Problems with murder upgrade from 2.2.13 to 2.5.8

Mathieu Pellieux mpellieux at karavel.com
Mon Jun 6 10:22:38 EDT 2016 

Hello,

Aren't you missing the folowwing ACLs? (since cyrus 2.3 at least)

k: The ACI subject has the right to CREATE a new folder if the /k/ 
<http://www.cyrusimap.org/%7Evanmeeuwen/imap/admin/access-control/rights-reference.html#imap-admin-access-control-right-k> 
right exists on the parent folder of the folder to be created.
x: Use the /x/ 
<http://www.cyrusimap.org/%7Evanmeeuwen/imap/admin/access-control/rights-reference.html#imap-admin-access-control-right-x> 
right to indicate the ACI subject has the right to DELETE the folder on 
which the ACL is set, as opposed to the now obsolete /c/ 
<http://www.cyrusimap.org/%7Evanmeeuwen/imap/admin/access-control/rights-reference.html#imap-admin-access-control-right-c> 
right or /d/ 
<http://www.cyrusimap.org/%7Evanmeeuwen/imap/admin/access-control/rights-reference.html#imap-admin-access-control-right-d> 
right.
t: The ACI subject is allowed to delete messages from this folder, 
meaning that the ACI subject is allowed to flag messages as \\Deleted.
e: The ACI subject is allowed to expunge messages in this folder, 
meaning the ACI subject has the right to remove all messages that have 
been flagged as \\Deleted from all visibility.

localhost> lam user.mpellieux
mpellieux lrswip*kxte*cda
cyrus kxca
anyone p

Ps: I had a class with you in 2005 (first ISRAD prom)

Regards,

On 06/06/2016 15:49, Jean Charles Delépine via Info-cyrus wrote:
> Hello,
>
> I'm on the way to make a big (late) upgrade.
>
> My murder config is composed of 16 1To backends. I can't upgrade
> all of them simultaneously. So I planed to :
>
>    - upgrade mupdate server (make a new one, and update frontend's and
>      backend's conf)
>    - replace frontends with upgraded one's
>    - upgrade backends one after the other, nightly, on serveral night
>
> mupdate server upgrade is ok. But I have problems with 2.5 frontends and 2.2
> backends interaction. All seems fine (no error), but users can't create new sub
> mailboxes (admin can create mailboxes and sub mailboxes) :
>
> loggued as mailbox owner :
> imap-01> lam INBOX
> delepine lrswipcda
> anyone p
> imap-01> cm INBOX.hop
> createmailbox: Permission denied
>
> My tests say that, whichever mupdate server version :
>    Frontend 2.2 can create 2.2 mailboxes and 2.5 mailboxes
>    Frontend 2.5 can't create 2.2 mailboxes but can create 2.5 mailboxes
>
> All others tested features work.
>
> The 2.2 is using saslauthd + pam_ldap for authentification. The 2.5 is using either
> ldapdb or saslauthd + ptoader and ldap.
>
> With or without
>    suppress_capabilities: ESEARCH QRESYNC XLIST LIST-EXTENDED WITHIN
> on 2.5 frontends.
>
> 2 questions :
>    - do you have an idea why users can't create submailboxes on 2.2
>      backends with 2.5 frontends ? Is there any acl new option I
>      miss ? ...
>    - what are the risks if I wait for all backends to migrate before
>      using 2.5 frontends ? My option with this problem. I didn't find
>      any problem... but surely, if there's one, my users will find it.
>
> Options that might be relevant :
> On backends :
>    proxyservers: proxy
>    proxy_authname: proxy
>
> On frontends:
>    proxy_authname: proxy
>    proxy_password: <>
>    proxyd_allow_status_referral: 0
>    proxyd_disable_mailbox_referrals: 1
>
> backends are in an internal non routable network.
>
> Sincerly,
>        Jean Charles Delépine
> ----
> Cyrus Home Page: http://www.cyrusimap.org/
> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> To Unsubscribe:
> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

-- 
Mathieu Pellieux <mpellieux at karavel.com>
Administrateur Systèmes
sysadmin <sysadmin at karavel.com>
01.73.02.75.01

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20160606/bf820d4c/attachment.html>

More information about the Info-cyrus mailing list