Re: [Dovecot] ACL Groups
Ok - so where are acl_groups, and their access, defined? -- Daniel The permissions are set in the 'dovecot-acl' files: $ cat dovecot-acl anyone lr authenticated lrws group=PublicMailboxAdmins lrwsik You assign the groups to a particular user per UserDB Extra Fields: userdb_acl_groups=PublicMailboxAdmins Thomas PGP.sig Description: Signierter Teil der Nachricht
Re: [Dovecot] ACL Groups
On 6/17/2011 1:28 AM, Thomas Leuxner wrote: Ok - so where are acl_groups, and their access, defined? -- Daniel The permissions are set in the 'dovecot-acl' files: $ cat dovecot-acl anyone lr authenticated lrws group=PublicMailboxAdmins lrwsik You assign the groups to a particular user per UserDB Extra Fields: userdb_acl_groups=PublicMailboxAdmins So there is no defined list of valid groups - arbitrary names are simply listed in the acl_groups parameter, and are then used in the acl files. If they're in either one of the acl_groups or acl file(s), and not in the other, there's no error - they just don't do anything. Right? -- Daniel
Re: [Dovecot] ACL Groups
On 6/15/2011 10:42 PM, Willie Gillespie wrote: On 6/14/2011 2:18 PM, Daniel L. Miller wrote: From the wiki: ACL groups support works by returning a comma-separated acl_groups extra field http://wiki2.dovecot.org/UserDatabase/ExtraFields from userdb, which contains all the groups the user belongs to. User's UNIX groups have no effect on ACLs (you can enable them by using a special post-login script http://wiki2.dovecot.org/PostLoginScripting). I've read that over several times - I still don't understand that. Are ACL Groups defined and managed by Dovecot - and described somewhere else in the docs - or are they UNIX groups that previously had no affect on mail access but by being listed in the acl_groups field they now have relevance? That is a bit confusing. What it is trying to say: For one, you have acl_groups. For two, you have UNIX groups. They are not related at all. If you want them to be related, you can use a special post-login script. Ok - so where are acl_groups, and their access, defined? -- Daniel
Re: [Dovecot] ACL Groups
On 6/14/2011 2:18 PM, Daniel L. Miller wrote: From the wiki: ACL groups support works by returning a comma-separated acl_groups extra field http://wiki2.dovecot.org/UserDatabase/ExtraFields from userdb, which contains all the groups the user belongs to. User's UNIX groups have no effect on ACLs (you can enable them by using a special post-login script http://wiki2.dovecot.org/PostLoginScripting). I've read that over several times - I still don't understand that. Are ACL Groups defined and managed by Dovecot - and described somewhere else in the docs - or are they UNIX groups that previously had no affect on mail access but by being listed in the acl_groups field they now have relevance? That is a bit confusing. What it is trying to say: For one, you have acl_groups. For two, you have UNIX groups. They are not related at all. If you want them to be related, you can use a special post-login script.
[Dovecot] ACL Groups
From the wiki: ACL groups support works by returning a comma-separated acl_groups extra field http://wiki2.dovecot.org/UserDatabase/ExtraFields from userdb, which contains all the groups the user belongs to. User's UNIX groups have no effect on ACLs (you can enable them by using a special post-login script http://wiki2.dovecot.org/PostLoginScripting). I've read that over several times - I still don't understand that. Are ACL Groups defined and managed by Dovecot - and described somewhere else in the docs - or are they UNIX groups that previously had no affect on mail access but by being listed in the acl_groups field they now have relevance? -- Daniel
Re: [Dovecot] Acl Groups
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 25 Nov 2009, Δημήτριος Καραπιπέρης wrote: //return a comma-separated acl_groups field. What does this mean, sorry I cannot usnderstand it. Is there somewhere some bits of configuration lines, so that it will be more clear. Let your userdb return a field named acl_groups with a string value of: group1,group2,group3 I guess, the group names themselves should be all 7bit alphanumeric. How you do this, depends very much from your setup of userdb etc. The examples are on: http://wiki.dovecot.org/UserDatabase/ExtraFields Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBSw5ilHWSIuGy1ktrAQLYAggAwbm+dfFxsPheSnVdsgx71QehrcLclBnz VlUgd555erfMsLt8iwVeFBiFFHqIXfi10QvweKx/N5BI7JQaecMq5ujfh9nUAjkB RCkxK4KX86VmnR62jXTitL60/LNlEYFGNSrxlC+b5egeqQsgUwqrTJVsB7kpwBjv VOGoXUp4gJ8lFemnCfxM090Oyl+h1aysnK/7KRICKal1yfkJGDp+aonblPLps7dk WnPFh1yxTealmkP07to+/c5yzFnP7YcGzfu4x/kfKswFatkYzKpzUOP+sy8vFqId BrdjwogtRH+BsQmu/HD3qD3nBL+769B1BwuVd4lk3lU2s8Qtpj8PFw== =WpOo -END PGP SIGNATURE-
Re: [Dovecot] Acl Groups
O/H Steffen Kaiser έγραψε: //return a comma-separated acl_groups field. What does this mean, sorry I cannot usnderstand it. Is there somewhere some bits of configuration lines, so that it will be more clear. Let your userdb return a field named acl_groups with a string value of: group1,group2,group3 I guess, the group names themselves should be all 7bit alphanumeric. How you do this, depends very much from your setup of userdb etc. The examples are on: http://wiki.dovecot.org/UserDatabase/ExtraFields Regards, Thanks for the reply. I am wondering how this is possible with Active Directory. thanks in advance Dimitrios
Re: [Dovecot] Acl Groups
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 26 Nov 2009, Dimitrios Karapiperis wrote: I am wondering how this is possible with Active Directory. Oh: 1) Extend your AD schema :-) 2) use an attribute that is not used otherwise Usually an orgPerson has attributes like street, homePostalAddress, description, or something like that. I do not use AD, so I don't know nothing about its working schema. Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBSw6vc3WSIuGy1ktrAQIuuwgAkKVQtBY/lra0Wq3bbormT7e678J3JWwx G+qA61cQR6NtsOXqujYHexX+AK5xed51mUdMk8NOQG6wAgh2ZtY4Tq7CocDaD04u QbgktxEVHKk3ouMYT33RWQgag3Nr0Fji5nVQFEw5zaxkn0fRUOYExxbzVgMcdWIj ZW1QvLYusIZDcR0aoUq+kmyc+HOBAwTUtE+eIaBdbhOw72AYvCrFIHbcrIg3vtjL VKE0mbvTxWBUjv/IXC+RSMs9WgKxPQUkNWR2DTFm/j95h9Xelp/Q9L7U3l54bHCt YWnaVwJulfrs++gle6cqawH1RpiYqnyKAzg25ou5xBzk7J8Y4qSQEQ== =IS1q -END PGP SIGNATURE-
Re: [Dovecot] Acl Groups
On Wed, 2009-11-25 at 09:36 +0200, Dimitrios Karapiperis wrote: I have a corpus of virtual users ( us...@domain.tld , us...@domain.tld, us...@domain.tld,..., us...@domain.tld ... ) authenticated against Active Directory. Is it possible to group some users (virtual) and give appropriate ACLs on a shared imap public folder using an ACL vfile? Yes, with v1.1+. You'll need to have your userdb lookup (or some other way, e.g. with post-login scripting) return a comma-separated acl_groups field. http://wiki.dovecot.org/ACL signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Acl Groups
O/H Timo Sirainen έγραψε: On Wed, 2009-11-25 at 09:36 +0200, Dimitrios Karapiperis wrote: I have a corpus of virtual users ( us...@domain.tld , us...@domain.tld, us...@domain.tld,..., us...@domain.tld ... ) authenticated against Active Directory. Is it possible to group some users (virtual) and give appropriate ACLs on a shared imap public folder using an ACL vfile? Yes, with v1.1+. You'll need to have your userdb lookup (or some other way, e.g. with post-login scripting) return a comma-separated acl_groups field. http://wiki.dovecot.org/ACL Thanks for the reply. //return a comma-separated acl_groups field. What does this mean, sorry I cannot usnderstand it. Is there somewhere some bits of configuration lines, so that it will be more clear. Thanks Dimitrios
[Dovecot] Acl Groups
Hi all! I have a corpus of virtual users ( us...@domain.tld , us...@domain.tld, us...@domain.tld,..., us...@domain.tld ... ) authenticated against Active Directory. Is it possible to group some users (virtual) and give appropriate ACLs on a shared imap public folder using an ACL vfile? thanks in advance Dimitrios
