Re: Problems with murder upgrade from 2.2.13 to 2.5.8

2016-06-06 Thread Jean Charles Delépine via Info-cyrus 


Quoting Mathieu Pellieux via Info-cyrus :


Hello,

Aren't you missing the folowwing ACLs? (since cyrus 2.3 at least)

k: The ACI subject has the right to CREATE a new folder if the /k/  
 right exists on the parent folder of the folder to be  
created.
x: Use the /x/  
 right to indicate the ACI subject has the right to DELETE the folder on which the ACL is set, as opposed to the now obsolete /c/  right or /d/   
right.
t: The ACI subject is allowed to delete messages from this folder,  
meaning that the ACI subject is allowed to flag messages as \\Deleted.
e: The ACI subject is allowed to expunge messages in this folder,  
meaning the ACI subject has the right to remove all messages that  
have been flagged as \\Deleted from all visibility.


Right, I should have a look to that, indeed. But after the upgrade.

My 2.2 backends don't accept those acl for the moment. And my 2.2  
frontends work

fine with the upgraded one, and those, untouch by upgrade, acl.

Anyway, I should have, better, read the docs :
https://cyrusimap.org/imap/release-notes/2.5/x/2.5.0.html :

" Cyrus IMAP Murder Topologies

Environments that run a Cyrus IMAP Murder topology will want to upgrade
their backends before they upgrade their frontends. See Task #16 for
details. "

Task #16 isn't relevant to my particular problem but the doc says I should
wait backends upgrade before upgrading frontends. I will wait.
And submailboxes creation works fine from 2.2 frontends to 2.5 backends.


Ps: I had a class with you in 2005 (first ISRAD prom)


Great! Good prom. Nice memories.

Thanks for your answer.



Regards,

On 06/06/2016 15:49, Jean Charles Delépine via Info-cyrus wrote:

Hello,

I'm on the way to make a big (late) upgrade.

My murder config is composed of 16 1To backends. I can't upgrade
all of them simultaneously. So I planed to :

  - upgrade mupdate server (make a new one, and update frontend's and
backend's conf)
  - replace frontends with upgraded one's
  - upgrade backends one after the other, nightly, on serveral night

mupdate server upgrade is ok. But I have problems with 2.5 frontends and 2.2
backends interaction. All seems fine (no error), but users can't  
create new sub

mailboxes (admin can create mailboxes and sub mailboxes) :

loggued as mailbox owner :
imap-01> lam INBOX
delepine lrswipcda
anyone p
imap-01> cm INBOX.hop
createmailbox: Permission denied

My tests say that, whichever mupdate server version :
  Frontend 2.2 can create 2.2 mailboxes and 2.5 mailboxes
  Frontend 2.5 can't create 2.2 mailboxes but can create 2.5 mailboxes

All others tested features work.

The 2.2 is using saslauthd + pam_ldap for authentification. The 2.5  
is using either

ldapdb or saslauthd + ptoader and ldap.

With or without
  suppress_capabilities: ESEARCH QRESYNC XLIST LIST-EXTENDED WITHIN
on 2.5 frontends.

2 questions :
  - do you have an idea why users can't create submailboxes on 2.2
backends with 2.5 frontends ? Is there any acl new option I
miss ? ...
  - what are the risks if I wait for all backends to migrate before
using 2.5 frontends ? My option with this problem. I didn't find
any problem... but surely, if there's one, my users will find it.

Options that might be relevant :
On backends :
  proxyservers: proxy
  proxy_authname: proxy

On frontends:
  proxy_authname: proxy
  proxy_password: <>
  proxyd_allow_status_referral: 0
  proxyd_disable_mailbox_referrals: 1

backends are in an internal non routable network.

Sincerly,
  Jean Charles Delépine

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


--
Mathieu Pellieux 
Administrateur Systèmes
sysadmin 
01.73.02.75.01





Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Problems with murder upgrade from 2.2.13 to 2.5.8

2016-06-06 Thread Andrew Morgan via Info-cyrus 

I've found that backends should be upgraded before frontends...

You'll run into frontends trying to use features that don't exist on the 
backends.  Usually, you can work around that with the 
suppress_capabilities setting in imapd.conf, but it may require less 
testing to upgrade the frontends last.


Regarding you specific permissions problem, I think Mathieu has already 
posted the answer.  Although, I wonder if the frontend is enforcing 
permissions that can't exist on the backend yet...


For reference, these are the permissions on my v2.4.18 mailbox:

localhost> lam user.morgan
morgan lrswipkxtecda


Andy

On Mon, 6 Jun 2016, Jean Charles Delépine via Info-cyrus wrote:


Hello,

I'm on the way to make a big (late) upgrade. 

My murder config is composed of 16 1To backends. I can't upgrade 
all of them simultaneously. So I planed to :


 - upgrade mupdate server (make a new one, and update frontend's and
   backend's conf)
 - replace frontends with upgraded one's
 - upgrade backends one after the other, nightly, on serveral night

mupdate server upgrade is ok. But I have problems with 2.5 frontends and 2.2
backends interaction. All seems fine (no error), but users can't create new sub 
mailboxes (admin can create mailboxes and sub mailboxes) :


loggued as mailbox owner :
imap-01> lam INBOX
delepine lrswipcda
anyone p
imap-01> cm INBOX.hop
createmailbox: Permission denied

My tests say that, whichever mupdate server version :
 Frontend 2.2 can create 2.2 mailboxes and 2.5 mailboxes
 Frontend 2.5 can't create 2.2 mailboxes but can create 2.5 mailboxes

All others tested features work.

The 2.2 is using saslauthd + pam_ldap for authentification. The 2.5 is using 
either
ldapdb or saslauthd + ptoader and ldap.

With or without
 suppress_capabilities: ESEARCH QRESYNC XLIST LIST-EXTENDED WITHIN
on 2.5 frontends.

2 questions :
 - do you have an idea why users can't create submailboxes on 2.2
   backends with 2.5 frontends ? Is there any acl new option I
   miss ? ...
 - what are the risks if I wait for all backends to migrate before
   using 2.5 frontends ? My option with this problem. I didn't find
   any problem... but surely, if there's one, my users will find it.

Options that might be relevant :
On backends :
 proxyservers: proxy
 proxy_authname: proxy

On frontends:
 proxy_authname: proxy
 proxy_password: <>
 proxyd_allow_status_referral: 0
 proxyd_disable_mailbox_referrals: 1

backends are in an internal non routable network.

Sincerly,
 Jean Charles Delépine

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Problems with murder upgrade from 2.2.13 to 2.5.8

2016-06-06 Thread Mathieu Pellieux via Info-cyrus 

Hello,

Aren't you missing the folowwing ACLs? (since cyrus 2.3 at least)

k: The ACI subject has the right to CREATE a new folder if the /k/ 
 
right exists on the parent folder of the folder to be created.
x: Use the /x/ 
 
right to indicate the ACI subject has the right to DELETE the folder on 
which the ACL is set, as opposed to the now obsolete /c/ 
 
right or /d/ 
 
right.
t: The ACI subject is allowed to delete messages from this folder, 
meaning that the ACI subject is allowed to flag messages as \\Deleted.
e: The ACI subject is allowed to expunge messages in this folder, 
meaning the ACI subject has the right to remove all messages that have 
been flagged as \\Deleted from all visibility.


localhost> lam user.mpellieux
mpellieux lrswip*kxte*cda
cyrus kxca
anyone p

Ps: I had a class with you in 2005 (first ISRAD prom)

Regards,

On 06/06/2016 15:49, Jean Charles Delépine via Info-cyrus wrote:

Hello,

I'm on the way to make a big (late) upgrade.

My murder config is composed of 16 1To backends. I can't upgrade
all of them simultaneously. So I planed to :

   - upgrade mupdate server (make a new one, and update frontend's and
 backend's conf)
   - replace frontends with upgraded one's
   - upgrade backends one after the other, nightly, on serveral night

mupdate server upgrade is ok. But I have problems with 2.5 frontends and 2.2
backends interaction. All seems fine (no error), but users can't create new sub
mailboxes (admin can create mailboxes and sub mailboxes) :

loggued as mailbox owner :
imap-01> lam INBOX
delepine lrswipcda
anyone p
imap-01> cm INBOX.hop
createmailbox: Permission denied

My tests say that, whichever mupdate server version :
   Frontend 2.2 can create 2.2 mailboxes and 2.5 mailboxes
   Frontend 2.5 can't create 2.2 mailboxes but can create 2.5 mailboxes

All others tested features work.

The 2.2 is using saslauthd + pam_ldap for authentification. The 2.5 is using 
either
ldapdb or saslauthd + ptoader and ldap.

With or without
   suppress_capabilities: ESEARCH QRESYNC XLIST LIST-EXTENDED WITHIN
on 2.5 frontends.

2 questions :
   - do you have an idea why users can't create submailboxes on 2.2
 backends with 2.5 frontends ? Is there any acl new option I
 miss ? ...
   - what are the risks if I wait for all backends to migrate before
 using 2.5 frontends ? My option with this problem. I didn't find
 any problem... but surely, if there's one, my users will find it.

Options that might be relevant :
On backends :
   proxyservers: proxy
   proxy_authname: proxy

On frontends:
   proxy_authname: proxy
   proxy_password: <>
   proxyd_allow_status_referral: 0
   proxyd_disable_mailbox_referrals: 1

backends are in an internal non routable network.

Sincerly,
   Jean Charles Delépine

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


--
Mathieu Pellieux 
Administrateur Systèmes
sysadmin 
01.73.02.75.01


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Problems with murder upgrade from 2.2.13 to 2.5.8

2016-06-06 Thread Jean Charles Delépine via Info-cyrus 
Hello,

I'm on the way to make a big (late) upgrade. 

My murder config is composed of 16 1To backends. I can't upgrade 
all of them simultaneously. So I planed to :

  - upgrade mupdate server (make a new one, and update frontend's and 
backend's conf)
  - replace frontends with upgraded one's
  - upgrade backends one after the other, nightly, on serveral night

mupdate server upgrade is ok. But I have problems with 2.5 frontends and 2.2
backends interaction. All seems fine (no error), but users can't create new sub 
mailboxes (admin can create mailboxes and sub mailboxes) :

loggued as mailbox owner :
imap-01> lam INBOX
delepine lrswipcda
anyone p
imap-01> cm INBOX.hop
createmailbox: Permission denied

My tests say that, whichever mupdate server version :
  Frontend 2.2 can create 2.2 mailboxes and 2.5 mailboxes
  Frontend 2.5 can't create 2.2 mailboxes but can create 2.5 mailboxes

All others tested features work.

The 2.2 is using saslauthd + pam_ldap for authentification. The 2.5 is using 
either
ldapdb or saslauthd + ptoader and ldap.

With or without 
  suppress_capabilities: ESEARCH QRESYNC XLIST LIST-EXTENDED WITHIN
on 2.5 frontends.

2 questions :
  - do you have an idea why users can't create submailboxes on 2.2
backends with 2.5 frontends ? Is there any acl new option I 
miss ? ...
  - what are the risks if I wait for all backends to migrate before
using 2.5 frontends ? My option with this problem. I didn't find
any problem... but surely, if there's one, my users will find it.

Options that might be relevant :
On backends :
  proxyservers: proxy
  proxy_authname: proxy

On frontends:
  proxy_authname: proxy
  proxy_password: <>
  proxyd_allow_status_referral: 0
  proxyd_disable_mailbox_referrals: 1

backends are in an internal non routable network.

Sincerly,
  Jean Charles Delépine

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus