acl_groups from LDAP issue

Jakobus Schürz wertstoffe at nurfuerspam.de
Mon Feb 4 14:39:58 EET 2019


Hi!

I have some trouble with userdb, ldap an extrafields for acl_groups.

There is a script in python, which fetches the groups and sets the
environment-variable ACL_GROUPS to this groups.
It works when i log in to imap (thunderbird for example shows my  public
folders which are protected by acl_groups).

But when it try

doveadm mailbox list -u user.name

the mailboxes are not listed and with -Dv i get "permission denied, no
lookup rights".

in my dovecot-ldap-userdb.conf.ext is

hosts = ldap.server.example
dn = cn=service_id,ou=mailserver,ou=system,ou=services,dc=server,dc=example
dnpass = protectedpassword12345
tls = yes
tls_ca_cert_file = /etc/ssl/certs/ca-certificates.crt
tls_require_cert = demand
ldap_version = 3
base = ou=users,dc=server,dc=example
deref = always
scope = subtree
user_attrs =
=home={ldap:dcMailMessageStore},system_groups_user=%u,allow_all_users=yes,=acl_groups=%{env:ACL_GROUPS}
user_filter =
(&(objectClass=posixAccount)(uid=%u)(!(sn=NoLogin))(|(memberof=cn=perm-app-mymail_admins,ou=mymail,ou=apps,ou=services,dc=schuerz,dc=at)(memberof=cn=perm-app-mymail_users,ou=mymail,ou=apps,ou=services,dc=schuerz,dc=at)))


when i change acl_groups=%{env:ACL_GROUPS} to acl_gropus=mygroup, the
doveadm mailbox list command shows my public mailbox


So how do i get my acl_groups from the postlogin-script output into
userdb-query?

Even, when i do on the shell

ACL_GROUPS=mygroup doveadm mailbox list -u user.name

the ACL_GROUPS Environment is ignored by the doveadm-command...


thank you


jakob



More information about the dovecot mailing list