On 02/01/2016 06:59 PM, Chris wrote: > Dear All, > > is it possible to store ACLs in LDAP? > > Does anyone happen to have a script that syncs ACLs read from LDAP with > Dovecot? > > - Chris Hi Chris,
for Dovecot in the mail stack of the Univention Corporate Server (UCS, a Open Source Linux server distribution) a mechanism to do that is implemented. It is used to set ACLs of shared folders stored in LDAP on Dovecots shared folders. Management of shared folders is done through a web/cmdline interface that stores its data in LDAP. The ACLs are stored in attributes like this: DN: cn=fol...@test.dom,cn=folder,cn=mail,dc=test,dc=dom sharedFolderUserACL: te...@test.dom write sharedFolderUserACL: te...@test.dom read In https://forge.univention.org/websvn/filedetails.php?repname=dev&path=%2Fbranches%2Fucs-4.1%2Fucs-4.1-0%2Fmail%2Funivention-mail-dovecot%2Fmodules%2Funivention%2Fmail%2Fdovecot_shared_folder.py in doveadm_set_mailbox_acls() and imap_set_mailbox_acls() the attributes are read and used to set them on the folders. The solution is very specific to UCS (uses its LDAP notifier-listener mechanism and their LDAP schema), but maybe you can adapt it. Good luck Daniel
signature.asc
Description: OpenPGP digital signature