Sometime ago there was a discussion about ACLs which can not be removed anymore because the identifier doesn't exist anymore.
Some people suggested workarounds like editing mailboxes db by hand. From my point of view, it is clearly a bug. You can, as normal user, create an ACL referencing an identifier which you can't control - like an LDAP group. Someone, like an administrator, can then remove the identifier and you are lost with an ACL which you can't remove anymore. It's easy to understand why this is a security issue. Christos Soulios from University of Athens was so kind to write a working patch which is attached to the related bug #2544 https://bugzilla.andrew.cmu.edu/show_bug.cgi?id=2544 Would be nice to get some feedback from the cyrus-imapd developers. Simon --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
