[Kolab-devel] Cross-domain ACL limitation: how to customize openpkg imapd package to attempt to solve this problem?

Fabio Pietrosanti lists at pietrosanti.it
Fri May 5 19:47:48 CEST 2006

We noticed that cyrus imapd still doesn't implement "cross-domain ACL".

If you attempt to setup a cross-domain ACL for shared at domain1.com with
user user1 at domain2.com you will get the following error:
setaclmailbox: shared at domain1.com: lrswipcda: Invalid identifier

This limitation is still not removed because the Cyrus Project is
evaluating "how to manage" the "anonymous/anyone" ACL:

For Kolab 2.1, which is multi-domain but not multi-company, i think that
we should avoid this limitation and doesn't consider the problem of
anonymous/anyone ACL which should be transformed in a feature that Cyrus

Basically my proposal is to allow cross-domain ACL to be setup so that
if a create a shared folder caller "shared at domain1.com" this will be
accessible not only from "user1 at domain1.com" but also from
"user1 at domain2.com" and all other users that i explicitly allowed trough
the web admin interface without the Cyrus artificial limitation..

The web-interface already allow it, the ldap schema is ready for it but
Cyrus is still not prepared because they still doesn't managed how to
fix this problem in a scalable and acceptable for EVERY situation way.

If we doesn't implement cross-domain ACL (removing the cyrus limitation)
we will not be able to share any groupware information across accounts
on different domains.

I evaluated how to modify the Cyrus source for creating a patches and it
seems that in the file imap/mboxlist.c in the function mboxlist_setacl
we should simply doesn't return the IMAP_INVALID_IDENTIFIER error from
this check.

        if ((cp = strchr(identifier, '@'))) {
            if (rights &&
                ((domain && strncasecmp(cp+1, domain, strlen(cp+1))) ||
                 (!domain && (!config_defdomain ||
                              strcasecmp(config_defdomain, cp+1))))) {
                /* can't set cross-domain ACLs */
                return IMAP_INVALID_IDENTIFIER;

I would like to create and test a patch and do intensive testing on it
but i cannot find a procedure for customizing the imapd source rpm of kolab:


Which is the right procedure to test custom patches for Kolab imapd
OpenPKG package?

We created a ticket for that on


More information about the devel mailing list