Re: limit sharing ability to certain users

> On 9 Aug 2018, at 8.48, Simeon Ott wrote: > > Thanks Sami, thanks Aki > > I just updated the packages on our testing server and now it works like > expected. > There are some LDAP tests to come. Are there many productive server out there > using this repository? We have no way of

Re: limit sharing ability to certain users

Thanks Sami, thanks Aki I just updated the packages on our testing server and now it works like expected. There are some LDAP tests to come. Are there many productive server out there using this repository? Simeon > On 8 Aug 2018, at 09:41, Sami Ketola wrote: > > > http://repo.dovecot.org/

Re: limit sharing ability to certain users

http://repo.dovecot.org/ Sami > On 8 Aug 2018, at 10.27, Simeon Ott wrote: > > Okay, this seems to be due to the fact that the option “use_globals_only" is > supported only in v2.2.31+ > We are on Debian jessie with dovecot v2.2.13 – even an upgrade to current >

Re: limit sharing ability to certain users

Okay, this seems to be due to the fact that the option “use_globals_only" is supported only in v2.2.31+ We are on Debian jessie with dovecot v2.2.13 – even an upgrade to current stable stretch won’t help (dovecot v2.2.27). So we will wait until the packages find their way into the repository.

Re: limit sharing ability to certain users

still the same… root@buserver:/etc/dovecot# doveadm user te...@onnet.ch field valueuserdb lookup: user te...@onnet.ch doesn't exist relevant config output from doveconf -n userdb { args = /etc/dovecot/dovecot-ldap.conf driver = ldap result_success = continue-ok } userdb { args =

Re: limit sharing ability to certain users

Hmm. if you put it *after* the ldap userdb, it should not have prevented users from logging in. What happens if you do userdb {   driver = passwd-file   args =   skip = notfound   result_failure = continue-ok } Aki On 07.08.2018 12:58, Simeon Ott wrote: > Now the attributes are correctly

Re: limit sharing ability to certain users

Now the attributes are correctly read for the user t...@onnet.ch , but other users are not able to authenticate anymore. root@buserver:/var/spool/postfix/virtual/onnet.ch/test/Maildir/.super# doveadm user t...@onnet.ch field value uid 5000 gid 5000 home

Re: limit sharing ability to certain users

… attached the dovecot -n, linked files, debug log lines during a standard client login root@buserver:/etc/dovecot/conf.d# doveconf -n # 2.2.13: /etc/dovecot/dovecot.conf # OS: Linux 3.16.0-6-amd64 x86_64 Debian 8.11 auth_debug = yes auth_debug_passwords = yes auth_mechanisms = plain login

Re: limit sharing ability to certain users

Ah. You probably need to change ldap userdb so that you add userdb { driver = ldap   args = /etc/dovecot/dovecot-ldap.conf result_success = continue-ok } so that the next one is processed. you can use 'doveadm user t...@onnet.ch' to verify that the attributes are read for this user, and

Re: limit sharing ability to certain users

Can you provide your doveconf -n after adding the database *after* LDAP. You probably need to add 'noauthenticate' as one parameter after the userdb ones. Aki On 07.08.2018 11:05, Simeon Ott wrote: > May you please clarify that? Where should I omit the userdb_ prefix? Which of > my attempts

Re: limit sharing ability to certain users

May you please clarify that? Where should I omit the userdb_ prefix? Which of my attempts are you pointing at? As stated, I omitted the userdb_ prefix when working with an LDAP attribute. > On 7 Aug 2018, at 10:03, Aki Tuomi wrote: > > with ldap userdb, you need to omit the userdb_ prefix. >

Re: limit sharing ability to certain users

with ldap userdb, you need to omit the userdb_ prefix. Aki On 07.08.2018 10:54, Simeon Ott wrote: > Sorry for that! I was offline during writing my answer to your mail and so it > left my outbox after the advice from Sami. > > The solution works well when using passwd userdbs only. I didn’t

Re: limit sharing ability to certain users

Sorry for that! I was offline during writing my answer to your mail and so it left my outbox after the advice from Sami. The solution works well when using passwd userdbs only. I didn’t get it running in conjunction with ldap userdb. I tried to use an LDAP attribute and mapping it to

Re: limit sharing ability to certain users

As Sami pointed out, I had wrong syntax: > close, but few typos. userdb should be: > > userdb { >   driver = passwd-file >   args = username_format=%Lu /etc/dovecot/share.passwd > } > > Sami On 06.08.2018 22:52, Simeon Ott wrote: > Thanks for the advice Aki > >> On 6 Aug 2018, at 07:26, Aki

Re: limit sharing ability to certain users

Thanks for the advice Aki > On 6 Aug 2018, at 07:26, Aki Tuomi wrote: > > userdb { >driver = username_format=%Lu passwd-file >args = /etc/dovecot/share.passwd > } Something is wrong with the suggested driver configuration – Leads to a fatal – I think there is missing a driver name.

Re: limit sharing ability to certain users

> On 6 Aug 2018, at 8.26, Aki Tuomi wrote: > > You could do > > userdb { >driver = username_format=%Lu passwd-file >args = /etc/dovecot/share.passwd > } > > # /etc/dovecot/share.passwd > t...@onnet.ch ::: > userdb_acl=vfile:/etc/dovecot/dovecot-acl

Re: limit sharing ability to certain users

On 06.08.2018 08:26, Aki Tuomi wrote: > > You could do > > userdb { >    driver = username_format=%Lu passwd-file >    args = /etc/dovecot/share.passwd > } > > #  /etc/dovecot/share.passwd > t...@onnet.ch::: userdb_acl=vfile:/etc/dovecot/dovecot-acl > userdb_acl_globals_only = yes > > should

Re: limit sharing ability to certain users

You could do userdb {    driver = username_format=%Lu passwd-file    args = /etc/dovecot/share.passwd } #  /etc/dovecot/share.passwd t...@onnet.ch::: userdb_acl=vfile:/etc/dovecot/dovecot-acl userdb_acl_globals_only = yes should prevent the user from modifying any ACL files. Aki On