General discussion on installation and configuration of SOGo

Text archives Help


[SOGo] ACL Problems when trying to share folders with SOGo


Chronological Thread 
  • From: " " < >
  • To:
  • Subject: [SOGo] ACL Problems when trying to share folders with SOGo
  • Date: Sun, 26 May 2013 13:21:53 +0200

Hello,

I have several working SOGo and Dovecot installations. Sharing folders works well with thunderbird and other mail clients. My problem is, that when I use SOGo to share folders it creates wrong ACLs (using the SOGo web client).

Here my problem in detail (I replaced the real domain and user ids to user1@domain and user2@domain in this example):

- Login to sogo with user1@domain
- Right click on Inbox and select sharing
- Add user user2@domain to the list ( the list shows correctly user2@domain)

In the log you see:
172.21.11.30 - - [26/May/2013:12:45:55 GMT] "POST /SOGo/so/user1/Mail/0/folderINBOX/addUserInAcls?uid=user2 HTTP/1.1" 204 0/0 0.253 - - 564K

-> Here is the Problem: SOGo should add "user2@domain" to the list and not only "user2"

- Double click on user2@domain and select all rights and select "update"

In the log you see:
172.21.11.30 - - [26/May/2013:12:46:03 GMT] "GET /SOGo/so/user1/Mail/0/folderINBOX/userRights?uid=user2 HTTP/1.1" 200 4373/0 0.273 14906 70% 952K
172.21.11.30 - - [26/May/2013:12:46:14 GMT] "POST /SOGo/so/user1/Mail/0/folderINBOX/saveUserRights HTTP/1.1" 200 531/202 0.305 - - 664K

The above actions leads to a wrong acl for folder Inbox which prevents SOGo and also Thunderbird to see the shared Folder (IMAP getacl output):
a003 GETACL Inbox
* ACL "Inbox" "user1@domain" akxeilprwtscd "user2" akxeilprwtscd
a003 OK Getacl completed.

-> The ACL should be correctly: ACL "Inbox" "user1@domain" akxeilprwtscd "user2@domain" akxeilprwtscd

If I correct the ACL (either by issuing the correct SETACL commands or with thundersbird's imap acl add-on), SOGO and Thunderbird correctly show the folders and it is possible to work with them from user2@domain.

My question is: How can I tell SOGo to always use the complete account name in the acls and not only the user part ?

Here the sogo.conf (confidential information replaced by ................):

{
/* Database configuration postgresql:// */
SOGoProfileURL = "postgresql://.....";
OCSFolderInfoURL = "postgresql://.....";
OCSSessionsFolderURL = "postgresql://.....";

/* Mail */
SOGoDraftsFolderName = Drafts;
SOGoSentFolderName = Sent;
SOGoTrashFolderName = Trash;
SOGoIMAPServer = "imap://.....................";

SOGoSieveServer = sieve://...............;
SOGoSMTPServer = ...............;
SOGoMailDomain = domain;
SOGoMailingMechanism = smtp;
SOGoForceExternalLoginWithEmail = YES;
SOGoMailSpoolPath = /var/spool/sogo;
//NGImap4ConnectionStringSeparator = "/";

SOGoAppointmentSendEMailNotifications = YES;
//SOGoACLsSendEMailNotifications = NO;

/* Authentication */
SOGoPasswordChangeEnabled = NO;

SOGoEnableDomainBasedUID = YES;

SOGoUserSources = (
{
type = ldap;
CNFieldName = cn;
IDFieldName = uid;
UIDFieldName = uid;
baseDN = ".....";
bindDN = ".....";
bindPassword = "......";
canAuthenticate = YES;
displayName = "Shared Addresses";
hostname = ldap://...................;
id = public;
isAddressBook = YES;
}
);


/* Web Interface */
SOGoPageTitle = "Soroban SOGo";
//SOGoVacationEnabled = YES;
SOGoForwardEnabled = YES;
SOGoSieveScriptsEnabled = YES;

/* General */
SOGoLanguage = German;
SOGoTimeZone = Europe/Vienna;
SOGoCalendarDefaultRoles = (
PublicDAndTViewer,
ConfidentialDAndTViewer
);

/* Debug */
//SoDebugBaseURL = YES;
//ImapDebugEnabled = YES;
//LDAPDebugEnabled = YES;
//SOGoDebugRequests = YES;
//PGDebugEnabled = YES;
//MySQL4DebugEnabled = YES;
//SOGoUIxDebugEnabled = YES;
//WODontZipResponse = YES;
WOLogFile = /var/log/sogo/sogo.log;
}

Regards
Martin Neimeier





Archive powered by MHonArc 2.6.18.

Top of page