecot-2.0.1/etc/ssl \
--with-docs \
The 'test' configuration is as follows:
# > /usr/local/dovecot-2.0.1/bin/doveconf -n # 2.0.1: /usr/local/dovecot-2.0.1/etc/dovecot/dovecot.conf # OS: Linux 2.6.9-89.0.26.ELsmp i686 Red Hat Enterprise Linux ES release 4 (Nahant Update 8) auth_debug = yes auth_debug_passwords = yes auth_mechanisms = plain login cram-md5 digest-md5 apop auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_ @& auth_username_format = %Lu auth_verbose = yes default_client_limit = 10000 default_internal_user = mail default_login_user = dovecot disable_plaintext_auth = no first_valid_gid = 12 first_valid_uid = 8 last_valid_gid = 12 last_valid_uid = 8 log_path = /usr/local/dovecot-2.0.1/dovecot.log login_log_format_elements = [%p:%e] %Us(%u) method=%m rip=%r:%b lip=%l:%a %c %k mail_debug = yes mail_location = maildir:%h/ mail_log_prefix = [%p] %Us(%u): mail_max_keyword_length = 30 mail_plugins = quota imap_quota zlib acl mailbox_idle_check_interval = 120 s namespace { inbox = yes location = prefix = separator = . type = private } namespace { hidden = yes inbox = no list = no location = prefix = INBOX separator = . type = private } namespace { list = children location = maildir:%%h:LAYOUT=maildir++:INDEX=~/shared.%Dn_%Dd prefix = shared/%n@%d. separator = . subscriptions = no type = shared } namespace { location = prefix = } passdb { args = scheme=CRYPT username_format=%u /usr/local/dovecot-2.0.1/auth/passwd.dovecot driver = passwd-file } plugin { acl = vfile:/usr/local/dovecot-2.0.1/etc/dovecot/global-acls:cache_secs=300 acl_shared_dict = file:/usr/local/dovecot-2.0.1/var/lib/dovecot/shared-mailboxes mail_log_events = all mail_log_fields = uid, box, msgid, from, subject, size, vsize, flags mail_log_group_events = yes quota = maildir:User quota quota_rule = ?:storage=400M quota_rule2 = Trash:storage=+10% zlib_save = gz zlib_save_level = 9 } service auth-worker { user = $default_internal_user } service auth { unix_listener auth-userdb { group = dovecot mode = 0664 user = mail } user = $default_internal_user } service imap-login { inet_listener imap { port = 9143 } inet_listener imaps { port = 9993 ssl = yes } process_min_avail = 10 service_count = 1 } service imap { process_limit = 1024 vsz_limit = 268435456 } service lmtp { unix_listener lmtp { mode = 0666 } } service pop3-login { inet_listener pop3 { port = 9110 } inet_listener pop3s { port = 9995 ssl = yes } } service pop3 { process_limit = 1024 } ssl_cert = </etc/ssl/mail.cert ssl_key = </etc/ssl/mail.cert userdb { args = username_format=%u /usr/local/dovecot-2.0.1/auth/passwd.dovecot driver = passwd-file } verbose_ssl = yes protocol imap { imap_client_workarounds = delay-newmail imap_id_log = * imap_idle_notify_interval = 120 s imap_logout_format = bytes=%i/%o imap_max_line_length = 65536 mail_max_userip_connections = 40 mail_plugins = $mail_plugins imap_quota zlib imap_zlib imap_acl } protocol pop3 { mail_max_userip_connections = 40 mail_plugins = $mail_plugins zlib pop3_client_workarounds = outlook-no-nuls oe-ns-eoh pop3_enable_last = no pop3_lock_session = no pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s bytes=%i/%o pop3_reuse_xuidl = yes pop3_save_uidl = yes pop3_uidl_format = %Mf }
The contents of .../var/run/dovecot
# > ls -lA total 12 srw------- 1 root root 0 Aug 31 11:25 anvil srw------- 1 root root 0 Aug 31 11:25 anvil-auth-penalty srw------- 1 root root 0 Aug 31 11:25 auth-client srw------- 1 mail root 0 Aug 31 11:25 auth-login srw------- 1 root root 0 Aug 31 11:25 auth-master srw-rw-r-- 1 mail dovecot 0 Aug 31 11:25 auth-userdb srw------- 1 mail root 0 Aug 31 11:25 auth-worker srw------- 1 root root 0 Aug 31 11:25 config srw------- 1 root root 0 Aug 31 11:25 dict srw------- 1 root root 0 Aug 31 11:25 director-admin srw------- 1 root root 0 Aug 31 11:25 director-userdb srw-rw-rw- 1 root root 0 Aug 31 11:25 dns-client srw------- 1 root root 0 Aug 31 11:25 doveadm-server lrwxrwxrwx 1 root root 49 Aug 31 11:25 dovecot.conf -> /usr/local/dovecot-2.0.1/etc/dovecot/dovecot.conf drwxr-xr-x 2 root root 4096 Aug 31 11:25 empty srw-rw-rw- 1 root root 0 Aug 31
11:25 lmtp drwxr-x--- 2 root dovecot 4096 Aug 31 11:25 login -rw------- 1 root root 6 Aug 31 11:25 master.pid
On Tue, 2010-08-31 at 11:33 +0100, Kenneth Cope wrote:
I can not get the %% variable expansion in a namespace to work. What I end up with, on an IMAP connection is a directory named, for instance, '%h'. The same goes for any of the %% variables used at this point. My current set-up is 'not' the same as the current setup and I'm using virtual users that are not 'live' on the current system.
Set mail_debug=yes. What does it log when 1) logging in and 2) when it creates the %% directory (or is that also on login)?
namespace { list = children location = maildir:%%h:LAYOUT=maildir++:INDEX=~/shared.%Dn_%Dd prefix = shared/%n@%d.
prefix = shared.%u.
Although this won't work well because your username most likely has '.' characters. The only good solution would be to change all separators to '/', but that can then cause problems with existing clients that use your system (possibly requiring some kind of client cache refresh / account recreation).
Hi Timo,
Thank you for the response.
I've attached the output for the login connections. The SSL lines
have been stripped as that is not properly set up yet.
This log is with the change suggested (prefix = shared.%u.),
although I can't tell any different in the log entries not in the
results.
Just to clarify, the directory that gets created is named "%h".
Kenneth
On Wed, 01 Sep 2010 18:24:24 +0100 Timo Sirainen <tss@iki.fi> wrote:
On Tue, 2010-08-31 at 11:33 +0100, Kenneth Cope wrote:
I can not get the %% variable expansion in a namespace to work. What I end up with, on an IMAP connection is a directory named,
for instance, '%h'. The same goes for any of the %% variables used at this point. My current set-up is 'not' the same as the current setup and I'm using virtual users that are not 'live' on the current system.
Set mail_debug=yes. What does it log when 1) logging in and 2) when it creates the %% directory (or is that also on login)?
namespace { list = children location = maildir:%%h:LAYOUT=maildir++:INDEX=~/shared.%Dn_%Dd prefix = shared/%n@%d.
prefix = shared.%u.
Although this won't work well because your username most likely has '.' characters. The only good solution would be to change all separators to '/', but that can then cause problems with existing clients that use your system (possibly requiring some kind of client cache refresh / account recreation).
On Tue, 2010-08-31 at 11:33 +0100, Kenneth Cope wrote:
namespace { inbox = yes location = prefix = separator = . type = private }
This is ok.
namespace { hidden = yes inbox = no list = no location = prefix = INBOX separator = . type = private }
This doesn't much make sense and I doubt Dovecot actually uses it for anything. Just remove it.
namespace { list = children location = maildir:%%h:LAYOUT=maildir++:INDEX=~/shared.%Dn_%Dd prefix = shared/%n@%d.
I forgot, prefix here should contain %%u, not %u, because %u gets expanded to your own username while you want it to be expanding to other users' username.. I'll add a check against this.
On Thu, 02 Sep 2010 15:44:18 +0100 Timo Sirainen <tss@iki.fi> wrote:
On Tue, 2010-08-31 at 11:33 +0100, Kenneth Cope wrote:
namespace { inbox = yes location = prefix = separator = . type = private }
This is ok.
namespace { hidden = yes inbox = no list = no location = prefix = INBOX separator = . type = private }
This doesn't much make sense and I doubt Dovecot actually uses it for anything. Just remove it.
namespace { list = children location = maildir:%%h:LAYOUT=maildir++:INDEX=~/shared.%Dn_%Dd prefix = shared/%n@%d.
I forgot, prefix here should contain %%u, not %u, because %u gets expanded to your own username while you want it to be expanding to other users' username.. I'll add a check against this.
Unfortunately, I can't use %%u variable as is. The usernames
contain the dot character. That's essentially why I was using the
%Dn_%Dd construct. I can't find a way of doing this type os
escaping/modifying for the %% variables.
%%Dn, for example, gives:
Sep 02 16:26:01 auth: Debug: passwd-file(@23foxgrove.co.uk): lookup: user=@23foxgrove.co.uk file=/usr/local/dovecot-2.0.1/auth/passwd.dovecot
%D%n, does not work, understandably, and caused a LOT of error
messages and stops the server being usable.
I was originally hoping for a modifier for the dot character in
variables, in the same way that the quote characters can be escaped
with the %E prefix modifier.
I'm pretty sure that I can't change the separator to a '/' as there
is a large installed user base and we'd prefer this to be as
transparent as possible.
All this help is appreciated.
Kenneth Cope.
-- Kenneth Cope kenneth@CopeOnThe.net ****************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not the intended recipient you are not authorised to and must not disclose, copy, distribute, or retain this message or any part of it. CopeOnThe.net accepts no responsibility for information, errors or omissions in this email. *******************************************************************
On Thu, 2010-09-02 at 16:34 +0100, dovecot@copeonthe.net wrote:
%D%n, does not work, understandably, and caused a LOT of error messages and stops the server being usable.
Use %%Dn and %%Dd
I was originally hoping for a modifier for the dot character in variables, in the same way that the quote characters can be
escaped with the %E prefix modifier.
Hmmh.
On Thu, 2010-09-02 at 16:34 +0100, dovecot@copeonthe.net wrote:
%%Dn, for example, gives:
Sep 02 16:26:01 auth: Debug: passwd-file(@23foxgrove.co.uk): lookup: user=@23foxgrove.co.uk file=/usr/local/dovecot-2.0.1/auth/passwd.dovecot
Oops, you mentioned %%Dn. Yeah .. looks like there are some problems using modifiers there. Should be possible to get that fixed..
On Thu, 2010-09-02 at 16:44 +0100, Timo Sirainen wrote:
On Thu, 2010-09-02 at 16:34 +0100, dovecot@copeonthe.net wrote:
%%Dn, for example, gives:
Sep 02 16:26:01 auth: Debug: passwd-file(@23foxgrove.co.uk): lookup: user=@23foxgrove.co.uk file=/usr/local/dovecot-2.0.1/auth/passwd.dovecot
Oops, you mentioned %%Dn. Yeah .. looks like there are some problems using modifiers there. Should be possible to get that fixed..
Now I remember. It of course needs to be able to reverse the %%Dn_%%Dd when parsing it back to user@domain, and no such code exists (and I'm not all that interested in adding such code).
Maybe one potential way to solve this would be to create user aliases that don't have any dots in the usernames and do the sharing via those names.
On Thu, 02 Sep 2010 16:52:09 +0100 Timo Sirainen <tss@iki.fi> wrote:
On Thu, 2010-09-02 at 16:44 +0100, Timo Sirainen wrote:
On Thu, 2010-09-02 at 16:34 +0100, dovecot@copeonthe.net wrote:
%%Dn, for example, gives:
Sep 02 16:26:01 auth: Debug: passwd-file(@23foxgrove.co.uk): lookup: user=@23foxgrove.co.uk file=/usr/local/dovecot-2.0.1/auth/passwd.dovecot
Oops, you mentioned %%Dn. Yeah .. looks like there are some problems using modifiers there. Should be possible to get that fixed..
Now I remember. It of course needs to be able to reverse the %%Dn_%%Dd when parsing it back to user@domain, and no such code exists (and I'm not all that interested in adding such code).
Fair enough, I don't blame you.
Maybe one potential way to solve this would be to create user aliases that don't have any dots in the usernames and do the sharing via those names.
It may be that I'm leading this down a track because I've already tried to sort this out and gone about it the wrong way.
Essentially I have users with a dot in the name, with a namespace separator that is set to be a dot character also, and I'd like a configuration that lets them have shared folders via IMAP ACLs. Is there a configuration that will allow this with the current dovecot?
Kenneth
-- Kenneth Cope kenneth@CopeOnThe.net ****************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not the intended recipient you are not authorised to and must not disclose, copy, distribute, or retain this message or any part of it. CopeOnThe.net accepts no responsibility for information, errors or omissions in this email. *******************************************************************
On Thu, 2010-09-02 at 17:00 +0100, dovecot@copeonthe.net wrote:
Essentially I have users with a dot in the name, with a namespace separator that is set to be a dot character also, and I'd like a configuration that lets them have shared folders via IMAP ACLs. Is there a configuration that will allow this with the current dovecot?
No. That would require changing the dots to something else and back in several places in the code. Maybe this could be done automatically some day..
On Thu, 02 Sep 2010 17:10:23 +0100 Timo Sirainen <tss@iki.fi> wrote:
On Thu, 2010-09-02 at 17:00 +0100, dovecot@copeonthe.net wrote:
Essentially I have users with a dot in the name, with a namespace separator that is set to be a dot character also, and I'd like a configuration that lets them have shared folders via IMAP ACLs. Is there a configuration that will allow this with the current dovecot?
No. That would require changing the dots to something else and back in several places in the code. Maybe this could be done automatically some day..
Okay.
Thank you very much for all your help.
Kenneth
participants (3)
-
dovecot@copeonthe.net
-
Kenneth Cope
-
Timo Sirainen