Problem using groups(roles) in cyrus ACL

Skale, Franz i.bin at dah.am
Fri Sep 1 09:28:57 CEST 2017 

Hi,
Am 2017-09-01 08:09, schrieb teardrainer at web.de:
> "Out of Box" Installation of Kolab on CentOS:
> 
> CentOS 7
> kolab-webadmin-3.2.11-2.1.el7.kolab_16
> cyrus-imapd-2.5.11-8.1.el7.kolab_16
> 
> User/Groups in imapd.conf:
> ldap_user_attribute: mail
> ldap_group_base: dc=acme,dc=com
> ldap_group_filter: (cn=%u)
> ldap_group_scope: one
> ldap_member_base: ou=People,dc=acme,dc=com
> ldap_member_method: attribute
> ldap_member_attribute: nsrole
> 
> Thanks
> 
> Bob
> 
>> Gesendet: Freitag, 01. September 2017 um 07:06 Uhr
>> Von: "Liutauras Adomaitis" <adomaitis at kolabsystems.com>
>> An: users at lists.kolab.org
>> Betreff: Re: Problem using groups(roles) in cyrus ACL
>> Hi,
>> 
>> On 2017 m. rugpjūčio 31 d., ketvirtadienis 23:37:53 EEST
> teardrainer at web.de
>> wrote:
>>> Hi all,
>>> 
>>> we recently switched to Kolab for our Groupware needs and almost
> everything
>>> seems to be working smoothly. However, we require to have group
> permissions
>>> on shared folders and this is giving us a headache. For some reason
> the
>>> group identifier is not accepted when setting the ACL on a folder:
>>> 
>>> Using cyradm trying to set the ACL with
>>> 
>>> setaclmailbox shared/FolderTest at acme.com group:testrole lrs
>>> 
>>> results in the following error:
>>> 
>>> setaclmailbox: group:testrole: lrs: Invalid identifier
>>> 
>>> maillog shows:
>>> 
>>> kolab imap[28121]: ptload(): bad response from ptloader server:
> group
>>> identifier not found kolab imap[28121]: ptload completely failed:
> unable to
>>> canonify identifier: group:testrole
>>> 
>>> The group however seems to be setup correctly (as a role in
> webadmin),
>>> ptdump shows:
>>> 
>>> user: hwtest -> hwtest at acme.com
>>> time: 1504171652
>>> groups: 1
>>> group:testrole
>>> 
>>> 
>>> We have no idea what the problem could be or how to debug this
> further. Any
>>> help would be greatly appreciated.
>> 
>> How are your groups defined in /etc/imapd.conf?
>> What version of OS, Kolab and Cyrus IMAP are you running?
>> 
>> Liutauras_______________________________________________
>> users mailing list
>> users at lists.kolab.org
>> https://lists.kolab.org/mailman/listinfo/users
> _______________________________________________
> users mailing list
> users at lists.kolab.org
> https://lists.kolab.org/mailman/listinfo/users
I think your groupbase is wrong:
Excerpt of my imapd.conf (Multidomain, but self explaining).

ldap_group_base: ou=Groups,dc=%2,dc=%1
ldap_group_filter: 
(&(cn=%u)(objectclass=ldapsubentry)(objectclass=nsroledefinition))
ldap_group_scope: one

Rgds.
Franz

More information about the users mailing list