ldap groups in acl
Hi, IMAPd 2.2.12 is connected with sasl ldapdb (ptloader) to an OpenLDAP (2.3.x) server. I can set acls with existing groups. I cannot set acls with non existing groups. So far: IMAPd is checking for groups in LDAP just right. localhost.ofd-h.de sam user.foo.Junk group:bar read localhost.ofd-h.de sam user.foo.Junk group:no-bar read setaclmailbox: group:no-bar: lrs: Invalid identifier localhost.ofd-h.de lam user.foo.Junk foo lrswipcda group:bar lrs But is does not work any further. Users don't see the folder in their folder list (with Thunderbird). The LDAP-Groups are objectClass: groupOfNames with the DNs in the member attributes. Users' username is in maildrop attribute. This is set in imapd.conf ldap_group_base: ou=gruppen,ou=humans,ou=foo ldap_group_filter: ou=%U ldap_member_attribute: member ldap_group_scope: sub ldap_member_method: attribute Should this work? Where to look at? Marc Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Best install path for Redhat Enterprise 5
I'm looking at the various guides I see from google and from that deposited by Redhat's RPM for cyrus-imapd. Nothing appears to be really current. Most guides refer to building cyrus from source. I usually avoid doing that as it is a hassle to maintain packages that way, but then again Redhat has not updated their build in the last 2 years so perhaps it doesn't matter. I have a problem starting cyrus from the Redhat package and the init script. I can start /usr/lib/cyrus-imapd/cyrus-master as root and it works OK. I can login as cyrus with imtest. If I run the cyrus-impad init, which works fine on another Redhat install, I get errors: Feb 3 16:20:34 navi master[13825]: process started Feb 3 16:20:34 navi master[13827]: about to exec /usr/lib/cyrus-imapd/ctl_cyrusdb Feb 3 16:20:34 navi ctl_cyrusdb[13827]: DBERROR db4: /cyrus/imap/db: Permission denied Feb 3 16:20:34 navi ctl_cyrusdb[13827]: DBERROR db4: /cyrus/imap/db/__db.001: Permission denied Feb 3 16:20:34 navi ctl_cyrusdb[13827]: DBERROR: dbenv-open '/cyrus/imap/db' failed: Permission denied Feb 3 16:20:34 navi ctl_cyrusdb[13827]: DBERROR: init() on berkeley Feb 3 16:20:34 navi ctl_cyrusdb[13827]: DBERROR: writing /cyrus/imap/db/skipstamp: Permission denied Feb 3 16:20:34 navi ctl_cyrusdb[13827]: DBERROR: init() on skiplist Feb 3 16:20:34 navi ctl_cyrusdb[13827]: recovering cyrus databases Feb 3 16:20:34 navi ctl_cyrusdb[13827]: IOERROR: opening /cyrus/imap/mailboxes.db: Permission denied Feb 3 16:20:34 navi ctl_cyrusdb[13827]: DBERROR: opening /cyrus/imap/mailboxes.db: cyrusdb error Feb 3 16:20:34 navi master[13825]: process 13827 exited, status 75 Feb 3 16:20:34 navi master[13828]: about to exec /usr/lib/cyrus-imapd/idled Feb 3 16:20:34 navi idled[13828]: DBERROR: dbenv-open '/cyrus/imap/db' failed: Permission denied Feb 3 16:20:34 navi idled[13828]: DBERROR: init() on berkeley Feb 3 16:20:34 navi idled[13828]: DBERROR: reading /cyrus/imap/db/skipstamp, assuming the worst: Permission denied And it goes on until I stop the service. The files and directories are owned by cyrus, so the permissions issue seems odd. E..g. ls -l /cyrus/imap/ total 100 -rw--- 1 cyrus mail 144 Feb 3 16:15 annotations.db drwx-- 2 cyrus mail 4096 Feb 3 16:20 db drwx-- 2 cyrus mail 4096 Feb 3 16:15 db.backup1 -rw--- 1 cyrus mail 8192 Feb 3 16:15 deliver.db drwx-- 2 cyrus mail 4096 Feb 3 13:40 log -rw--- 1 cyrus mail 144 Feb 3 16:15 mailboxes.db drwx-- 2 cyrus mail 4096 Feb 3 13:40 msg drwx-- 2 cyrus mail 4096 Feb 3 16:17 proc drwx-- 2 cyrus mail 4096 Feb 3 13:40 ptclient drwx-- 2 cyrus mail 4096 Feb 3 16:20 rpm drwxr-x--- 2 cyrus mail 4096 Feb 3 16:15 socket drwx-- 2 cyrus mail 4096 Feb 3 13:40 sync I have one other Redhat server running this OK, but I don't know what the difference is. For this reason, I'd rather not fix the problem by building from source and having different styles of cyrus running. Does anyone have a pointer? --Donald Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: ldap groups in acl
Marc Patermann wrote: Hi, IMAPd 2.2.12 is connected with sasl ldapdb (ptloader) to an OpenLDAP (2.3.x) server. I can set acls with existing groups. I cannot set acls with non existing groups. So far: IMAPd is checking for groups in LDAP just right. Afair, ldap group fixed in 2.3.13 ptloader. Try to update. WBR. Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Multi-server consolidation
I have a couple different servers that have several mailboxes on them and I would like to migrate them to a single new server. The new server will handle all of these mailboxes just fine. All of the mailboxes are unique across all of the servers. I have copied the /var/[spool/lib]/imap to the new server from one box and everything seems to be working fine there. Now it's the issue of getting the rest of the mailboxes over to the new machine. There are 4 machines in total with about 2000 email accounts. I'd prefer not to use any type of imap copy as we want to preserve the flags and we don't have the luxury of changing the user passwords. Any suggestions? Gary Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Best install path for Redhat Enterprise 5
D G Teed wrote: I'm looking at the various guides I see from google and from that deposited by Redhat's RPM for cyrus-imapd. Nothing appears to be really current. Most guides refer to building cyrus from source. I usually avoid doing that as it is a hassle to maintain packages that way, but then again Redhat has not updated their build in the last 2 years so perhaps it doesn't matter. I have a problem starting cyrus from the Redhat package and the init script. I can start /usr/lib/cyrus-imapd/cyrus-master as root and it works OK. I can login as cyrus with imtest. If I run the cyrus-impad init, which works fine on another Redhat install, I get errors: Feb 3 16:20:34 navi master[13825]: process started Feb 3 16:20:34 navi master[13827]: about to exec /usr/lib/cyrus-imapd/ctl_cyrusdb Feb 3 16:20:34 navi ctl_cyrusdb[13827]: DBERROR db4: /cyrus/imap/db: Permission denied Feb 3 16:20:34 navi ctl_cyrusdb[13827]: DBERROR db4: /cyrus/imap/db/__db.001: Permission denied Feb 3 16:20:34 navi ctl_cyrusdb[13827]: DBERROR: dbenv-open '/cyrus/imap/db' failed: Permission denied Feb 3 16:20:34 navi ctl_cyrusdb[13827]: DBERROR: init() on berkeley Feb 3 16:20:34 navi ctl_cyrusdb[13827]: DBERROR: writing /cyrus/imap/db/skipstamp: Permission denied Feb 3 16:20:34 navi ctl_cyrusdb[13827]: DBERROR: init() on skiplist Feb 3 16:20:34 navi ctl_cyrusdb[13827]: recovering cyrus databases Feb 3 16:20:34 navi ctl_cyrusdb[13827]: IOERROR: opening /cyrus/imap/mailboxes.db: Permission denied Feb 3 16:20:34 navi ctl_cyrusdb[13827]: DBERROR: opening /cyrus/imap/mailboxes.db: cyrusdb error Feb 3 16:20:34 navi master[13825]: process 13827 exited, status 75 Feb 3 16:20:34 navi master[13828]: about to exec /usr/lib/cyrus-imapd/idled Feb 3 16:20:34 navi idled[13828]: DBERROR: dbenv-open '/cyrus/imap/db' failed: Permission denied Feb 3 16:20:34 navi idled[13828]: DBERROR: init() on berkeley Feb 3 16:20:34 navi idled[13828]: DBERROR: reading /cyrus/imap/db/skipstamp, assuming the worst: Permission denied And it goes on until I stop the service. The files and directories are owned by cyrus, so the permissions issue seems odd. E..g. ls -l /cyrus/imap/ total 100 -rw--- 1 cyrus mail 144 Feb 3 16:15 annotations.db drwx-- 2 cyrus mail 4096 Feb 3 16:20 db drwx-- 2 cyrus mail 4096 Feb 3 16:15 db.backup1 -rw--- 1 cyrus mail 8192 Feb 3 16:15 deliver.db drwx-- 2 cyrus mail 4096 Feb 3 13:40 log -rw--- 1 cyrus mail 144 Feb 3 16:15 mailboxes.db drwx-- 2 cyrus mail 4096 Feb 3 13:40 msg drwx-- 2 cyrus mail 4096 Feb 3 16:17 proc drwx-- 2 cyrus mail 4096 Feb 3 13:40 ptclient drwx-- 2 cyrus mail 4096 Feb 3 16:20 rpm drwxr-x--- 2 cyrus mail 4096 Feb 3 16:15 socket drwx-- 2 cyrus mail 4096 Feb 3 13:40 sync I have one other Redhat server running this OK, but I don't know what the difference is. For this reason, I'd rather not fix the problem by building from source and having different styles of cyrus running. Does anyone have a pointer? What does the following commands output? ls -ld /cyrus ls -ld /cyrus/imap --Donald Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Best install path for Redhat Enterprise 5
On Tue, Feb 3, 2009 at 4:31 PM, Patrick Boutilier bouti...@ednet.ns.cawrote: What does the following commands output? ls -ld /cyrus ls -ld /cyrus/imap Hey, another Bluenoser on the list. Cool. # ls -ld /cyrus/ drwxr-xr-x 5 cyrus root 4096 Feb 3 13:40 /cyrus/ # ls -ld /cyrus/imap/ drwx-- 11 cyrus mail 4096 Feb 3 16:20 /cyrus/imap/ That probably isn't as tidy as I'd leave it, but this is the current state, after trying several angles and running out of the office with the storm coming on heavy today. --Donald Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Best install path for Redhat Enterprise 5
D G Teed wrote: I'm looking at the various guides I see from google and from that deposited by Redhat's RPM for cyrus-imapd. Nothing appears to be really current. Perhaps rebuilding Simon's rpm will ease your pain: http://www.invoca.ch/pub/packages/cyrus-imapd/ -- Sincerely, John Thomas Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Multi-server consolidation
On Tue, Feb 03, 2009 at 03:16:55PM -0800, Gary W. Smith wrote: I have a couple different servers that have several mailboxes on them and I would like to migrate them to a single new server. The new server will handle all of these mailboxes just fine. All of the mailboxes are unique across all of the servers. I have copied the /var/[spool/lib]/imap to the new server from one box and everything seems to be working fine there. Now it's the issue of getting the rest of the mailboxes over to the new machine. There are 4 machines in total with about 2000 email accounts. I'd prefer not to use any type of imap copy as we want to preserve the flags and we don't have the luxury of changing the user passwords. Any suggestions? Replication engine :) Seriously, that's how we do it. Run up a sync_server on the new machine and then sync_client -U each user from the old machine. Obviously, you'll want to suspend delivery and stop IMAP clients for the duration. We do this with some dastardly hacks in the authentication daemon, a database field that our internal tools check before trying to deliver, and a grep $UserName $confdir/proc/* | xargs kill moral equivalent. You can probably manage with just removing the imapd and lmtp lines from your cyrus.conf and doing it outside regular hours though. Bron. Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
