Bug 45894 - cannot create subfolders in shared folders with email address in OX
cannot create subfolders in shared folders with email address in OX
Status: CLOSED FIXED
Product: Z_Internal OX development
Classification: Unclassified
Component: Listener
UCS 4.2 / 7.8.4
Other Linux
: P5 normal (vote)
: 7.8.4-ucs10
Assigned To: Daniel Tröder
Sönke Schwardt-Krummrich
:
Depends on: 41138 45921
Blocks:
  Show dependency treegraph
 
Reported: 2017-12-19 11:05 CET by Daniel Tröder
Modified: 2018-01-15 13:55 CET (History)
2 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 4: Minor Usability: Impairs usability in secondary scenarios
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 5: Blocking further progress on the daily work
User Pain: 0.229
Enterprise Customer affected?: Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2017100621000202
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Tröder univentionstaff 2017-12-19 11:05:38 CET
After enabling the creation of subfolders in shared folders with email address in Bug #41138, it appears that OX needs a user account with the shared folders email address in the GAB to handle the IMAP ACLs for the subfolder.

Two possible solutions come to mind:
* change the UCS Dovecot integration to create shared folders with email address as "public folders" (without email address), and teach Postfix and Dovecot-LMTP to deliver them to a specific folder. That is what is done in the UCS Cyrus integration.
* create a listener module that creates OX user accounts for shared folders with email address

As the latter does not require changing the product, for now it is the preferred solution.

Dovecot docs regarding shared folders: https://wiki.dovecot.org/SharedMailboxes
Comment 1 Daniel Tröder univentionstaff 2017-12-20 08:43:43 CET
A new listener module that only activates if dovecot is installed (mail/dovecot=yes) and the UCRV ox/listener/folder/enabled=yes has been added.

The context for shared folders can be set through ox/listener/folder/context, defaults to ox/context/id or 10.

Package: univention-ox
Version: 9.0.7-9A~4.2.0.201712200841
Branch: ucs_4.2-0
Scope: oxse4ucs
Comment 2 Sönke Schwardt-Krummrich univentionstaff 2017-12-21 17:34:01 CET
Found some bugs:

univention-ox (9.0.7-10):
593bdec0c19b | Bug #45894: add changelog entry
cef070c0b91b | Bug #45894: add comment to main function
eca5a601599b | Bug #45894: a random string does not get more entropy if it is randomized again
28d2da58cd66 | Bug #45894: return in handler()
1fbdff1fa705 | Bug #45894: also process ox-folder queue via cron job
1e7632f9b7e9 | Bug #45894: register ox-folder module

QA is not completed yet :-(
Comment 3 Sönke Schwardt-Krummrich univentionstaff 2018-01-03 23:29:30 CET
- Create some ox users
  eval "$(ucr shell)"; for i in $(seq 10 29); do udm users/user create \
   --position "cn=users,$ldap_base" --set username="oxuser$i" \
   --set firstname="Firstname$i" --set lastname="Lastname$i" \
   --set password="univention" --set mailPrimaryAddress="oxuser$i@$domainname" \
   --set isOxUser=OK --set oxDisplayName="oxuser$i"; done

- Create OX group
  eval "$(ucr shell)"; udm groups/group create \
    --position "cn=groups,$ldap_base" --set name="grp1" --set isOxGroup=OK \
	--append users="uid=oxuser11,cn=users,$ldap_base" \
	--append users="uid=oxuser12,cn=users,$ldap_base"

- Create shared folder with mailPrimaryAddress
  eval "$(ucr shell)"; for i in 1 2 3 ; do udm oxmail/oxfolder create \
   --position "cn=folder,cn=mail,$ldap_base" --set name="mit$i" \
   --set mailDomain="$domainname" --set mailPrimaryAddress="mit$i@$domainname" \
   --append sharedFolderUserACL="oxuser10@$domainname all" \
   --append sharedFolderGroupACL="grp1 read" ; done

- Create shared folder without mailPrimaryAddress
  eval "$(ucr shell)"; for i in 1 2 3 ; do udm oxmail/oxfolder create \
    --position "cn=folder,cn=mail,$ldap_base" --set name="ohne$i" \
	--set mailDomain="$domainname" \
	--append sharedFolderUserACL="oxuser10@$domainname all" \
	--append sharedFolderGroupACL="grp1 read" ; done

- Subscribe via OX to those folders
  OX Appsuite → Settings → eMail → IMAP Subscriptions
  → OK

- Check if user oxuser10 is able to create a subfolder in shared folder
  "mit1@$domainname"
  → should not be able!
  → found described traceback in /var/log/open-xchange/open-xchange.log.0

- Install new integration packages
  → listener module has been installed and initialized during update

- set UCR variable ox/listener/folder/enabled=yes and resync listener module
  → for each shared folder with mailPrimaryAddress a OX user has been created
  → OK

- Check if user oxuser10 is able to create a subfolder in shared folder
  "mit1@$domainname"
  → subfolder successfully created
  → OK

- create new shared folder with mailPrimaryAddress
  eval "$(ucr shell)"; for i in 4 ; do udm oxmail/oxfolder create \
   --position "cn=folder,cn=mail,$ldap_base" --set name="mit$i" \
   --set mailDomain="$domainname" --set mailPrimaryAddress="mit$i@$domainname" \
   --append sharedFolderUserACL="oxuser10@$domainname all" \
   --append sharedFolderGroupACL="grp1 all" ; done
  → OK

- is oxuser10 able to create a subfolder for mit4?
  → YES

- is oxuser11 able to create a subfolder for mit4?
  → YES

- Delete shared folder mit3
  → OX user for shared folder has been deleted → OK

- change mailPrimaryAddress of mit2
  → the mailPrimaryAddress of the corresponding ox user has been successfully
     altered → OK
  → the display name still shows the old mail address
     → The shared folder object is called "mit2@$domainname" and this name is
        used as display name. This is confusing for the (end)user but consistent
        with the (also confusing) UDM information for the administrator.
     → I think, we can leave it the way it is. This these special cases, the
        admin is also able to alter the OX display name for the ox shared folder
        user via OX CLI tools. It will be only overwritten, the next time the
        mailaddress is changed (my test showed no update, if the ACLs were
        altered in LDAP).
     → OK

- add mailPrimaryAddress to folder ohne1
  → OK

Tested with univention-ox version 9.0.7-11.
Comment 4 Sönke Schwardt-Krummrich univentionstaff 2018-01-15 13:55:19 CET
OX App Suite 7.8.4-ucs10 has been released.

If this error occurs again, please clone this bug.