Question about cyrus ACL synchronisation - permission denied

[Dan White]

On 24/11/09 20:16 +0100, Nicolas Chauvet wrote:
>I'm trying to use imapsync between two cyrus-imapd servers.
>At this time, synchronization of user mailbox went fine, with both
>content and ACL. (using the cyrus account).
>
>But when I'm trying to use imapsync to synchronize ACL for shared
>maiboxes, I obtain this error:
>
>acl oneuser: [lrsid]
>setting acl INBOX oneuser lrsid
>Could not set acl: 12 NO Permission denied
>
>The cyrus account owns rights on the destination mailbox:
>MAILHOST> lam user/abuse
>abuse lrswikxtecd
>cyrus lrswipkxtecda
>
>Right on the source mailbox are differents:
>> lam user.dsi
>oneuser lrswipcda
>twouser lrd
>thiruser lrswipcda
>cyrus lrswipcda
>
>Why ACL aren't synchronized using this imapsync command:
>imapsync --buffersize 8192000 \
>  --syncinternaldates --syncacls \
>  --user1 oneuser \
>  --subscribed \
>  --include INBOX --exclude Brouillons --exclude ments --exclude user \
>  --folderrec INBOX.${u} --regextrans2 's/(.*)/INBOX/' \
>  --host1 liszt.cacc --authuser1 cyrus --authmech1 PLAIN --ssl1
>--password1 secret1 \
>  --host2 localhost --authuser2 cyrus --authmech2 PLAIN --password2
>secret2 --ssl2 \
>  --user2 oneuser

I'm not quite following the --folderrec INBOX.${u} --regextrans2
's/(.*)/INBOX/' parts.

Which mailbox are you applying the ACLs to? user/abuse?, or 'INBOX'?

With the way you have specified your authentication and authorization
identities, imapsync will ultimately assume the identity of 'oneuser' on
both servers, rather than 'cyrus', which means that you are not going to
have admin rights (unless oneuser is an admin).

You might consider running imapsync twice to reduce complexity - once where
you authz as oneuser, for synchronizing messages and seen state properly,
and a second time where you authz as the cyrus user for synchronizing acls.

-- 
Dan White