I've found that backends should be upgraded before frontends...
You'll run into frontends trying to use features that don't exist on the
backends. Usually, you can work around that with the
suppress_capabilities setting in imapd.conf, but it may require less
testing to upgrade the frontends last.
Regarding you specific permissions problem, I think Mathieu has already
posted the answer. Although, I wonder if the frontend is enforcing
permissions that can't exist on the backend yet...
For reference, these are the permissions on my v2.4.18 mailbox:
localhost> lam user.morgan
morgan lrswipkxtecda
Andy
On Mon, 6 Jun 2016, Jean Charles Delépine via Info-cyrus wrote:
Hello,
I'm on the way to make a big (late) upgrade.
My murder config is composed of 16 1To backends. I can't upgrade
all of them simultaneously. So I planed to :
- upgrade mupdate server (make a new one, and update frontend's and
backend's conf)
- replace frontends with upgraded one's
- upgrade backends one after the other, nightly, on serveral night
mupdate server upgrade is ok. But I have problems with 2.5 frontends and 2.2
backends interaction. All seems fine (no error), but users can't create new sub
mailboxes (admin can create mailboxes and sub mailboxes) :
loggued as mailbox owner :
imap-01> lam INBOX
delepine lrswipcda
anyone p
imap-01> cm INBOX.hop
createmailbox: Permission denied
My tests say that, whichever mupdate server version :
Frontend 2.2 can create 2.2 mailboxes and 2.5 mailboxes
Frontend 2.5 can't create 2.2 mailboxes but can create 2.5 mailboxes
All others tested features work.
The 2.2 is using saslauthd + pam_ldap for authentification. The 2.5 is using
either
ldapdb or saslauthd + ptoader and ldap.
With or without
suppress_capabilities: ESEARCH QRESYNC XLIST LIST-EXTENDED WITHIN
on 2.5 frontends.
2 questions :
- do you have an idea why users can't create submailboxes on 2.2
backends with 2.5 frontends ? Is there any acl new option I
miss ? ...
- what are the risks if I wait for all backends to migrate before
using 2.5 frontends ? My option with this problem. I didn't find
any problem... but surely, if there's one, my users will find it.
Options that might be relevant :
On backends :
proxyservers: proxy
proxy_authname: proxy
On frontends:
proxy_authname: proxy
proxy_password: <>
proxyd_allow_status_referral: 0
proxyd_disable_mailbox_referrals: 1
backends are in an internal non routable network.
Sincerly,
Jean Charles Delépine
----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
