acl_groups from LDAP issue

[Aki Tuomi]

Well, you don't have postlogin scripts when running doveadm. Those are executed by *-login and usually execute the actual protocol handler.

Try 

env ACL_GROUPS=whatever doveadm mailbox list -u test.user

Aki

> On 04 February 2019 at 14:39 Jakobus Schürz <wertstoffe at nurfuerspam.de> wrote:
> 
> 
> Hi!
> 
> I have some trouble with userdb, ldap an extrafields for acl_groups.
> 
> There is a script in python, which fetches the groups and sets the
> environment-variable ACL_GROUPS to this groups.
> It works when i log in to imap (thunderbird for example shows my  public
> folders which are protected by acl_groups).
> 
> But when it try
> 
> doveadm mailbox list -u user.name
> 
> the mailboxes are not listed and with -Dv i get "permission denied, no
> lookup rights".
> 
> in my dovecot-ldap-userdb.conf.ext is
> 
> hosts = ldap.server.example
> dn = cn=service_id,ou=mailserver,ou=system,ou=services,dc=server,dc=example
> dnpass = protectedpassword12345
> tls = yes
> tls_ca_cert_file = /etc/ssl/certs/ca-certificates.crt
> tls_require_cert = demand
> ldap_version = 3
> base = ou=users,dc=server,dc=example
> deref = always
> scope = subtree
> user_attrs =
> =home={ldap:dcMailMessageStore},system_groups_user=%u,allow_all_users=yes,=acl_groups=%{env:ACL_GROUPS}
> user_filter =
> (&(objectClass=posixAccount)(uid=%u)(!(sn=NoLogin))(|(memberof=cn=perm-app-mymail_admins,ou=mymail,ou=apps,ou=services,dc=schuerz,dc=at)(memberof=cn=perm-app-mymail_users,ou=mymail,ou=apps,ou=services,dc=schuerz,dc=at)))
> 
> 
> when i change acl_groups=%{env:ACL_GROUPS} to acl_gropus=mygroup, the
> doveadm mailbox list command shows my public mailbox
> 
> 
> So how do i get my acl_groups from the postlogin-script output into
> userdb-query?
> 
> Even, when i do on the shell
> 
> ACL_GROUPS=mygroup doveadm mailbox list -u user.name
> 
> the ACL_GROUPS Environment is ignored by the doveadm-command...
> 
> 
> thank you
> 
> 
> jakob
>