Univention Bugzilla – Bug 38472
Support ACLs for shared IMAP folders with Dovecot
Last modified: 2015-07-09 18:13:24 CEST
Same as with Cyrus.
Commit: 60968 A post-login script is used to get the groups a user is in from NSS. The script is short and written in Python. For large installations this may become a problem. Tests should be made with 100s of simultaneous logins to check memory usage and login speed → Bug #38601. A rewrite in C would be one possible solution. The other - and probably better solution - would be an LDAP overlay that lists the groups as an attribute of a posix user node.
Added test script 44_dovecot_login_performance_test that creates 8000 groups and 100 users assigned to the groups. Next the IMAP login of 50 random users is measured. IMAP login for 50 random users took 6.027876 seconds ==> 0.120558 per login I think, this is ok for now. Sidenote: the post-login script does the following: ---[cut]--- import grp import os if "SYSTEM_GROUPS_USER" in os.environ: user = os.environ["SYSTEM_GROUPS_USER"] groups = (g.gr_name for g in grp.getgrall() if user in g.gr_mem) … ---[cut]---
<http://errata.univention.de/ucs/4.0/237.html>