acl_group not working not working correctly
Leander Schäfer
info at netocean.de
Fri Sep 16 22:44:12 UTC 2016
Hi,
I'm trying to setup group based ACLs coming from OpenLDAP. My setup
doesn't require a POSIX Group match. In the Dovecot configuration file I
have this: "user_attrs = [...], mailAclGroups=acl_groups" as well as
"acl = vfile:/usr/local/etc/dovecot/global-acls:cache_secs=300". The
user has "public" in the LDAP attribute "mailAclGroups". It seems to get
everything right. I checked with doveadm - and I see public ist listed
as expected:
cat /var/log/debug.log
[...]
Sep 16 23:39:04 WM-01 dovecot: auth: Debug: client passdb out: OK
1 user=leander at mydomain.localdomain acl_groups=public
[...]
cat /usr/local/etc/dovecot/global-acls
INBOX owner lrwstipekxa
Drafts owner lrwstipeka
Sent owner lrwstipeka
Spam owner lrwstipeka
Trash owner lrwstipeka
Public authenticated l
Public group-override=public lrwstipekx
Public/* group-override=public lrwstipekx
doveadm mailbox list -u leander at mydomain.localdomain
Drafts
Sent
Trash
Spam
Shared
Public
Public/Service Center
Shared/test at mydomain.localdomain
Shared/test at mydomain.localdomain/Drafts
Shared/test at mydomain.localdomain/Sent
Shared/test at mydomain.localdomain/Trash
Shared/test at mydomain.localdomain/Spam
INBOX
But here comes the strange thing: telnet equal to Thunderbird:
. LIST "" "*"
* LIST (\HasNoChildren \Drafts) "/" Drafts
* LIST (\HasNoChildren \Sent) "/" Sent
* LIST (\HasNoChildren \Trash) "/" Trash
* LIST (\HasNoChildren \Junk) "/" Spam
* LIST (\Noselect \HasChildren) "/" Shared
* LIST (\HasChildren) "/" Shared/test at mydomain.localdomain
* LIST (\HasNoChildren) "/" Shared/test at mydomain.localdomain/Drafts
* LIST (\HasNoChildren) "/" Shared/test at mydomain.localdomain/Sent
* LIST (\HasNoChildren) "/" Shared/test at mydomain.localdomain/Trash
* LIST (\HasNoChildren) "/" Shared/test at mydomain.localdomain/Spam
* LIST (\HasNoChildren) "/" INBOX
. OK List completed (0.000 + 0.000 + 0.092 secs).
Public and Public/* shoul be listed as well, but it isn't. Any idea why
it is behaving like this?
Thanks
Best regards
Leander Schäfer
More information about the dovecot
mailing list