This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
sogodovecotldapandgroups [2011/07/07 11:20] – More script notes. jim | sogodovecotldapandgroups [2016/02/05 12:44] (current) – Fix Python script. jim | ||
---|---|---|---|
Line 5: | Line 5: | ||
===== IMAP shared folder ACLs and SOGo ===== | ===== IMAP shared folder ACLs and SOGo ===== | ||
- | Work has a company [[http:// | + | Work has a company [[http:// |
The SOGo web mail interfaces allows you to set sharing permissions on IMAP folders. It reads and sets these using the IMAP ACL extensions, activated in Dovecot by loading the necessary plugins: | The SOGo web mail interfaces allows you to set sharing permissions on IMAP folders. It reads and sets these using the IMAP ACL extensions, activated in Dovecot by loading the necessary plugins: | ||
Line 23: | Line 23: | ||
We don't want every group to be a POSIX group. They need to have a '' | We don't want every group to be a POSIX group. They need to have a '' | ||
- | So we're using the [[http:// | + | So we're using the [[http:// |
===== Groups membership in OpenLDAP ===== | ===== Groups membership in OpenLDAP ===== | ||
Line 33: | Line 33: | ||
===== Putting it together ===== | ===== Putting it together ===== | ||
- | Dovecot currently has no way of dealing with multi-value LDAP attributes. But it does have a [[http:// | + | Dovecot currently has no way of dealing with multi-value LDAP attributes. But it does have a [[http:// |
So in Dovecot configuration I set up a post-login script: | So in Dovecot configuration I set up a post-login script: | ||
- | | + | < |
- | executable = imap imap-postlogin | + | service imap { |
- | } | + | executable = imap imap-postlogin |
- | service imap-postlogin { | + | } |
- | # all post-login scripts are executed via script-login binary | + | |
- | executable = script-login -d / | + | |
- | | + | service imap-postlogin { |
- | user = $default_internal_user | + | # all post-login scripts are executed via script-login binary |
- | # this UNIX socket listener must use the same name as given to imap executable | + | executable = script-login -d / |
- | unix_listener imap-postlogin { | + | |
- | } | + | |
+ | user = $default_internal_user | ||
+ | |||
+ | | ||
+ | unix_listener imap-postlogin { | ||
} | } | ||
+ | } | ||
+ | </ | ||
| | ||
We currently have '' | We currently have '' | ||
Line 78: | Line 82: | ||
| | ||
for dn, entry in res: | for dn, entry in res: | ||
- | for g in entry[' | + | |
- | # Returns ' | + | |
- | groups.append(g.split(',', | + | # Returns ' |
- | + | # Fish out 'All UK staff' as group name. | |
+ | | ||
+ | | ||
+ | pass # User in no groups. | ||
+ | | ||
os.environ[" | os.environ[" | ||
try: | try: | ||
Line 90: | Line 98: | ||
os.execv(sys.argv[1], | os.execv(sys.argv[1], | ||
sys.exit(1) # In case above fails | sys.exit(1) # In case above fails | ||
+ | | ||
+ | |||
+ | ===== File system permissions ===== | ||
+ | |||
+ | The final stage is to make sure that the file system permissions allow the user to read from the shared mailbox. This is difficult with '' | ||
+ |