setting default imap acl in kolab-webadmin for shared folders

[Jan Kowalsky]

Hi all,

since kolab 3.3 (https://kolabsys.com/upgrade-guide/kolab-3.3.html) it's
possible to configure default acls for shared folders. The upgrade notes
are somewhat vague: "You can now create share folders within the
kolab-webadmin and manage and enforce initial access control lists for
those folders."

Now I encountered the following problem:

1. On adding new shared E-Mail-Folder configured acl with kolab-webadmin
2. Later konfigured acl (the same acl subject) on command line -
respectively in roundcube
3. Changed some setting (not acl!) in kolab webadmin

This results again in the at the first time preconfigured acl. This ist
not the expected result - especially if somebody else changed another
option like delegation - far away from acl.

>From the logic of kolab webadmin it's understandable. There is
 a default acl configured in ldap - but it's not synchronized back from
cyrus to ldap. Changing the object the kolab server enforces the acl again.

But for users it's not very intuitive.

As far as I found out, the acl are only enforced for acl-subjects which
has an enty in ldap. Other acl subjects (where there's no entry in ldap)
are not deleted neither changed.

How do other deal with acl and kolab-webadmin.

Best Regards
Jan