Bug 40465 - Check shared folder ACLs in LDAP against ACLs in dovecot/cyrus
Check shared folder ACLs in LDAP against ACLs in dovecot/cyrus
Product: UCS
Classification: Unclassified
Component: UMC - System diagnostic
UCS 4.1
Other Linux
: P5 normal (vote)
: UCS 4.2-2-errata
Assigned To: Lukas Oyen
Felix Botner
Depends on:
Blocks: 45421
  Show dependency treegraph
Reported: 2016-01-20 12:40 CET by Sönke Schwardt-Krummrich
Modified: 2017-09-20 15:03 CEST (History)
4 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score:
best: Patch_Available+

40465-diagnostic-mail-acl-sync-420.patch (17.95 KB, patch)
2017-06-26 13:51 CEST, Lukas Oyen
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Sönke Schwardt-Krummrich univentionstaff 2016-01-20 12:40:59 CET
The diagnostics module should check if the ACLs for shared folders in LDAP match with the ACLs in IMAP. Otherwise a warning should be printed. This is no error since the user is able to set custom ACLs via any IMAP client.

Bug #40194/40195 may have caused ACL differences.
Comment 1 Lukas Oyen univentionstaff 2017-06-26 13:51:22 CEST
Created attachment 8967 [details]

This check compares the ACL entries as defined in UDM with the actual as in
Dovecot/Cyrus for shared folder. If any difference is found a Warning is shown.

In addition to the ACL difference, this checks two other details:
- If multiple UDM ACL entries for the same identifier (group, user) exists
- If any identifier in the UDM ACL entries contains a whitespace (Cyrus)
Both cases trigger a Warning aswell.
Comment 2 Lukas Oyen univentionstaff 2017-08-01 16:33:15 CEST
Committed in r81628 - r81630 (advisory r81649).
Comment 3 Felix Botner univentionstaff 2017-09-20 11:41:46 CEST

The test itself does not yet work correctly see Bug #45421
Comment 4 Erik Damrose univentionstaff 2017-09-20 15:03:49 CEST