Hi again,
here some more debugs:
On 12/16/2016 03:25 PM, Mike Fröhner wrote:
Thanks for your reply Timo.
On 12/14/2016 06:40 PM, Timo Sirainen wrote:
On 14 Dec 2016, at 11.16, Mike Fröhner <mikefroeh...@gmx.de
<mailto:mikefroeh...@gmx.de>> wrote:
I made some additional tests and found that also local unix groups are
not working in replacement for my ldap groups as discribed below.
Do groups in dovecot-acl intendedly not work?
http://wiki2.dovecot.org/ACL -> ACL groups support works by returning a
comma-separated acl_groups extra field from userdb, which contains all
the groups the user belongs to. User's UNIX groups have no effect on
ACLs (you can "enable" them by using a special post-login script).
I think I have configured the userdb right, because the debug log tells
me this:
imap-1 dovecot: imap(ldaptestuser): Debug: acl: acl username = ldaptestuser
imap-1 dovecot: imap(ldaptestuser): Debug: acl: owner = 1
imap-1 dovecot: imap(ldaptestuser): Debug: acl: group added: mailusers
imap-1 dovecot: imap(ldaptestuser): Debug: acl: group added: ldaptestgroup
Well, the IMAP debug lists/adds the groups, but not the doveadm:
Dec 16 16:36:12 imap-1 dovecot: doveadm(ldaptestuser): Debug: auth PASS
input: user=ldaptestuser
Dec 16 16:36:12 imap-1 dovecot: doveadm(ldaptestuser): Debug: auth USER
input: ldaptestuser home=/opt/mail/ldaptestuser
mail=maildir:/opt/mail/ldaptestuser/Mails gid=991 uid=834603987
Dec 16 16:36:12 imap-1 dovecot: doveadm(ldaptestuser): Debug: Added
userdb setting: mail=maildir:/opt/mail/ldaptestuser/Mails
Dec 16 16:36:12 imap-1 dovecot: doveadm(ldaptestuser): Debug: Effective
uid=834603987, gid=991, home=/opt/mail/ldaptestuser
Dec 16 16:36:12 imap-1 dovecot: doveadm(ldaptestuser): Debug: Namespace
public-test: type=public, prefix=public/test/, sep=/, inbox=no,
hidden=no, list=yes, subscriptions=no
location=maildir:/opt/mail/_public/test
Dec 16 16:36:12 imap-1 dovecot: doveadm(ldaptestuser): Debug: maildir++:
root=/opt/mail/_public/test, index=, indexpvt=, control=, inbox=, alt=
Dec 16 16:36:12 imap-1 dovecot: doveadm(ldaptestuser): Debug: acl:
initializing backend with data: vfile
Dec 16 16:36:12 imap-1 dovecot: doveadm(ldaptestuser): Debug: acl: acl
username = ldaptestuser
Dec 16 16:36:12 imap-1 dovecot: doveadm(ldaptestuser): Debug: acl: owner = 0
Dec 16 16:36:12 imap-1 dovecot: doveadm(ldaptestuser): Debug: acl vfile:
Global ACLs disabled
The debug output equals on server imap-1 and imap-2.
On 12/13/2016 03:47 PM, Mike Fröhner wrote:
Hello people,
I am having an issue with 'doveadm sync'. I am currently trying to have
two dovecots behind an haproxy (works fine). Therefore I configured
these two dovecot server (imap-1/imap-2) to sync throught dsync. This
works just partly. The sync of the maiboxes is fine, but the sync of
the
subscriptions file just works partly. It works for private folder
subscription, but not completly for public folder subscription. I found
two issues, if I am using LDAP (user/groups) in dovecot ACLs.
1. I would like to subscribe 2 public folder (public/test/test1 and
public/test/test2).
My user (ldaptestuser) is an ldap user and this user is member of the
ldap group (ldaptestgroup) which does have all dovecot-acl rights on
these folders.
imap-1 # cat /opt/mail/_public/publictest/.test*/dovecot-acl
group=ldaptestgroup akxeilprwts
group=ldaptestgroup akxeilprwts
I am now connecting with my mail client to imap-1 (throught haproxy)
and
the subscription to this folder works. The file which is written looks
like:
imap-1 # cat /opt/mail/ldaptestuser/Mails/subscriptions
Sent
publictest/test/test1
publictest/test/test2
Now I am awaiting the synch to imap-2, but the file which it written
looks like:
imap-2 # cat /opt/mail/ldaptestuser/Mails/subscriptions
Sent
If I modify the dovecot-acl for .test1 to
imap-1 # cat /opt/mail/_public/publictest/.test1/dovecot-acl
group=ldaptestgroup akxeilprwts
user=ldaptestuser akxeilprwts
and execute the subscription again - the synced file looks like:
imap-2 # cat /opt/mail/ldaptestuser/Mails/subscriptions
Sent
publictest/test/test1
The subscription of public folder test2 will also been synced, if I add
my ldaptestuser to the acl file for this folder.
2. Another issue is to unsubscribe a public folder. If I unsubscribe
folder test1, it is written to subscriptions file on the imap where
I am
connected, but it is NOT synced even if my user and group are
configured
at the dovecot-acl file. If I then unsubscribe a not public folder
(like
Sent), the former unsubscribed folder test1 is (faulty) subscribed
again. But both imap do have the same subscriptions for my ldaptestuser
user.
I do have the behavior with dovecot-2.2.26 and dovecot-2.2.27 on
CentOS-7 (selinux disabled).
If you need more information like the dovecot -n or some other stuff
give me a short notice.
Mike;
