Univention Bugzilla – Bug 53764
Dovecot is unable to set shared folder ACLs if univentionMailHomeServer is set at Administrator
Last modified: 2021-09-09 16:56:29 CEST
Dovecot ACLs are set via the listener module dovecot-shared-folder-ox.py which uses the following command doveadm acl set -u Administrator dovecot-test@univention.de/INBOX \ testuser@univention.de read But the acl set command failed in our environment (also manually at CLI): # doveadm acl set -u Administrator dovecot-test@univention.de/INBOX \ testuser@univention.de read doveadm(Administrator): Error: User doesn't exist # This shouldn't happen. Looks like following LDAP filter from /etc/dovecot/dovecot-ldap.conf.ext is not sufficient on one special case: if the objectClass=univentionMail is set at the Administrator object AND univentionMailHomeServer does not refer to the local system. In this case univentionMailHomeServer=mail1.knut.univention.de was set. The filter from /etc/dovecot/dovecot-ldap.conf.ext (in human readable form): (& (| (objectClass=univentionMail) (objectClass=univentionMailSharedFolder) (objectClass=oxSharedFolder) ) (| (!(univentionMailHomeServer=*)) (univentionMailHomeServer=mail2.knut.univention.de) ) (| (mailPrimaryAddress=%Lu) (& (uid=%u) (| (mailPrimaryAddress=*) (uid=Administrator) ) ) ) ) The filter should somehow ignore the univentionMailHomeServer attribute if "%u" == "Administrator".