[Dovecot] IMAP ACLs and global ACLs in v1.2

Sascha Wilde wilde at intevation.de
Thu Jan 15 18:48:28 EET 2009


Hi Timo,
Hi List,

It's been a while since our last post (talking for "the Kolab guys"
here).  Sorry for that but we were very busy on various subjects -- and
Christmas, New-year and all that exhausting holidays ...  ;-)

I'm very happy to see all the features needed by Kolab integrated in
1.2.  Unfortunately I wasn't able to give it some thorough testing, yet
... but I really hope to find the time to do so soon, so that we can
migrate our work on Kolab+Dovecot to the current 1.2 head.

Timo Sirainen <tss at iki.fi> writes:
[...]
> One thing I'm not really sure about is the "owner" handling. IMAP ACL
> specifications have no such concept. I think many/most other servers
> simply add a default ACL for the user name directly. It's a useful
> concept though, especially with the global ACLs. So currently Dovecot
> replies:
>
> x getacl inbox
> * ACL "inbox" "owner" lrwstiekxacd
> x OK Getacl completed.
>
> But should it just internally convert "owner" to "username" when
> replying?

From our experience this would be a very good idea.  Many clients
recognize the username and handle those ACLs differently in there UI
(for example they don't offer them for editing).  But they don't
understand "owner".

> But then again if there's a separate rule directly for the "username"
> it breaks.

I think this would be primarily show an configuration or migration
problem.   Maybe "owner" should take precedence over those rules?  In
general I think, that in an sane setup only the owner rule should exist
and when it maps to the username in the IMAP front end the should be no
way to existentially create seperate rules for the owners username.

cheers
sascha
-- 
Sascha Wilde                                          OpenPGP key: 4BB86568
http://www.intevation.de/~wilde/                  http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück; AG Osnabrück, HR B 18998
Geschäftsführer:   Frank Koormann,  Bernhard Reiter,  Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 188 bytes
Desc: not available
Url : http://dovecot.org/pipermail/dovecot/attachments/20090115/b6d3df7c/attachment.bin 


More information about the dovecot mailing list