[Dovecot] Acl, Namespace, User Confusion
Timo Sirainen
tss at iki.fi
Wed Aug 16 16:57:22 EEST 2006
On Tue, 2006-08-15 at 00:12 -0400, Jim Horner wrote:
> and a dovecot-acl file
>
> owner
> user=jdoe at arinbe.com lrwstiekxa
> user=jsmith at arinbe.com lrwstiekxa
> user=jdoe rwstiekxa
> user=jsmith lrwstiekxa
>
> I am not exactly sure what username to use. All users are in LDAP.
Most likely jdoe at arinbe.com, assuming the username doesn't get changed
somewhere.
> The "cmpymail" group shows
>
> # getent group
> cmpymail:*:5555:jdoe,jsmith
This is the problem. Since your users come from LDAP, Dovecot never even
reads the /etc/group. There are a couple of ways to handle this:
1) Make LDAP return jdoe's and jsmith's default GID as cmpymail instead
of whatever they now return (users?).
2) Make LDAP return system_user. That makes Dovecot get the groups for
that user. So something like:
pass_attrs = uid=user,uid=system_user,userPassword=password
Although if your uid is in user at domain format, then you'll need to use
the user at domain format in /etc/group also. Or alternatively use some
other field from LDAP which has only the user.
Some day in future I might get rid of the system_user though and instead
make it possible to return multiple GIDs from LDAP (and SQL and others).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20060816/fd748f62/attachment.pgp
More information about the dovecot
mailing list