Cyrus 2.5: ACLs won't recognize some groups
Sven Schwedas
sven.schwedas at tao.at
Thu Aug 31 05:41:06 EDT 2017
We have a cyrus server that's joined to an AD domain via winbind. Group
enumeration and expansion is enabled inside winbind, so getgrent(3)
delivers correct membership data for all groups. (Tested via getent
group as well as a small C program just to make sure.)
User A is in groups B and C; both have lowercase-only names without
spaces or any other non-letter characters in them.
If I use group:B in ACLs, A can access the mailbox.
If I use group:C, A can't.
It's a bit hard to pin down just what change could be responsible for
this – the server was updated from wheezy to jessie to stretch in one
migration, and to fix some unrelated Samba issues, group C had to be
deleted and recreated (with the same name and GID and users and
everything else getgrent cares about; it's working for file ACLs just
fine and there's no difference in the getent group output to before).
Any ideas where to look at for debugging this?
--
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas, Systemadministrator
Mail/XMPP sven.schwedas at tao.at | Skype sven.schwedas
TAO Digital | Lendplatz 45 | A8020 Graz
https://www.tao-digital.at | Tel +43 680 301 7167
More information about the Info-cyrus
mailing list