[Dovecot] shared mailboxes in 1.2 question
Hi Timo,
i tried a littel bit playing with shared mailboxes
namespace shared { separator = /
%%u gets expanded to the remote user. Instead of %%u you can
also use %%n and %%d.
prefix = "shared/" location = maildir:/usr/local/virtual/%d:CONTROL=/usr/local/virtual/%d:INDEX=/usr/local/virtual/%d inbox = no list = yes subscriptions = yes hidden = no }
should at last show all other users mailboxes when .DEFAULT acl is authenticated lr and dovecot-acl in /usr/local/virtual/%d is authenticated lr too
but instead only shared is shown in thunderbird
playing with %%u etc in combinations does not lead to working results too (sometimes shared^^ was shown, might be user@domain.de isnt working for shared maildirs, @ could be a problem to maildir....?)
your example was
namespace shared { separator = /
%%u gets expanded to the remote user. Instead of %%u you can
also use %%n and %%d.
prefix = shared/%%u/ location = Maildir:/home/%%u/Maildir:INDEX=~/Maildir/shared/%%u }
so something with acl might not working in 1.2 and i think i need more explanation ( examples ...) in using %%u %%d ... to test shared mailboxes
there were no usefull log entries which would give some more advice during testing...so it might be my fault and it only config stuff i didnt understand
-- Best Regards
MfG Robert Schetterer
Germany/Munich/Bavaria
On Oct 6, 2008, at 3:32 AM, Robert Schetterer wrote:
%d gets expanded immediately when user logs in. So if your user is
user@domain, this gets expanded to:
maildir:/usr/local/virtual/domain:CONTROL=..etc..
With %%d it would expand to the destination user's domain, but I don't
think you want that either. If your users' mailboxes are in /usr/local/
virtual/%d/%n and you want them to be accessed, you'll need to use /
usr/local/virtual/%%d/%%n as the path.
but instead only shared is shown in thunderbird
Unless you manually subscribe to the shared mailboxes, they're not
visible to clients. Mailbox listing isn't supported currently.
On Oct 6, 2008, at 1:09 PM, Robert Schetterer wrote:
You mean will I add support for listing shared mailboxes? I'm not
really planning on doing that myself. Or there are actually two parts:
Listing mailboxes under a specific user (e.g. LIST "" shared/ username/*). This is a bit annoying to implement because of LIST- EXTENDED extension which allows giving multiple wildcards (e.g. LIST
"" (shared/user1/* shared/user2/* shared/user3/*), but it shouldn't be
too difficult. I might implement this.Listing users who have mailboxes that are shared to you (e.g. LIST
"" shared/*). This is difficult to do with good performance with
Dovecot's current code. You don't really want Dovecot to look into
1000 users' maildirs to see if they happen to have some mailboxes that
are shared to you..
Timo Sirainen schrieb:
Hi Timo,
i can imagine that it has not very good performance anouncing shared folders in other users mailboxes over imap but i cant think by another use implementing shared users folders in real world scenarios.
Normally this is handeled that way that users edit their shared folders flags in subfolders ( maybe with recursive rights) of their mailboxes by their own and get visiable to the the other users ( which have at last read and list rigths ) via imap acl perhaps they must do an new imap lookup to notice the sharing.
shared user folder means to me the possibility that users can give acl attributes ( list, read etc ) by their own with i.e horde webmail and will shown up in the imap shared list by other users after imap search, otherwise you always need some admin ( perhaps with shell permissions ) for editing subcriptions and acls which not really works in real world scenarios on bigger mailservers with many virtual domains
perhaps performance can be made better using database(file) i think cyrus does it that way somehow,
if you wont include shared folders functional in somehow that way like cyrus does , dovecot wont be the first choice if advanced sharing funktions in virtual domains/mailboxes are needed ( for sure, others will be very happy with the current solution anyway )
-- Best Regards
MfG Robert Schetterer
Germany/Munich/Bavaria
On Oct 6, 2008, at 7:24 PM, Robert Schetterer wrote:
Actually the SUBSCRIBE IMAP command is enough to make the mailboxes
visible, no admin/shell access needed. And IMAP ACL commands are (at
least partially) already implemented by Kolab people.
I understand that the listing is important to get shared mailboxes
usable for normal users. It's just not a high priority for me
currently (especially because it's a lot of work and no-one's paying
for it and I'm once again beginning to run out of money). Anyone else
is welcome to implement it of course.. I think Kolab people will need
it, so maybe they'll implement it.
Timo Sirainen <tss@iki.fi> writes:
This doesn't work for me.
Actually the whole new shared namespaces feature doesn't work as expected for me. Using this namespace configuration:
namespace shared { separator = /
%%u gets expanded to the remote user. Instead of %%u you can
also use %%n and %%d.
prefix = users/%%u/ location = Maildir:/kolab/var/dovecot/spool/%%u/maildir:INDEX=/kolab/var/dovecot/spool/%u/maildir/shared_idx #location = Maildir:/kolab/var/dovecot/spool/%%u/maildir subscriptions = no }
I get errors when using list:
l002 list "" "*"
- LIST (\HasChildren) "/" "INBOX"
- LIST (\HasNoChildren) "/" "INBOX/Calendar"
- LIST (\HasNoChildren) "/" "INBOX/Contacts"
- LIST (\HasNoChildren) "/" "INBOX/Journal"
- LIST (\HasNoChildren) "/" "INBOX/Notes"
- LIST (\HasNoChildren) "/" "INBOX/Tasks"
- LIST (\HasNoChildren) "/" "INBOX/bla" l002 NO Unknown internal list error
And cant subscribe or select an existing mailbox of another user:
s001 subscribe "users/1@example.com/INBOX/blablabla" s001 NO Invalid mailbox name: users/1@example.com/INBOX/blablabla
FWIW referencing an non existent mailbox causes an different error:
s002 subscribe "users/1@example.com/blablabla" s002 NO [TRYCREATE] Mailbox doesn't exist: users/1@example.com/blablabla
s102 select users/1@example.com/INBOX/blablabla
- OK [CLOSED] s102 NO Invalid mailbox name
And IMAP ACL commands are (at least partially) already implemented by Kolab people.
Yes, look at http://hg.intevation.de/kolab/dovecot-1.2_acl-branch as announced... ;-)
cheers sascha
Sascha Wilde OpenPGP key: 4BB86568 http://www.intevation.de/~wilde/ http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabrück; AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
Timo Sirainen <tss@iki.fi> writes:
IMO the other one: s001 subscribe "users/1@example.com/INBOX/blablabla" should have worked.
Or is the default namespace prefix "INBOX/" instead of empty? Furthermore, please notice the different error: when the mailbox exists dovecot claims "Invalid mailbox name" otherwise it says "[TRYCREATE] Mailbox doesn't exist" which is indeed true.
see above, I assume the namespace prefix is empty. From the configuration:
namespace private { separator = /
Prefix required to access this namespace. This needs to be different for
all namespaces. For example "Public/".
#prefix =
inbox = yes }
so prefix is not set, which means, it is set to the default. (Which I believe to be empty, the comments suggest that, too).
cheers sascha
Sascha Wilde OpenPGP key: 4BB86568 http://www.intevation.de/~wilde/ http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabrück; AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
On Wed, 2008-10-08 at 17:39 +0200, Sascha Wilde wrote:
Timo Sirainen <tss@iki.fi> writes:
And thanks again for being so responsive and making this stunningly fast fixes! ;)
It seems to work now for subscribing and selecting (and therefor for lsub and fetch) -- but LIST still bails out:
l2 list "" "*"
- LIST (\HasChildren) "/" "INBOX"
- LIST (\HasNoChildren) "/" "INBOX/Calendar"
- LIST (\HasNoChildren) "/" "INBOX/Contacts"
- LIST (\HasNoChildren) "/" "INBOX/Journal"
- LIST (\HasNoChildren) "/" "INBOX/Notes"
- LIST (\HasNoChildren) "/" "INBOX/Tasks"
- LIST (\HasNoChildren) "/" "INBOX/bla" l2 NO Unknown internal list error
This happens as soon as dovecot stumbles upon the shared namespace, so that other public name spaces, which otherwise work, are affected, too.
cheers sascha
Sascha Wilde OpenPGP key: 4BB86568 http://www.intevation.de/~wilde/ http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabrück; AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
Timo Sirainen <tss@iki.fi> writes:
Ah, that makes sence, thanks for the hint.
to avoid the error, or implement the listing code. :)
Thats what we will do... ;-)
cheers sascha
Sascha Wilde OpenPGP key: 4BB86568 http://www.intevation.de/~wilde/ http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabrück; AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
On Thu, 2008-10-09 at 12:28 +0300, Timo Sirainen wrote:
Well, I changed it a bit anyway since it seems to work slightly better when it doesn't return an error: http://hg.dovecot.org/dovecot-1.2/rev/d30f0525d457
1 list "" s/% 1 OK List completed.
2 list "" s/test/%
- LIST (\HasNoChildren) "/" "s/test/INBOX"
- LIST (\HasChildren) "/" "s/test/hello" 2 OK List completed.
3 list "" s/%
- LIST (\Noselect \HasChildren) "/" "s/test" 3 OK List completed.
So it's still missing the "users who have mailboxes shared to you" discovery missing. I guess the easiest way to implement that would be to find those out at startup and create a namespace for all such users immediately. A better performing way would be to delay the namespace creation until the mailboxes are actually accessed and just have shared-list.c's LIST code list those users (with some kind of caching).
On Thu, 2008-10-09 at 13:11 +0300, Timo Sirainen wrote:
So it's still missing the "users who have mailboxes shared to you" discovery missing.
http://dovecot.org/list/dovecot/2006-October/017082.html lists some options for how to implement that.
I guess the dictionary way would work, although if it gets desynced with the ACL files (or completely corrupted), it may be difficult to get it back to sync unless it's able to rebuild the database.
Timo Sirainen <tss@iki.fi> writes:
Thanks for all the useful input, we'll get back to it as soon as we start to work on this.
cheers sascha
Sascha Wilde OpenPGP key: 4BB86568 http://www.intevation.de/~wilde/ http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabrück; AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
Robert Schetterer <robert@schetterer.org> writes:
Sascha Wilde schrieb:
Yes, look at http://hg.intevation.de/kolab/dovecot-1.2_acl-branch as announced... ;-)
Hi Sascha, why you need an extra branch for that ?
This is our working repository. The ACL extensions by Matvey aren't ready for upstream but we wanted to give everyone interested access to them.
why not just code into dovecot directly or is it ment as temp split and later merge ?
Yes, its not really a split, its just our development branch and of cause it is intended to get our work upstream so that the repository will become obsolete eventually.
cheers sascha
Sascha Wilde OpenPGP key: 4BB86568 http://www.intevation.de/~wilde/ http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabrück; AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
participants (3)
-
Robert Schetterer
-
Sascha Wilde
-
Timo Sirainen