acl_groups from LDAP issue

Jakobus Schürz wertstoffe at nurfuerspam.de
Mon Feb 4 16:30:19 EET 2019 

Hi Aki!

The command didn't work. The protected mailbox is not shown.

It's not the big problem, when doveadm does not show the public mailbox.
The problem is, i have a sieve-filter, which puts some emails to this
mailboxes... and the sieve-filter does not work too... the same problem
"permission denied" in case of not knowing the acl_groups from ldap... 
The sievefilter is a global-filter not a users sievefilter...

how can i handle global mail-filtering for all users into one public
mailbox?

lg jakob

Am 04.02.19 um 13:44 schrieb Aki Tuomi:
> Well, you don't have postlogin scripts when running doveadm. Those are executed by *-login and usually execute the actual protocol handler.
>
> Try 
>
> env ACL_GROUPS=whatever doveadm mailbox list -u test.user
>
> Aki
>
>> On 04 February 2019 at 14:39 Jakobus Schürz <wertstoffe at nurfuerspam.de> wrote:
>>
>>
>> Hi!
>>
>> I have some trouble with userdb, ldap an extrafields for acl_groups.
>>
>> There is a script in python, which fetches the groups and sets the
>> environment-variable ACL_GROUPS to this groups.
>> It works when i log in to imap (thunderbird for example shows my  public
>> folders which are protected by acl_groups).
>>
>> But when it try
>>
>> doveadm mailbox list -u user.name
>>
>> the mailboxes are not listed and with -Dv i get "permission denied, no
>> lookup rights".
>>
>> in my dovecot-ldap-userdb.conf.ext is
>>
>> hosts = ldap.server.example
>> dn = cn=service_id,ou=mailserver,ou=system,ou=services,dc=server,dc=example
>> dnpass = protectedpassword12345
>> tls = yes
>> tls_ca_cert_file = /etc/ssl/certs/ca-certificates.crt
>> tls_require_cert = demand
>> ldap_version = 3
>> base = ou=users,dc=server,dc=example
>> deref = always
>> scope = subtree
>> user_attrs =
>> =home={ldap:dcMailMessageStore},system_groups_user=%u,allow_all_users=yes,=acl_groups=%{env:ACL_GROUPS}
>> user_filter =
>> (&(objectClass=posixAccount)(uid=%u)(!(sn=NoLogin))(|(memberof=cn=perm-app-mymail_admins,ou=mymail,ou=apps,ou=services,dc=schuerz,dc=at)(memberof=cn=perm-app-mymail_users,ou=mymail,ou=apps,ou=services,dc=schuerz,dc=at)))
>>
>>
>> when i change acl_groups=%{env:ACL_GROUPS} to acl_gropus=mygroup, the
>> doveadm mailbox list command shows my public mailbox
>>
>>
>> So how do i get my acl_groups from the postlogin-script output into
>> userdb-query?
>>
>> Even, when i do on the shell
>>
>> ACL_GROUPS=mygroup doveadm mailbox list -u user.name
>>
>> the ACL_GROUPS Environment is ignored by the doveadm-command...
>>
>>
>> thank you
>>
>>
>> jakob
>>

More information about the dovecot mailing list