public folder subscriptions sync issue with ldap user/group in dovecot-acl

Mike Fröhner mikefroehner at gmx.de
Tue Dec 13 14:47:12 UTC 2016 

Hello people,

I am having an issue with 'doveadm sync'. I am currently trying to have 
two dovecots behind an haproxy (works fine). Therefore I configured 
these two dovecot server (imap-1/imap-2) to sync throught dsync. This 
works just partly. The sync of the maiboxes is fine, but the sync of the 
subscriptions file just works partly. It works for private folder 
subscription, but not completly for public folder subscription. I found 
two issues, if I am using LDAP (user/groups) in dovecot ACLs.

1. I would like to subscribe 2 public folder (public/test/test1 and 
public/test/test2).

My user (ldaptestuser) is an ldap user and this user is member of the 
ldap group (ldaptestgroup) which does have all dovecot-acl rights on 
these folders.

imap-1 # cat /opt/mail/_public/publictest/.test*/dovecot-acl
group=ldaptestgroup akxeilprwts
group=ldaptestgroup akxeilprwts

I am now connecting with my mail client to imap-1 (throught haproxy) and 
the subscription to this folder works. The file which is written looks like:

imap-1 # cat /opt/mail/ldaptestuser/Mails/subscriptions
Sent
publictest/test/test1
publictest/test/test2

Now I am awaiting the synch to imap-2, but the file which it written 
looks like:

imap-2 # cat /opt/mail/ldaptestuser/Mails/subscriptions
Sent

If I modify the dovecot-acl for .test1 to

imap-1 # cat /opt/mail/_public/publictest/.test1/dovecot-acl
group=ldaptestgroup akxeilprwts
user=ldaptestuser akxeilprwts

and execute the subscription again - the synced file looks like:

imap-2 # cat /opt/mail/ldaptestuser/Mails/subscriptions
Sent
publictest/test/test1

The subscription of public folder test2 will also been synced, if I add 
my ldaptestuser to the acl file for this folder.

2. Another issue is to unsubscribe a public folder. If I unsubscribe 
folder test1, it is written to subscriptions file on the imap where I am 
connected, but it is NOT synced even if my user and group are configured 
at the dovecot-acl file. If I then unsubscribe a not public folder (like 
Sent), the former unsubscribed folder test1 is (faulty) subscribed 
again. But both imap do have the same subscriptions for my ldaptestuser 
user.

I do have the behavior with dovecot-2.2.26 and dovecot-2.2.27 on 
CentOS-7 (selinux disabled).

If you need more information like the dovecot -n or some other stuff 
give me a short notice.

Mike;

More information about the dovecot mailing list