Re: enable/disable shared namespace in passdb
hello.
i gave a different name to the namespace.
now i can properly disable it from passdb (so i do not produce a loops
with shared namespaces configured with imapc)
---
but providing a name breaks even local acls
with the following config
namespace sharedboxes {
type = shared
list = yes# children
disabled = no# should be yes, but this is convenient when
testing with doveadm
separator = /# useful ? does not change a thing... direcgt
access is ok, imapc is broken
prefix = shared/%%u/
# THIS MAKES USE OF THE LOCAL FILESYSTEM FOR THE REMOTE USER'S
MAILBOX LOCATION. WORKS BUT NOT CLUSTER-SAFE
# NOTE : specifying a separate INDEX allows for unshared flags
# NOTE : userdb sets mail location to
maildir:~/dovemail:INBOX=~/dovemail/.INBOX
location = maildir:%%h/dovemail/#
:INDEXPVT=~/dovemail/private_indexes/%%u
# THIS ONE IS CLUSTER-SAFE BUT CURRENTLY DOES NOT WORK
#location = imapc:~/dovemail/shared/%%u/ # cache for shared indexes
}
acl debug produces the following output
# doveadm acl debug -u a...@oleane.fr.fto shared/a...@oleane.fr.fto/AA
doveadm(a...@oleane.fr.fto): Error: Mailbox
'shared.abi2@oleane\2efr\2efto.AA' in namespace '' doesn't exist in
/var/mailboxes/mail02b/fr.fto/o/l/oleane/abi3/home/dovemail/.shared.abi2@oleane\2efr\2efto.AA
---
but if i remove "sharedboxes", it works as expected
# doveadm acl debug -u a...@oleane.fr.fto shared/a...@oleane.fr.fto/AA
doveadm(a...@oleane.fr.fto): Info: Mailbox 'AA' is in namespace
'shared/a...@oleane.fr.fto/'
doveadm(a...@oleane.fr.fto): Info: Mailbox path:
/var/mailboxes/mail02b/fr.fto/o/l/oleane/abi2/home/dovemail/.AA
doveadm(a...@oleane.fr.fto): Info: All message flags are shared across
users in mailbox
doveadm(a...@oleane.fr.fto): Info: User a...@oleane.fr.fto has rights:
lookup read write write-seen write-deleted insert post expunge create
delete admin
doveadm(a...@oleane.fr.fto): Info: Mailbox found from dovecot-acl-list
doveadm(a...@oleane.fr.fto): Info: User a...@oleane.fr.fto found from
ACL shared dict
doveadm(a...@oleane.fr.fto): Info: Mailbox shared/a...@oleane.fr.fto/AA
is visible in LIST
i also tried changing the prefix to sharedboxes/%%u/ and changing the
debug command accordingly but that did not make a difference.
---
if i try the same config ( without naming the namespace ) with imapc (
using the location line that is commented in the above config sample )
it does not seem to loop when using doveadm debug, but it does not work
either
# doveadm acl debug -u a...@oleane.fr.fto shared/a...@oleane.fr.fto/AA
doveadm(a...@oleane.fr.fto): Info: Mailbox 'AA' is in namespace
'shared/a...@oleane.fr.fto/'
doveadm(a...@oleane.fr.fto): Info: Mailbox path:
/var/mailboxes/mail02b/fr.fto/o/l/oleane/abi3/home/dovemail/shared/a...@oleane.fr.fto/.AA
doveadm(a...@oleane.fr.fto): Info: All message flags are shared across
users in mailbox
doveadm(a...@oleane.fr.fto): Info: User a...@oleane.fr.fto has no rights
for mailbox
doveadm(a...@oleane.fr.fto): Error: User a...@oleane.fr.fto is missing
'lookup' right
doveadm(a...@oleane.fr.fto): Info: Mailbox shared/a...@oleane.fr.fto/AA
is NOT visible in LIST
the log show that the proper dovecot-acl file is read when ~abi logs in
as ~abi2, but i do not see any trace of the acls being read over imap
nor directly in the filesystem
if i actually use imap, i produce a loop ( rather a storm in fact if i
setup many to many shares ) and end up with an empty shared namespace
what did i miss ?
thanks for your help
alex
Le 06/04/2016 21:41, Timo Sirainen a écrit :
On 04 Apr 2016, at 13:28, a...@oleane.net wrote:
namespace shared {
type = shared
list = yes# children
disabled = yes
separator = /
prefix = shared/%%u/
location = imapc:~/dovemail/shared/%%u/
}
Don't you get a warning with this?
Warning: Obsolete setting in dovecot.conf:1: namespace shared {} has been
replaced by namespace { type=shared }
This is because of the v1.x dovecot.conf auto-conversion code. Try giving it a different
name than "shared" and see if it works.
Re: enable/disable shared namespace in passdb
This is because of the v1.x dovecot.conf auto-conversion code. Try giving it a different name than "shared" and see if it works. hello it does, and there is no warning. i feel foolish i did not bother to try thanks, that solves part of the problem best regards alexis
Re: enable/disable shared namespace in passdb
Le 06/04/2016 21:41, Timo Sirainen a écrit :
On 04 Apr 2016, at 13:28, a...@oleane.net wrote:
namespace shared {
type = shared
list = yes# children
disabled = yes
separator = /
prefix = shared/%%u/
location = imapc:~/dovemail/shared/%%u/
}
Don't you get a warning with this?
Warning: Obsolete setting in dovecot.conf:1: namespace shared {} has been
replaced by namespace { type=shared }
This is because of the v1.x dovecot.conf auto-conversion code. Try giving it a different
name than "shared" and see if it works.
yes i get this exact warning
i tried with and without
given the fact that other namespaces parameters can be changed
dynamically through passdb by returning
"namespace"/NAMESPACE_NAME/PARAMETER=VALUE, i was hoping to do the same
with shared namespaces which is why i added a name
i'm wondering : is using shared namespaces with non generic acls and
imapc currently supported in dovecot ?
i'm running into 2 problems :
--> the acl files are looked up in the filesystem in
~loggedin_user/.../shared/sharing_user/ rather than in ~sharing_user so
the filesystem paths are not translated. i can circumvent with symlinks
but i assume the ACLs should be looked up using imap or an extra
location attribute could be added to the namespace so the acls are read
in the proper location.
--> the sharers might themselves have other people sharing with them so
the imapc connections loop. i need a way to selectively disable the
shared namespace. ( based on a specific port, the source address,
something passed by imapc:, the fact that there is a master login...
whatever works )
i'm ready to beta-test if that can help in any way
thanks for your great work
best regards
alexis
Re: enable/disable shared namespace in passdb
On 04 Apr 2016, at 13:28, a...@oleane.net wrote:
>
> namespace shared {
>type = shared
>list = yes# children
>disabled = yes
>separator = /
>prefix = shared/%%u/
>location = imapc:~/dovemail/shared/%%u/
> }
Don't you get a warning with this?
Warning: Obsolete setting in dovecot.conf:1: namespace shared {} has been
replaced by namespace { type=shared }
This is because of the v1.x dovecot.conf auto-conversion code. Try giving it a
different name than "shared" and see if it works.
Re: enable/disable shared namespace in passdb
>
hello all
i'm currently using passdb to enable and disable various namespaces
conditionally : for example the following work
namespace/inbox/inbox=no
namespace/legacy_pfso/disabled=no
namespace/legacy_pfso/inbox=no
namespace/local_storage/disabled=no
namespace/comboINBOX_local_pfso/disabled=no
namespace/comboINBOX_local_pfso/inbox=yes
but i can't get things like the following to work
namespace/shared/disabled=yes
--
the shared namespace is configured as shown below
namespace shared {
type = shared
list = yes# children
disabled = yes
separator = /
prefix = shared/%%u/
location = imapc:~/dovemail/shared/%%u/
}
imapc_host = localhost
imapc_port = 143
imapc_password = superpassword# either super or a dummy
imapc_master_user = %u
--
it seems the shared namespaces do not have names any more so they can't
be modified dynamically
is there a way to circumvent ? something i missed ?
i'm running 2.2.22 but i can switch easily to 2.2.9 or any other version
providing master_user or one of the variables that can let me know if a
master login was performed is available in passdb
the reason i'm doing this is so i can prevent long chains/loops from
occuring : then accessed by imapc: , the passdb should disable the
shared namespace so it does not produce (an)other imapc connection(s)
thanks for your help
alexis
hi all
bumping on my own...
i've tried to declare the namespace inside the imap protocol and adding
the following extra protocol and listner
service imap-login-noshares {
protocol = imapnoshares
executable = imap-login
inet_listener imapnoshares {
address =
port = 20143
reuse_port = no
ssl = no
}
$login_process_common_stuff
}
protocol imapnoshares {
# we need to clone imap stuff here... maybe not everything but at least
quota and the likes
}
unfortunately it seems that the protocol is still 'imap' : the passdb
and userdb queries still contain imap as the protocol name, the log
displays imap(username), and it looks like the shared namespace is active.
the namespace is now declared like this
protocol imap {
namespace shared {
type = shared
list = yes # children
#disabled = yes
separator = /
prefix = shared/%%u/
location = imapc:~/dovemail/shared/%%u/
}
}
any ideas ?
has anybody managed to get acls to work with imapc ?
thanks for your time
alexis
enable/disable shared namespace in passdb
hello all
i'm currently using passdb to enable and disable various namespaces
conditionally : for example the following work
namespace/inbox/inbox=no
namespace/legacy_pfso/disabled=no
namespace/legacy_pfso/inbox=no
namespace/local_storage/disabled=no
namespace/comboINBOX_local_pfso/disabled=no
namespace/comboINBOX_local_pfso/inbox=yes
but i can't get things like the following to work
namespace/shared/disabled=yes
--
the shared namespace is configured as shown below
namespace shared {
type = shared
list = yes# children
disabled = yes
separator = /
prefix = shared/%%u/
location = imapc:~/dovemail/shared/%%u/
}
imapc_host = localhost
imapc_port = 143
imapc_password = superpassword # either super or a dummy
imapc_master_user = %u
--
it seems the shared namespaces do not have names any more so they can't
be modified dynamically
is there a way to circumvent ? something i missed ?
i'm running 2.2.22 but i can switch easily to 2.2.9 or any other version
providing master_user or one of the variables that can let me know if a
master login was performed is available in passdb
the reason i'm doing this is so i can prevent long chains/loops from
occuring : then accessed by imapc: , the passdb should disable the
shared namespace so it does not produce (an)other imapc connection(s)
thanks for your help
alexis
