You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-user@james.apache.org by Jochen Gazda <ga...@gmail.com> on 2012/01/04 10:55:30 UTC
IMAP ACL Support?
Ladies & Gentlemen,
googling for "Apache James" combined with "ACL" or "permissions" does
not bring anything relevant and querying the similar in james java
sources ditto.
I guess Apache James 3 just does not support IMAP ACLs, does it?
Is there another way how to achieve similar results? I.e. that each
user and noone else can access can read/write his own inbox and that
there are some group folders accessible to the group members?
Thanks in advance,
Gazda
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
Re: IMAP ACL Support?
Posted by Norman Maurer <no...@apache.org>.
Hi Jochen,
1) org.apache.james.mailbox.MessageManager.MetaData is the right place for the ACL's (I think). We could then make the default API to just return something meaningful.
2) I would make the store of group to user mappings an extra interface. As the mailbox api can be used without James Server.
Bye,
Norman
Ps: Maybe server-dev@ would be better for the next steps ...
--
Norman Maurer
Am Donnerstag, 5. Januar 2012 um 00:10 schrieb Jochen Gazda:
> Eric and Norman,
>
> > - the implementation of RFC4314 in imap code will be great. What about the
> > management of the ACL : Made centrally by the server administrator, or via
> > the user (such as for example sketched on
> > http://www.kombitz.com/wp-content/uploads/2008/10/thunderbird-idle-300x269.jpg
> >
>
>
> I do not understand what exactly you mean here.
> ACLs can be managed over IMAP by admin or any other user who has the
> needed permissions. I see our task just to implement this server part
> of IMAP.
> How is the thunderbird dialog related to ACL? I see only some general
> IMAP settings there.
>
> > - Not sure if we must limit the group management to the mailbox project or
> > extend it also to the server UserRepository frontiers.
> >
>
>
> I believe both mailbox and UserRepository API need to be adapted:
>
> 1. Mailbox needs to store the ACLs.
> Is org.apache.james.mailbox.MessageManager.MetaData the right class to
> be extended with some kind of getACLs() ?
>
> 2. We need to pull the information from somewhere, which users belong
> to which groups. That kind of information is typically stored in LDAP
> or similar. For me, UserRepository is a natural candidate for hosting
> group listing methods and methods for querying group memberships. What
> is your opinion?
>
> Best,
>
> Gazda
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org (mailto:server-user-unsubscribe@james.apache.org)
> For additional commands, e-mail: server-user-help@james.apache.org (mailto:server-user-help@james.apache.org)
>
>
Re: IMAP ACL Support?
Posted by Jochen Gazda <ga...@gmail.com>.
Eric,
see inline
Gazda
On Tue, Jan 10, 2012 at 7:21 PM, Eric Charles <er...@apache.org> wrote:
> Hi Jochen,
> See comment inline.
> Thx,
> Eric
>
>
> On 09/01/12 22:24, Jochen Gazda wrote:
>>
>> Eric,
>>
>>> For the client, although this may be more related to a thunderbird
>>> question,
>>> I think we have to understand the client functions to adapt our server to
>>> them. Currently, I can see 3 types of "sharing" on the thunderbird
>>> client:
>>
>>
>> I would not say you are listing types of sharing here. You are naming
>> three places in Thunderbird, where sharing and ACL related settings
>> can be seen and perhaps also edited.
>>
>
> Good to me to be able to define access control at 3 different places, Seems
> like you confirm after that they all are related to Imap ACL.
>
>
>>> 1. The sharing tab when you right-click on a folder and ask for the
>>> properties (showing the message "this server does not support sharing"
>>> when
>>> run with james)
>>
>>
>> My Thunderbird connected to Cyrus IMAP says two things in that tab:
>>
>> (i) Folder Type: Public or Private - the value depends on namespace in
>> which the given folder resides. As noted before, there is some support
>> for Public namespace in
>> org.apache.james.mailbox.store.SimpleMailboxSession.sharedSpaces,
>> whereby sharedSpaces is newer initialized with meaningful values. It
>> needs to be done somehow.
>>
>> (ii) You have the following permissions: Read, Write, Insert, etc. -
>> actually the result of MYRIGHTS IMAP Command for the given folder.
>>
>
> (i) sorry for my ignorance, I didn't read the ACL RFC: In which way
> SimpleMailboxSession.sharedSpaces is related to ACL?
I am not a specialist in this area but I believe that
SimpleMailboxSession.sharedSpaces (i.e. correctly advertised Public
namespace) is used by the client when it lists the group folders
accessible for the given user. So, group folders accessible for the
given user may exist, but he will never see them until the
sharedSpaces are set properly.
> (ii) I understand from what you say that this tab is well related to IMAP
> ACL.
Yes
>>> 2. The imap-acl-extension which implements ACL we are talking about (with
>>> a
>>> comment on the extension page which says thunderbird does not implement
>>> ACL
>>> - is this true?).
>>
>>
>> I have never used imap-acl-extension and I cannot say how reliable it
>> is. However I would not expect that it is usable to direct it towars
>> James now as we do not advertise ACL in CAPABILITY.
>> When we support ACL, imap-acl-extension could be one of the tools
>> which allow users with sufficient rights for the given folder to
>> modify its ACLs. E.g. a user with 'a' (Administration) right can grant
>> e.g. 'rwl' to other users or groups.
>>
>
> Got it.
>
>
>>> 3. The advanced options for an account where you can define Public
>>> (shared)
>>> and Other Users folders (see
>>>
>>> http://www.kombitz.com/wp-content/uploads/2008/10/thunderbird-idle-300x269.jpg)
>>
>>
>> Let us go through what the Advanced Account Settings dialog contains:
>>
>> Show only subscribed folders - the most valuable setting for me. The
>> very first thing I do for IMAP accounts: set it to false
>>
>
> Ok, but not related to ACL
right
>> Nested Folders support - surely related to \HasNoChildren and
>> \HasChildren flags.
>>
>
> Ok, but not related to ACL
right
>> IDLE support - does James support IDLE?
>>
>
> Yes, IDLE is supported
OK
>> Number of connections - self explaining
>>
>
> Yep
>
>
>> 3 Namespace lines - there is not much value in setting them for a
>> server which supports NAMESPACE command. If you allow the server to
>> override your settings, your client will try to ask the server for
>> correct values, ergo these values are defined by the server.
>>
>
> OK
>
>
>>> Is this 3 different ways of giving access to your mail folders to other
>>> users?
>>
>>
>> No, not three, just one. I see only 2. as a way of "giving access".
>>
>
> Simpler. Thx for the confirmation.
>
>
>>> Btw, how as a user can I configure my client to gain (not give) access to
>>> a
>>> mate folder?
>>
>>
>> If you already have the needed rights granted, there are two variants
>> in Thunderbird:
>>
>> (a) Show only subscribed folders = false -> Nothing else to do.
>> Thunderbird shows you everything you are allowed to see.
>>
>> (b) Show only subscribed folders = true -> In the context menu of the
>> folder tree go to Subscribe... there you see every folder you are
>> allowed to see and you have to select which should be retrieved by
>> Thunderbird for you.
>>
>
> I will need to test it as soon as ACL will be available in James.
> I expect to see the folders of other users that gave me access :)
>
>> Just turn on the IMAP logging in Thunderbird to see which IMAP
>> commands is Thunderbird sending:
>> http://wiki.dovecot.org/Debugging/Thunderbird
>>
>> Best,
>>
>> Gazda
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
>> For additional commands, e-mail: server-user-help@james.apache.org
>>
>
> --
> eric | http://about.echarles.net | @echarles
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
> For additional commands, e-mail: server-user-help@james.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
Re: IMAP ACL Support?
Posted by Eric Charles <er...@apache.org>.
Hi Jochen,
See comment inline.
Thx,
Eric
On 09/01/12 22:24, Jochen Gazda wrote:
> Eric,
>
>> For the client, although this may be more related to a thunderbird question,
>> I think we have to understand the client functions to adapt our server to
>> them. Currently, I can see 3 types of "sharing" on the thunderbird client:
>
> I would not say you are listing types of sharing here. You are naming
> three places in Thunderbird, where sharing and ACL related settings
> can be seen and perhaps also edited.
>
Good to me to be able to define access control at 3 different places,
Seems like you confirm after that they all are related to Imap ACL.
>> 1. The sharing tab when you right-click on a folder and ask for the
>> properties (showing the message "this server does not support sharing" when
>> run with james)
>
> My Thunderbird connected to Cyrus IMAP says two things in that tab:
>
> (i) Folder Type: Public or Private - the value depends on namespace in
> which the given folder resides. As noted before, there is some support
> for Public namespace in
> org.apache.james.mailbox.store.SimpleMailboxSession.sharedSpaces,
> whereby sharedSpaces is newer initialized with meaningful values. It
> needs to be done somehow.
>
> (ii) You have the following permissions: Read, Write, Insert, etc. -
> actually the result of MYRIGHTS IMAP Command for the given folder.
>
(i) sorry for my ignorance, I didn't read the ACL RFC: In which way
SimpleMailboxSession.sharedSpaces is related to ACL?
(ii) I understand from what you say that this tab is well related to
IMAP ACL.
>> 2. The imap-acl-extension which implements ACL we are talking about (with a
>> comment on the extension page which says thunderbird does not implement ACL
>> - is this true?).
>
> I have never used imap-acl-extension and I cannot say how reliable it
> is. However I would not expect that it is usable to direct it towars
> James now as we do not advertise ACL in CAPABILITY.
> When we support ACL, imap-acl-extension could be one of the tools
> which allow users with sufficient rights for the given folder to
> modify its ACLs. E.g. a user with 'a' (Administration) right can grant
> e.g. 'rwl' to other users or groups.
>
Got it.
>> 3. The advanced options for an account where you can define Public (shared)
>> and Other Users folders (see
>> http://www.kombitz.com/wp-content/uploads/2008/10/thunderbird-idle-300x269.jpg)
>
> Let us go through what the Advanced Account Settings dialog contains:
>
> Show only subscribed folders - the most valuable setting for me. The
> very first thing I do for IMAP accounts: set it to false
>
Ok, but not related to ACL
> Nested Folders support - surely related to \HasNoChildren and
> \HasChildren flags.
>
Ok, but not related to ACL
> IDLE support - does James support IDLE?
>
Yes, IDLE is supported
> Number of connections - self explaining
>
Yep
> 3 Namespace lines - there is not much value in setting them for a
> server which supports NAMESPACE command. If you allow the server to
> override your settings, your client will try to ask the server for
> correct values, ergo these values are defined by the server.
>
OK
>> Is this 3 different ways of giving access to your mail folders to other
>> users?
>
> No, not three, just one. I see only 2. as a way of "giving access".
>
Simpler. Thx for the confirmation.
>> Btw, how as a user can I configure my client to gain (not give) access to a
>> mate folder?
>
> If you already have the needed rights granted, there are two variants
> in Thunderbird:
>
> (a) Show only subscribed folders = false -> Nothing else to do.
> Thunderbird shows you everything you are allowed to see.
>
> (b) Show only subscribed folders = true -> In the context menu of the
> folder tree go to Subscribe... there you see every folder you are
> allowed to see and you have to select which should be retrieved by
> Thunderbird for you.
>
I will need to test it as soon as ACL will be available in James.
I expect to see the folders of other users that gave me access :)
> Just turn on the IMAP logging in Thunderbird to see which IMAP
> commands is Thunderbird sending:
> http://wiki.dovecot.org/Debugging/Thunderbird
>
> Best,
>
> Gazda
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
> For additional commands, e-mail: server-user-help@james.apache.org
>
--
eric | http://about.echarles.net | @echarles
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
Re: IMAP ACL Support?
Posted by Jochen Gazda <ga...@gmail.com>.
Eric,
> For the client, although this may be more related to a thunderbird question,
> I think we have to understand the client functions to adapt our server to
> them. Currently, I can see 3 types of "sharing" on the thunderbird client:
I would not say you are listing types of sharing here. You are naming
three places in Thunderbird, where sharing and ACL related settings
can be seen and perhaps also edited.
> 1. The sharing tab when you right-click on a folder and ask for the
> properties (showing the message "this server does not support sharing" when
> run with james)
My Thunderbird connected to Cyrus IMAP says two things in that tab:
(i) Folder Type: Public or Private - the value depends on namespace in
which the given folder resides. As noted before, there is some support
for Public namespace in
org.apache.james.mailbox.store.SimpleMailboxSession.sharedSpaces,
whereby sharedSpaces is newer initialized with meaningful values. It
needs to be done somehow.
(ii) You have the following permissions: Read, Write, Insert, etc. -
actually the result of MYRIGHTS IMAP Command for the given folder.
> 2. The imap-acl-extension which implements ACL we are talking about (with a
> comment on the extension page which says thunderbird does not implement ACL
> - is this true?).
I have never used imap-acl-extension and I cannot say how reliable it
is. However I would not expect that it is usable to direct it towars
James now as we do not advertise ACL in CAPABILITY.
When we support ACL, imap-acl-extension could be one of the tools
which allow users with sufficient rights for the given folder to
modify its ACLs. E.g. a user with 'a' (Administration) right can grant
e.g. 'rwl' to other users or groups.
> 3. The advanced options for an account where you can define Public (shared)
> and Other Users folders (see
> http://www.kombitz.com/wp-content/uploads/2008/10/thunderbird-idle-300x269.jpg)
Let us go through what the Advanced Account Settings dialog contains:
Show only subscribed folders - the most valuable setting for me. The
very first thing I do for IMAP accounts: set it to false
Nested Folders support - surely related to \HasNoChildren and
\HasChildren flags.
IDLE support - does James support IDLE?
Number of connections - self explaining
3 Namespace lines - there is not much value in setting them for a
server which supports NAMESPACE command. If you allow the server to
override your settings, your client will try to ask the server for
correct values, ergo these values are defined by the server.
> Is this 3 different ways of giving access to your mail folders to other
> users?
No, not three, just one. I see only 2. as a way of "giving access".
> Btw, how as a user can I configure my client to gain (not give) access to a
> mate folder?
If you already have the needed rights granted, there are two variants
in Thunderbird:
(a) Show only subscribed folders = false -> Nothing else to do.
Thunderbird shows you everything you are allowed to see.
(b) Show only subscribed folders = true -> In the context menu of the
folder tree go to Subscribe... there you see every folder you are
allowed to see and you have to select which should be retrieved by
Thunderbird for you.
Just turn on the IMAP logging in Thunderbird to see which IMAP
commands is Thunderbird sending:
http://wiki.dovecot.org/Debugging/Thunderbird
Best,
Gazda
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
Re: IMAP ACL Support?
Posted by Eric Charles <er...@apache.org>.
Hi Jochen,
OK for the server command.
For the client, although this may be more related to a thunderbird
question, I think we have to understand the client functions to adapt
our server to them. Currently, I can see 3 types of "sharing" on the
thunderbird client:
1. The sharing tab when you right-click on a folder and ask for the
properties (showing the message "this server does not support sharing"
when run with james)
2. The imap-acl-extension which implements ACL we are talking about
(with a comment on the extension page which says thunderbird does not
implement ACL - is this true?).
3. The advanced options for an account where you can define Public
(shared) and Other Users folders (see
http://www.kombitz.com/wp-content/uploads/2008/10/thunderbird-idle-300x269.jpg)
Is this 3 different ways of giving access to your mail folders to other
users?
Btw, how as a user can I configure my client to gain (not give) access
to a mate folder?
Thx,
Eric
On 09/01/12 16:49, Jochen Gazda wrote:
> Eric,
>
>>>> - the implementation of RFC4314 in imap code will be great. What about
>>>> the
>>>> management of the ACL : Made centrally by the server administrator, or
>>>> via
>>>> the user (such as for example sketched on
>>>>
>>>> http://www.kombitz.com/wp-content/uploads/2008/10/thunderbird-idle-300x269.jpg
>>>
>>>
>>> I do not understand what exactly you mean here.
>>> ACLs can be managed over IMAP by admin or any other user who has the
>>> needed permissions. I see our task just to implement this server part
>>> of IMAP.
>>> How is the thunderbird dialog related to ACL? I see only some general
>>> IMAP settings there.
>>>
>>
>>
>> I never used ACL and I am just wondering how a user can benefit from it: has
>> he to ask the server administration to make the configuration (give
>> permissions on a folder to a user/group), or can he do it by himself.
>
> Sorry for coming back so late to this. Both the admin-scenario and the
> self-scenario are possible. I depends only on the capabilities of IMAP
> clients and server in use. For admins there is e.g. a command line
> tool called cyradm, which was written for Cyrus, but I suppose it uses
> pure ACL related IMAP commands to do the job. For self-service there
> is e.g. SOGo web client and perhaps this Thunderbird extension:
> https://addons.mozilla.org/en-US/thunderbird/addon/imap-acl-extension/
>
> Best,
>
> Gazda
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
> For additional commands, e-mail: server-user-help@james.apache.org
>
--
eric | http://about.echarles.net | @echarles
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
Re: IMAP ACL Support?
Posted by Jochen Gazda <ga...@gmail.com>.
Eric,
>>> - the implementation of RFC4314 in imap code will be great. What about
>>> the
>>> management of the ACL : Made centrally by the server administrator, or
>>> via
>>> the user (such as for example sketched on
>>>
>>> http://www.kombitz.com/wp-content/uploads/2008/10/thunderbird-idle-300x269.jpg
>>
>>
>> I do not understand what exactly you mean here.
>> ACLs can be managed over IMAP by admin or any other user who has the
>> needed permissions. I see our task just to implement this server part
>> of IMAP.
>> How is the thunderbird dialog related to ACL? I see only some general
>> IMAP settings there.
>>
>
>
> I never used ACL and I am just wondering how a user can benefit from it: has
> he to ask the server administration to make the configuration (give
> permissions on a folder to a user/group), or can he do it by himself.
Sorry for coming back so late to this. Both the admin-scenario and the
self-scenario are possible. I depends only on the capabilities of IMAP
clients and server in use. For admins there is e.g. a command line
tool called cyradm, which was written for Cyrus, but I suppose it uses
pure ACL related IMAP commands to do the job. For self-service there
is e.g. SOGo web client and perhaps this Thunderbird extension:
https://addons.mozilla.org/en-US/thunderbird/addon/imap-acl-extension/
Best,
Gazda
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
Re: IMAP ACL Support?
Posted by Eric Charles <er...@apache.org>.
On 05/01/12 00:10, Jochen Gazda wrote:
> Eric and Norman,
>
>> - the implementation of RFC4314 in imap code will be great. What about the
>> management of the ACL : Made centrally by the server administrator, or via
>> the user (such as for example sketched on
>> http://www.kombitz.com/wp-content/uploads/2008/10/thunderbird-idle-300x269.jpg
>
> I do not understand what exactly you mean here.
> ACLs can be managed over IMAP by admin or any other user who has the
> needed permissions. I see our task just to implement this server part
> of IMAP.
> How is the thunderbird dialog related to ACL? I see only some general
> IMAP settings there.
>
I never used ACL and I am just wondering how a user can benefit from it:
has he to ask the server administration to make the configuration (give
permissions on a folder to a user/group), or can he do it by himself.
The thundebird image was not nicely chosen, but that was the only stuff
I found to show some kind of client side view of the shared folder.
>> - Not sure if we must limit the group management to the mailbox project or
>> extend it also to the server UserRepository frontiers.
>
> I believe both mailbox and UserRepository API need to be adapted:
>
> 1. Mailbox needs to store the ACLs.
> Is org.apache.james.mailbox.MessageManager.MetaData the right class to
> be extended with some kind of getACLs() ?
>
> 2. We need to pull the information from somewhere, which users belong
> to which groups. That kind of information is typically stored in LDAP
> or similar. For me, UserRepository is a natural candidate for hosting
> group listing methods and methods for querying group memberships. What
> is your opinion?
>
(miss time to answer, maybe later...)
> Best,
>
> Gazda
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
> For additional commands, e-mail: server-user-help@james.apache.org
>
--
eric | http://about.echarles.net | @echarles
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
Re: IMAP ACL Support?
Posted by Jochen Gazda <ga...@gmail.com>.
Eric and Norman,
> - the implementation of RFC4314 in imap code will be great. What about the
> management of the ACL : Made centrally by the server administrator, or via
> the user (such as for example sketched on
> http://www.kombitz.com/wp-content/uploads/2008/10/thunderbird-idle-300x269.jpg
I do not understand what exactly you mean here.
ACLs can be managed over IMAP by admin or any other user who has the
needed permissions. I see our task just to implement this server part
of IMAP.
How is the thunderbird dialog related to ACL? I see only some general
IMAP settings there.
> - Not sure if we must limit the group management to the mailbox project or
> extend it also to the server UserRepository frontiers.
I believe both mailbox and UserRepository API need to be adapted:
1. Mailbox needs to store the ACLs.
Is org.apache.james.mailbox.MessageManager.MetaData the right class to
be extended with some kind of getACLs() ?
2. We need to pull the information from somewhere, which users belong
to which groups. That kind of information is typically stored in LDAP
or similar. For me, UserRepository is a natural candidate for hosting
group listing methods and methods for querying group memberships. What
is your opinion?
Best,
Gazda
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
Re: IMAP ACL Support?
Posted by Eric Charles <er...@apache.org>.
Loosely thinking in-vrac:
- the implementation of RFC4314 in imap code will be great. What about
the management of the ACL : Made centrally by the server administrator,
or via the user (such as for example sketched on
http://www.kombitz.com/wp-content/uploads/2008/10/thunderbird-idle-300x269.jpg
- config reload seems like a hot-topic (see also recent
https://issues.apache.org/jira/browse/JAMES-1357). We should think it
globally
- Not sure if we must limit the group management to the mailbox project
or extend it also to the server UserRepository frontiers.
Thx,
Eric
On 04/01/12 18:09, Norman Maurer wrote:
> Hi Jochen,
> commentsminside...
>
> Am 04.01.2012 um 17:35 schrieb Jochen Gazda<ga...@gmail.com>:
>
>> Thanks for the prompt reply, Norman.
>>
>> I am ready to spend some time on this but I can hardly guarantee that
>> it will be enough to deliver something usable.
>>
>>> I could gice you some starting points..
>>
>> I am all ears.
>>
>> I am starting with IMAP parsers and commands. My first problem is in
>> which states should the ACL commands be valid? This was the only
>> resource saying something to the topic I could find:
>> ftp://ftp.cac.washington.edu/imap/old/draft-myers-imap-imsp-01.txt
>>
>>> command_auth ::= list / lsub / lmarked / subscribe / unsubscribe /
>>> create / delete / rename / replace / move /
>>> get / set / searchaddress / fetchaddress /
>>> storeaddress / deleteaddress / addressbook_cmd /
>>> createaddressbook / deleteaddressbook /
>>> renameaddressbook / getacl / setacl / deleteacl /
>>> myrights
>>> ;; Valid only when in Authenticated or Selected state
>>
>> I have no idea how authoritative it is.
>
> checkout page 13 here:
> http://tools.ietf.org/pdf/rfc4314.pdf
>
>
>>
>> How far are you with https://issues.apache.org/jira/browse/IMAP-322 ?
>> - It would be nice to be able to turn ACL on and off.
>>
>
> Its not done yet... But I agree it would be nice..
>
>> How should the user groups be modeled? - Simply as Set<String>
>> User.getGroups() ? Or maybe as an entity of its own?
>
>
> I think the group managment should be part of the mailbox api and just store the username for the given group. It. would be up to the implementation how it store it then and also if it support it at all.
>
>>
>> Best,
>>
>> Gazda
>>
>> On Wed, Jan 4, 2012 at 4:46 PM, Norman Maurer
>> <no...@googlemail.com> wrote:
>>> Hi Jochen,
>>>
>>> First of welcome :)
>>>
>>> Your observation is correct, there is no ACL support in Apache James (yet). The Mailbox API should be able to handle different namespaces and also perms with a little bit of work. I think adding the IMAP parser / command etc is even more trivial. Anyway as you already know its not implemented yet....
>>>
>>> Maybe its a perfect way for you to contribute some code ;)
>>> So if you are intrested in adding the support I could gice you some starting points..
>>>
>>> Bye
>>> Norman
>>>
>>> Sent from my iPhone. Excuse any typos....
>>>
>>> Am 04.01.2012 um 15:39 schrieb Jochen Gazda<ga...@gmail.com>:
>>>
>>>> Ladies& Gentlemen,
>>>>
>>>> in the meantime I could gather some more observations concerning James
>>>> ACLs and shared folders.
>>>> All of them are bad news for me. Please correct me if I am wrong:
>>>>
>>>> 1. There is no IMAP ACL support in James: parsers for GETACL, SETACL,
>>>> DELETEACL, LISTRIGHTS and MYRIGHTS in
>>>> org.apache.james.imap.decode.parser.ImapParserFactory are commented
>>>> out. Perhaps they used to exist some time ago but not in the current
>>>> trunk.
>>>>
>>>> 2. There is no notion of group in
>>>> org.apache.james.user.api.UsersRepository or
>>>> org.apache.james.user.api.model.User
>>>>
>>>> 3. There are https://issues.apache.org/jira/browse/IMAP-76 saying that
>>>> there were no shared folders and
>>>> https://issues.apache.org/jira/browse/IMAP-80 saying that shared
>>>> namespace support was added to MailboxSession but the
>>>> org.apache.james.mailbox.store.SimpleMailboxSession.sharedSpaces field
>>>> is initialized with an empty ArrayList and not a single element is
>>>> added to it anywhere in the code.
>>>>
>>>> My conclusion is that there are no ACLs, no shared folders and no
>>>> groups in James.
>>>>
>>>> Are there any plans to support any of them?
>>>>
>>>> Thanks in advance,
>>>>
>>>> Gazda
>>>>
>>>> On Wed, Jan 4, 2012 at 10:55 AM, Jochen Gazda<ga...@gmail.com> wrote:
>>>>> Ladies& Gentlemen,
>>>>>
>>>>> googling for "Apache James" combined with "ACL" or "permissions" does
>>>>> not bring anything relevant and querying the similar in james java
>>>>> sources ditto.
>>>>>
>>>>> I guess Apache James 3 just does not support IMAP ACLs, does it?
>>>>>
>>>>> Is there another way how to achieve similar results? I.e. that each
>>>>> user and noone else can access can read/write his own inbox and that
>>>>> there are some group folders accessible to the group members?
>>>>>
>>>>> Thanks in advance,
>>>>>
>>>>> Gazda
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
>>>> For additional commands, e-mail: server-user-help@james.apache.org
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
>>> For additional commands, e-mail: server-user-help@james.apache.org
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
>> For additional commands, e-mail: server-user-help@james.apache.org
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
> For additional commands, e-mail: server-user-help@james.apache.org
>
--
eric | http://about.echarles.net | @echarles
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
Re: IMAP ACL Support?
Posted by Norman Maurer <no...@googlemail.com>.
Hi Jochen,
commentsminside...
Am 04.01.2012 um 17:35 schrieb Jochen Gazda <ga...@gmail.com>:
> Thanks for the prompt reply, Norman.
>
> I am ready to spend some time on this but I can hardly guarantee that
> it will be enough to deliver something usable.
>
>> I could gice you some starting points..
>
> I am all ears.
>
> I am starting with IMAP parsers and commands. My first problem is in
> which states should the ACL commands be valid? This was the only
> resource saying something to the topic I could find:
> ftp://ftp.cac.washington.edu/imap/old/draft-myers-imap-imsp-01.txt
>
>> command_auth ::= list / lsub / lmarked / subscribe / unsubscribe /
>> create / delete / rename / replace / move /
>> get / set / searchaddress / fetchaddress /
>> storeaddress / deleteaddress / addressbook_cmd /
>> createaddressbook / deleteaddressbook /
>> renameaddressbook / getacl / setacl / deleteacl /
>> myrights
>> ;; Valid only when in Authenticated or Selected state
>
> I have no idea how authoritative it is.
checkout page 13 here:
http://tools.ietf.org/pdf/rfc4314.pdf
>
> How far are you with https://issues.apache.org/jira/browse/IMAP-322 ?
> - It would be nice to be able to turn ACL on and off.
>
Its not done yet... But I agree it would be nice..
> How should the user groups be modeled? - Simply as Set<String>
> User.getGroups() ? Or maybe as an entity of its own?
I think the group managment should be part of the mailbox api and just store the username for the given group. It. would be up to the implementation how it store it then and also if it support it at all.
>
> Best,
>
> Gazda
>
> On Wed, Jan 4, 2012 at 4:46 PM, Norman Maurer
> <no...@googlemail.com> wrote:
>> Hi Jochen,
>>
>> First of welcome :)
>>
>> Your observation is correct, there is no ACL support in Apache James (yet). The Mailbox API should be able to handle different namespaces and also perms with a little bit of work. I think adding the IMAP parser / command etc is even more trivial. Anyway as you already know its not implemented yet....
>>
>> Maybe its a perfect way for you to contribute some code ;)
>> So if you are intrested in adding the support I could gice you some starting points..
>>
>> Bye
>> Norman
>>
>> Sent from my iPhone. Excuse any typos....
>>
>> Am 04.01.2012 um 15:39 schrieb Jochen Gazda <ga...@gmail.com>:
>>
>>> Ladies & Gentlemen,
>>>
>>> in the meantime I could gather some more observations concerning James
>>> ACLs and shared folders.
>>> All of them are bad news for me. Please correct me if I am wrong:
>>>
>>> 1. There is no IMAP ACL support in James: parsers for GETACL, SETACL,
>>> DELETEACL, LISTRIGHTS and MYRIGHTS in
>>> org.apache.james.imap.decode.parser.ImapParserFactory are commented
>>> out. Perhaps they used to exist some time ago but not in the current
>>> trunk.
>>>
>>> 2. There is no notion of group in
>>> org.apache.james.user.api.UsersRepository or
>>> org.apache.james.user.api.model.User
>>>
>>> 3. There are https://issues.apache.org/jira/browse/IMAP-76 saying that
>>> there were no shared folders and
>>> https://issues.apache.org/jira/browse/IMAP-80 saying that shared
>>> namespace support was added to MailboxSession but the
>>> org.apache.james.mailbox.store.SimpleMailboxSession.sharedSpaces field
>>> is initialized with an empty ArrayList and not a single element is
>>> added to it anywhere in the code.
>>>
>>> My conclusion is that there are no ACLs, no shared folders and no
>>> groups in James.
>>>
>>> Are there any plans to support any of them?
>>>
>>> Thanks in advance,
>>>
>>> Gazda
>>>
>>> On Wed, Jan 4, 2012 at 10:55 AM, Jochen Gazda <ga...@gmail.com> wrote:
>>>> Ladies & Gentlemen,
>>>>
>>>> googling for "Apache James" combined with "ACL" or "permissions" does
>>>> not bring anything relevant and querying the similar in james java
>>>> sources ditto.
>>>>
>>>> I guess Apache James 3 just does not support IMAP ACLs, does it?
>>>>
>>>> Is there another way how to achieve similar results? I.e. that each
>>>> user and noone else can access can read/write his own inbox and that
>>>> there are some group folders accessible to the group members?
>>>>
>>>> Thanks in advance,
>>>>
>>>> Gazda
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
>>> For additional commands, e-mail: server-user-help@james.apache.org
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
>> For additional commands, e-mail: server-user-help@james.apache.org
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
> For additional commands, e-mail: server-user-help@james.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
Re: IMAP ACL Support?
Posted by Jochen Gazda <ga...@gmail.com>.
Thanks for the prompt reply, Norman.
I am ready to spend some time on this but I can hardly guarantee that
it will be enough to deliver something usable.
> I could gice you some starting points..
I am all ears.
I am starting with IMAP parsers and commands. My first problem is in
which states should the ACL commands be valid? This was the only
resource saying something to the topic I could find:
ftp://ftp.cac.washington.edu/imap/old/draft-myers-imap-imsp-01.txt
> command_auth ::= list / lsub / lmarked / subscribe / unsubscribe /
> create / delete / rename / replace / move /
> get / set / searchaddress / fetchaddress /
> storeaddress / deleteaddress / addressbook_cmd /
> createaddressbook / deleteaddressbook /
> renameaddressbook / getacl / setacl / deleteacl /
> myrights
> ;; Valid only when in Authenticated or Selected state
I have no idea how authoritative it is.
How far are you with https://issues.apache.org/jira/browse/IMAP-322 ?
- It would be nice to be able to turn ACL on and off.
How should the user groups be modeled? - Simply as Set<String>
User.getGroups() ? Or maybe as an entity of its own?
Best,
Gazda
On Wed, Jan 4, 2012 at 4:46 PM, Norman Maurer
<no...@googlemail.com> wrote:
> Hi Jochen,
>
> First of welcome :)
>
> Your observation is correct, there is no ACL support in Apache James (yet). The Mailbox API should be able to handle different namespaces and also perms with a little bit of work. I think adding the IMAP parser / command etc is even more trivial. Anyway as you already know its not implemented yet....
>
> Maybe its a perfect way for you to contribute some code ;)
> So if you are intrested in adding the support I could gice you some starting points..
>
> Bye
> Norman
>
> Sent from my iPhone. Excuse any typos....
>
> Am 04.01.2012 um 15:39 schrieb Jochen Gazda <ga...@gmail.com>:
>
>> Ladies & Gentlemen,
>>
>> in the meantime I could gather some more observations concerning James
>> ACLs and shared folders.
>> All of them are bad news for me. Please correct me if I am wrong:
>>
>> 1. There is no IMAP ACL support in James: parsers for GETACL, SETACL,
>> DELETEACL, LISTRIGHTS and MYRIGHTS in
>> org.apache.james.imap.decode.parser.ImapParserFactory are commented
>> out. Perhaps they used to exist some time ago but not in the current
>> trunk.
>>
>> 2. There is no notion of group in
>> org.apache.james.user.api.UsersRepository or
>> org.apache.james.user.api.model.User
>>
>> 3. There are https://issues.apache.org/jira/browse/IMAP-76 saying that
>> there were no shared folders and
>> https://issues.apache.org/jira/browse/IMAP-80 saying that shared
>> namespace support was added to MailboxSession but the
>> org.apache.james.mailbox.store.SimpleMailboxSession.sharedSpaces field
>> is initialized with an empty ArrayList and not a single element is
>> added to it anywhere in the code.
>>
>> My conclusion is that there are no ACLs, no shared folders and no
>> groups in James.
>>
>> Are there any plans to support any of them?
>>
>> Thanks in advance,
>>
>> Gazda
>>
>> On Wed, Jan 4, 2012 at 10:55 AM, Jochen Gazda <ga...@gmail.com> wrote:
>>> Ladies & Gentlemen,
>>>
>>> googling for "Apache James" combined with "ACL" or "permissions" does
>>> not bring anything relevant and querying the similar in james java
>>> sources ditto.
>>>
>>> I guess Apache James 3 just does not support IMAP ACLs, does it?
>>>
>>> Is there another way how to achieve similar results? I.e. that each
>>> user and noone else can access can read/write his own inbox and that
>>> there are some group folders accessible to the group members?
>>>
>>> Thanks in advance,
>>>
>>> Gazda
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
>> For additional commands, e-mail: server-user-help@james.apache.org
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
> For additional commands, e-mail: server-user-help@james.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
Re: IMAP ACL Support?
Posted by Norman Maurer <no...@googlemail.com>.
Hi Jochen,
First of welcome :)
Your observation is correct, there is no ACL support in Apache James (yet). The Mailbox API should be able to handle different namespaces and also perms with a little bit of work. I think adding the IMAP parser / command etc is even more trivial. Anyway as you already know its not implemented yet....
Maybe its a perfect way for you to contribute some code ;)
So if you are intrested in adding the support I could gice you some starting points..
Bye
Norman
Sent from my iPhone. Excuse any typos....
Am 04.01.2012 um 15:39 schrieb Jochen Gazda <ga...@gmail.com>:
> Ladies & Gentlemen,
>
> in the meantime I could gather some more observations concerning James
> ACLs and shared folders.
> All of them are bad news for me. Please correct me if I am wrong:
>
> 1. There is no IMAP ACL support in James: parsers for GETACL, SETACL,
> DELETEACL, LISTRIGHTS and MYRIGHTS in
> org.apache.james.imap.decode.parser.ImapParserFactory are commented
> out. Perhaps they used to exist some time ago but not in the current
> trunk.
>
> 2. There is no notion of group in
> org.apache.james.user.api.UsersRepository or
> org.apache.james.user.api.model.User
>
> 3. There are https://issues.apache.org/jira/browse/IMAP-76 saying that
> there were no shared folders and
> https://issues.apache.org/jira/browse/IMAP-80 saying that shared
> namespace support was added to MailboxSession but the
> org.apache.james.mailbox.store.SimpleMailboxSession.sharedSpaces field
> is initialized with an empty ArrayList and not a single element is
> added to it anywhere in the code.
>
> My conclusion is that there are no ACLs, no shared folders and no
> groups in James.
>
> Are there any plans to support any of them?
>
> Thanks in advance,
>
> Gazda
>
> On Wed, Jan 4, 2012 at 10:55 AM, Jochen Gazda <ga...@gmail.com> wrote:
>> Ladies & Gentlemen,
>>
>> googling for "Apache James" combined with "ACL" or "permissions" does
>> not bring anything relevant and querying the similar in james java
>> sources ditto.
>>
>> I guess Apache James 3 just does not support IMAP ACLs, does it?
>>
>> Is there another way how to achieve similar results? I.e. that each
>> user and noone else can access can read/write his own inbox and that
>> there are some group folders accessible to the group members?
>>
>> Thanks in advance,
>>
>> Gazda
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
> For additional commands, e-mail: server-user-help@james.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
Re: IMAP ACL Support?
Posted by Jochen Gazda <ga...@gmail.com>.
Ladies & Gentlemen,
in the meantime I could gather some more observations concerning James
ACLs and shared folders.
All of them are bad news for me. Please correct me if I am wrong:
1. There is no IMAP ACL support in James: parsers for GETACL, SETACL,
DELETEACL, LISTRIGHTS and MYRIGHTS in
org.apache.james.imap.decode.parser.ImapParserFactory are commented
out. Perhaps they used to exist some time ago but not in the current
trunk.
2. There is no notion of group in
org.apache.james.user.api.UsersRepository or
org.apache.james.user.api.model.User
3. There are https://issues.apache.org/jira/browse/IMAP-76 saying that
there were no shared folders and
https://issues.apache.org/jira/browse/IMAP-80 saying that shared
namespace support was added to MailboxSession but the
org.apache.james.mailbox.store.SimpleMailboxSession.sharedSpaces field
is initialized with an empty ArrayList and not a single element is
added to it anywhere in the code.
My conclusion is that there are no ACLs, no shared folders and no
groups in James.
Are there any plans to support any of them?
Thanks in advance,
Gazda
On Wed, Jan 4, 2012 at 10:55 AM, Jochen Gazda <ga...@gmail.com> wrote:
> Ladies & Gentlemen,
>
> googling for "Apache James" combined with "ACL" or "permissions" does
> not bring anything relevant and querying the similar in james java
> sources ditto.
>
> I guess Apache James 3 just does not support IMAP ACLs, does it?
>
> Is there another way how to achieve similar results? I.e. that each
> user and noone else can access can read/write his own inbox and that
> there are some group folders accessible to the group members?
>
> Thanks in advance,
>
> Gazda
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org