[Dovecot] Sharing all mailboxes and userdb LDAP attrs
Felipe Scarel
fbscarel at gmail.com
Fri Aug 19 19:14:35 EEST 2011
Hello all,
I'm setting up a Dovecot environment here, version 1.2.15 on Debian 6.0.2
"squeeze". This is actually a complete revamp of the previous setup we have
in-place here, built from the ground up with updated versions of all
involved software.
The operators have told me that they use some scripts hacked up by a
previous sysadmin to give a single "admin" account full access to all user
mail. That is, if any user runs into problems, they: 1. Call in; 2. The
operator logs in as the admin user; 3. Operator performs maintenance duties
on user email.
I've been researching the possibility of using Dovecot shared namespaces to
perform that very same task in a better fashion in this new server. So far,
I've been able to globally share users' INBOXes and view them from a single
admin account (through user= entries on global acl's). My ultimate goal,
however, is to have access to all user mailboxes with any user that's a
member of a particular group, adding all operators to that group as needed.
- - - - -
First question, then, is this one: how can I give global access to all user
mailboxes? I've read that it's possible to give access to all subfolders of
a particular folder throught the use of a .DEFAUL acl. That didn't seem to
work with the uppermost directory, however. Here's what I tried:
root at mail:/etc/dovecot# dovecot -a | grep acl:
acl: vfile:/etc/dovecot/acl:cache_secs=300
root at mail:/etc/dovecot# cat acl/.DEFAULT
owner lrwstipekxa
user=admin lrwstipekxa
Renaming .DEFAULT to INBOX does achieve the intended goal, but only for the
INBOX folder evidently.
- - - - -
Second question is somewhat simpler. So far I've been using a single admin
user, but I'd like to switch to using an admin group in the future. I've
read that the best way to do that would be to use the user_attrs entry in my
dovecot-ldap.conf file, while using a userdb ldap. The groups should be
strings separated by commas in the appropriate attribute, from what I
understand.
Is there any readily-available or recommended schema I can use to fill up
that attribute? I'm using the default ones (plus samba.schema) but I've seen
mostly space to fit GID's, not group names.
Thanks in advance,
fbscarel
PS: Here's my dovecot -a output, should it be needed.
- - - - -
root at mailaluno:~# dovecot -a
# 1.2.15: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.2
base_dir: /var/run/dovecot
log_path: /var/log/dovecot/error.log
info_log_path: /var/log/dovecot/info.log
log_timestamp: %Y-%m-%d %H:%M:%S
syslog_facility: mail
protocols: imap pop3 pop3s managesieve
listen(default): *
listen(imap): *
listen(pop3): *
listen(managesieve): localhost:2000
ssl_listen: 127.0.0.1
ssl: yes
ssl_ca_file:
ssl_cert_file: /etc/ssl/certs/dovecot.pem
ssl_key_file: /etc/ssl/private/dovecot.pem
ssl_key_password:
ssl_parameters_regenerate: 168
ssl_cipher_list:
ssl_cert_username_field: commonName
ssl_verify_client_cert: no
disable_plaintext_auth: no
verbose_ssl: yes
shutdown_clients: yes
nfs_check: yes
version_ignore: no
login_dir: /var/run/dovecot/login
login_executable(default): /usr/lib/dovecot/imap-login
login_executable(imap): /usr/lib/dovecot/imap-login
login_executable(pop3): /usr/lib/dovecot/pop3-login
login_executable(managesieve): /usr/lib/dovecot/managesieve-login
login_user: dovecot
login_greeting: Server ready.
login_log_format_elements: user=<%u> method=%m rip=%r lip=%l %c
login_log_format: %$: %s
login_process_per_connection: no
login_chroot: yes
login_trusted_networks:
login_process_size: 64
login_processes_count: 5
login_max_processes_count: 128
login_max_connections: 256
valid_chroot_dirs:
mail_chroot:
max_mail_processes: 512
mail_max_userip_connections: 10
verbose_proctitle: no
first_valid_uid: 108
last_valid_uid: 0
first_valid_gid: 112
last_valid_gid: 0
mail_access_groups:
mail_privileged_group: mail
mail_uid:
mail_gid:
mail_location:
mail_cache_fields:
mail_never_cache_fields: imap.envelope
mail_cache_min_mail_count: 0
mailbox_idle_check_interval: 30
mail_debug: yes
mail_full_filesystem_access: no
mail_max_keyword_length: 50
mail_save_crlf: no
mmap_disable: no
dotlock_use_excl: yes
fsync_disable: no
mail_nfs_storage: no
mail_nfs_index: no
mailbox_list_index_disable: yes
lock_method: fcntl
maildir_stat_dirs: no
maildir_copy_with_hardlinks: yes
maildir_copy_preserve_filename: no
maildir_very_dirty_syncs: no
mbox_read_locks: fcntl
mbox_write_locks: fcntl dotlock
mbox_lock_timeout: 300
mbox_dotlock_change_timeout: 120
mbox_min_index_size: 0
mbox_dirty_syncs: yes
mbox_very_dirty_syncs: no
mbox_lazy_writes: yes
dbox_rotate_size: 2048
dbox_rotate_min_size: 16
dbox_rotate_days: 1
mail_drop_priv_before_exec: no
mail_executable(default): /usr/lib/dovecot/imap
mail_executable(imap): /usr/lib/dovecot/imap
mail_executable(pop3): /usr/lib/dovecot/pop3
mail_executable(managesieve): /usr/lib/dovecot/managesieve
mail_process_size: 256
mail_plugins(default): quota imap_quota trash mail_log acl imap_acl
mail_plugins(imap): quota imap_quota trash mail_log acl imap_acl
mail_plugins(pop3): quota mail_log
mail_plugins(managesieve):
mail_plugin_dir(default): /usr/lib/dovecot/modules/imap
mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap
mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3
mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve
mail_log_prefix: %Us(%u):
mail_log_max_lines_per_sec: 0
imap_max_line_length: 65536
imap_capability:
imap_client_workarounds:
imap_logout_format: bytes=%i/%o
imap_id_send:
imap_id_log:
imap_idle_notify_interval: 120
pop3_no_flag_updates: no
pop3_enable_last: no
pop3_reuse_xuidl: no
pop3_save_uidl: no
pop3_lock_session: no
pop3_uidl_format: %08Xu%08Xv
pop3_client_workarounds:
pop3_logout_format: top=%t/%p, retr=%r/%b, del=%d/%m, size=%s
dict_db_config:
dict_process_count: 1
managesieve_max_line_length: 65536
managesieve_logout_format: bytes=%i/%o
managesieve_implementation_string: dovecot
namespace:
type: private
separator: /
prefix:
location: maildir:/vmail/%Ln/Maildir
alias_for:
inbox: yes
hidden: no
list: yes
subscriptions: yes
namespace:
type: shared
separator: /
prefix: shared/%%n/
location: maildir:/vmail/%%n/Maildir:INDEX=/vmail/%n/Maildir/shared/%%n
alias_for:
inbox: no
hidden: no
list: yes
subscriptions: no
lda:
postmaster_address: xxx at xxx
mail_plugins: quota sieve trash acl
auth default:
mechanisms: plain login
realms:
default_realm:
cache_size: 0
cache_ttl: 3600
cache_negative_ttl: 3600
executable: /usr/lib/dovecot/dovecot-auth
user: vmail
chroot:
username_chars:
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
username_translation:
username_format: %Lu
master_user_separator: *
anonymous_username: anonymous
krb5_keytab:
gssapi_hostname:
winbind_helper_path: /usr/bin/ntlm_auth
failure_delay: 2
verbose: no
debug: no
debug_passwords: no
ssl_require_client_cert: no
ssl_username_from_cert: no
use_winbind: no
count: 1
worker_max_count: 30
process_size: 256
passdb:
driver: passwd-file
args: /etc/dovecot/passwd.masterusers
deny: no
pass: no
master: yes
passdb:
driver: shadow
args:
deny: no
pass: no
master: no
passdb:
driver: ldap
args: /etc/dovecot/dovecot-ldap.conf
deny: no
pass: no
master: no
userdb:
driver: passwd
args:
userdb:
driver: static
args: uid=vmail gid=vmail home=/vmail/%Ln allow_all_users=yes
socket:
type: listen
master:
path: /var/run/dovecot/auth-master
mode: 384
user: vmail
group: vmail
plugin:
quota: maildir:User quota
quota_rule: *:storage=1G
quota_rule2: Trash:storage=100M
acl: vfile:/etc/dovecot/acl:cache_secs=300
acl_shared_dict: file:/vmail/shared_mboxes
trash: /etc/dovecot/dovecot-trash.conf
mail_log_events: delete mailbox_delete
mail_log_fields: uid box msgid size
sieve: ~/.dovecot.sieve
sieve_dir: ~/sieve
sieve_before: /vmail/default.sieve
More information about the dovecot
mailing list