[Dovecot] Group ACL

Timo Sirainen tss at iki.fi
Sat Nov 5 18:44:06 EET 2011


On Thu, 2011-10-06 at 08:38 -0700, Daniel L. Miller wrote:
> Using Dovecot 2.0, LDAP userdb & passdb, with prefetch:
> 
> hosts = myhost.mydomain
> dn = cn=x,cn=y
> dnpass = xyz123
> auth_bind = yes
> auth_bind_userdn = uid=%n,ou=users,dc=x
> ldap_version = 3
> base = ou=Users, dc=x
> user_attrs = =home=/var/mail/%d/%n, \
>      =mail=mdbox:/var/mail/%d/%n/mdbox, \
>      =uid=vmail, \
>      =gid=mail

Would be good to put acl_groups here also so non-prefetch stuff has
access to it also.

> user_filter = (&(objectClass=inetOrgPerson)(mail=%u))
> 
> pass_attrs = mail=user, \
>      userPassword=password, \
>      =userdb_home=/var/mail/%d/%n, \
>      =userdb_mail=mdbox:/var/mail/%d/%n/mdbox, \
>      =userdb_uid=vmail, \
>      =userdb_gid=mail, \
>      =userdb_acl_groups='allshared'

I think the problem may simply be those '' characters in there. You're
now in "'allshared'" group rather than in "allshared" group.. If that
doesn't help:

> I have added permissions for "$allshared" to a mailbox's Inbox.  It does 
> not appear in the shared folders list.  Other mailboxes, with explicit 
> permission for a given username, work fine.  What am I doing wrong?

1. Make sure that acl_groups setting is enabled for that user by setting
mail_debug=yes and looking at the log:

imap: Debug: Added userdb setting: plugin/acl_groups=allshared

2. Check with: doveadm acl debug -u user <shared mailbox>





More information about the dovecot mailing list