Cross-Domain ACLs (patch)

Bernhard Herzog bh at
Fri Dec 11 16:05:09 EST 2009

Hi all,

as part of Kolab groupware development, we've started to extend Cyrus IMAPd to 
allow a user access to mailboxes of users who belong to different domains.  
I've attached the current version of this as a patch against Cyrus IMAPd 
2.3.15.  The patch will probably need some changes before it's ready for 
production use.

With this patch users can:

  - Set ACLs for userids from other domains

  - Access mailboxes of users from other domains if the ACLs permit this

  - LIST mailboxes from other domains as well

To achieve this, the patch changes how the user/ namespace works.  Instead of 
user/name it's now user/domain/name, so the domains are added as an 
additional level in the hierarchy.  Background information about his can be 
found in Kolab issue tracker [1] and in particular in the overview document 
attached to that issue [2]


  - It hasn't been tested much yet.  So far, I've only tested it together with
    some more patches typically used in Kolab and a typical Kolab
    configuration (standard namespace, unixhierarchysep, some ldap
    extensions and more).

  - LSUB doesn't work correctly with mailboxes from other domains yet.

  - LIST might not handle all patterns correctly.


The patch adds a new boolean configuration setting, allowcrossdomainacls, 
which activates this new cross-domain feature.  It only works for the 
standard namespace and also requires that virtdomains are used (wouldn't 
really make much sense otherwise).



[1] kolab/issue1141 (Cannot give users from other domains access to a folder)

[2] Cross Domain ACLs for Cyrus IMAPd in Kolab

Bernhard Herzog  |  ++49-541-335 08 30  |
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cyrus-imapd-cross-domain-acls-20091211.diff
Type: text/x-diff
Size: 10769 bytes
Desc: not available
Url : 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
Url : 

More information about the Cyrus-devel mailing list