Bug 45421 - Check shared folder ACLs in LDAP against ACLs in dovecot/cyrus - broken
Check shared folder ACLs in LDAP against ACLs in dovecot/cyrus - broken
Status: CLOSED WONTFIX
Product: UCS
Classification: Unclassified
Component: Mail
UCS 4.2
Other Linux
: P5 normal (vote)
: UCS 4.3-0-errata
Assigned To: Mail maintainers
Mail maintainers
:
Depends on: 40465
Blocks:
  Show dependency treegraph
 
Reported: 2017-09-20 11:39 CEST by Felix Botner
Modified: 2021-03-19 12:28 CET (History)
6 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.069
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Felix Botner univentionstaff 2017-09-20 11:39:31 CEST
+++ This bug was initially created as a clone of Bug #40465 +++

The diagnostics module should check if the ACLs for shared folders in LDAP match with the ACLs in IMAP. Otherwise a warning should be printed. This is no error since the user is able to set custom ACLs via any IMAP client.

Bug #40194/40195 may have caused ACL differences.

Added folder1 shared imap folder with the following ACL's
univentionMailACL: Domain Users read
univentionMailACL: anyone post
univentionMailACL: Printer-Admins write


Now a added a special ACL to the imap folder via doveadm:

doveadm acl set -u Administrator folder1@w2k12.test/INBOX "group=Domain Admins" write

I i run the module i get 

	Found differences in the ACLs for IMAP shared folders between UDM and IMAP. This is not necessarily a problem, if the the ACL got changed via IMAP.
	
	In mail folder folder1@w2k12.test (see {udm:mail/mail}):
	ACL right for user 'anyone' is 'post' in UDM, but 'none' in IMAP.
	ACL right for group 'Domain Users' is 'read' in UDM, but 'none' in IMAP.

So he thinks there are difference for 'anyone' 'Domain Users' this is wrong, but no mention of the real broken Domain Admins ACL?
Comment 1 Stefan Gohmann univentionstaff 2018-03-15 06:36:02 CET
Move to 4.3-0-errata. If a UCS 4.2 backport is needed, please clone this issue.
Comment 2 Ingo Steuwer univentionstaff 2020-07-03 20:56:19 CEST
This issue has been filed against UCS 4.2.

UCS 4.2 is out of maintenance and many UCS components have changed in later releases. Thus, this issue is now being closed.

If this issue still occurs in newer UCS versions, please use "Clone this bug" or reopen it and update the UCS version. In this case please provide detailed information on how this issue is affecting you.