View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0000999SOGoBackend Mailpublic2010-11-21 17:182013-09-12 09:32
Reporterjoh Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
Product Version1.3.4 
Summary0000999: IMAP ACL problem when using user@domain as IMAP login
Description

I am experiencing some Problems with imap acls. I assume that this is due to the fact that we are using "user@domain" as login to out imap-server.

I tried the following: Login via web-interface (username: joh, email-address is "joh@bo-tech.de") and createt a folder "test" in my mailbox. I then edited access rights and added another user "mb" with all rights checked to this folder.

The result is that some sort of acl have been set in the imap-server. When I looked into the acl files, it shows that the entries have been createt for the username "mb" which does not work as expected. After changing this manually to "mb@bo-tech.de" in the acl-files, it works as expected.

So I assume that the following should be fixed: When the parameter "SOGoForceIMAPLoginWithEmail" is set to "YES", then this should also affect the used names in IMAP acls.

I did some research and experiments in the code and observed that it already seems to work as expected if the attached change is made. But I am not sure if this might have undesired side effects. The difference is only when acls are set: It now uses "getImapLoginForUID" instead of simply using the uid.

TagsNo tags attached.

Activities

2010-11-21 17:18

 

sogo_patch_imap_acl.diff (1,004 bytes)    
diff -r 462959242fa7 SoObjects/Mailer/SOGoMailFolder.m
--- a/SoObjects/Mailer/SOGoMailFolder.m	Sun Nov 21 16:38:17 2010 +0100
+++ b/SoObjects/Mailer/SOGoMailFolder.m	Sun Nov 21 18:17:55 2010 +0100
@@ -54,6 +54,7 @@
 #import <SOGo/SOGoPermissions.h>
 #import <SOGo/SOGoSystemDefaults.h>
 #import <SOGo/SOGoUser.h>
+#import <SOGo/SOGoUserManager.h>
 #import <SOGo/SOGoUserSettings.h>
 #import <SOGo/WORequest+SOGo.h>
 #import <SOGo/WOResponse+SOGo.h>
@@ -1051,11 +1052,12 @@
 - (void) setRoles: (NSArray *) roles
 	  forUser: (NSString *) uid
 {
-  NSString *acls, *folderName;
+  NSString *acls, *imapLogin, *folderName;
 
   acls = [self _sogoAclsToImapAcls: roles];
+  imapLogin = [[SOGoUserManager sharedUserManager] getImapLoginForUID: uid];
   folderName = [[self imap4Connection] imap4FolderNameForURL: [self imap4URL]];
-  [[imap4 client] setACL: folderName rights: acls uid: uid];
+  [[imap4 client] setACL: folderName rights: acls uid: imapLogin];
 
   [mailboxACL release];
   mailboxACL = nil;
sogo_patch_imap_acl.diff (1,004 bytes)   
livelace

livelace

2013-09-12 06:41

reporter   ~0005975

Bump
efuste

efuste

2013-09-12 09:32

reporter   ~0005976

The problem is a mismatch between the imap server view of a user and your authentication source (ldap/sql etc...)
If acls works in your imap server with mb@bo-tech.de and not mb in the acl file, UID should be mb@bo-tech.de and not mb.
Reconfigure your user/authentication source in Sogo to return the email as the UID
and all should be ok.
Or reconfigure you IMAP server to use the same UID as in your authentication source.

Issue History

Date Modified Username Field Change
2010-11-21 17:18 joh New Issue
2010-11-21 17:18 joh File Added: sogo_patch_imap_acl.diff
2013-09-12 06:41 livelace Note Added: 0005975
2013-09-12 09:32 efuste Note Added: 0005976