limit sharing ability to certain users

Simeon Ott simeon.ott at onnet.ch
Tue Aug 7 14:00:19 EEST 2018


still the same… 

root at buserver:/etc/dovecot# doveadm user test2 at onnet.ch
field	valueuserdb lookup: user test2 at onnet.ch doesn't exist

relevant config output from doveconf -n
userdb {
  args = /etc/dovecot/dovecot-ldap.conf
  driver = ldap
  result_success = continue-ok
}
userdb {
  args = username_format=%Lu /etc/dovecot/share.passwd
  driver = passwd-file
  result_failure = continue-ok
  skip = notfound
}

but, did you read my last note anyway?
IMPORTANT NOTE: anyway.. even with this options set (acl and acl_globals_only) the user test at onnet.ch <mailto:test at onnet.ch> is still able to share its own folders?!

root at buserver:/etc/dovecot# doveadm user test at onnet.ch
field	value
uid	5000
gid	5000
home	/var/spool/postfix/virtual/onnet.ch/test/
mail	maildir:~/Maildir
quota_rule	*:bytes=1073741824
acl	vfile:/etc/dovecot/dovecot-acl
acl_globals_only	yes

root at buserver:/etc/dovecot# telnet localhost 143
Trying ::1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
. login test at onnet.ch *********
. OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS SPECIAL-USE BINARY MOVE QUOTA ACL RIGHTS=texk] Logged in
. SETACL Inbox test2 at onnet.ch lrwstipekxa
. OK Setacl complete.
. GETACL Inbox
* ACL Inbox test2 at onnet.ch akxeilprwtscd test at onnet.ch lrwstipekxacd
. OK Getacl completed.

Cheers

> On 7 Aug 2018, at 12:05, Aki Tuomi <aki.tuomi at dovecot.fi> wrote:
> 
> Hmm. if you put it *after* the ldap userdb, it should not have prevented users from logging in.
> 
> What happens if you do 
> userdb {
>   driver = passwd-file
>   args = ....
>   skip = notfound
>   result_failure = continue-ok
> }
> 
> Aki
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20180807/454617d2/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3696 bytes
Desc: not available
URL: <https://dovecot.org/pipermail/dovecot/attachments/20180807/454617d2/attachment.p7s>


More information about the dovecot mailing list