Re: Bulk deletion of mailbox ACLs under Cyrus 2.4.4

Tue, 06 Sep 2011 05:24:02 -0700 

Bron Gondwana wrote:
> The correct way[tm] is to iterate over all the mailboxes and do a
> "setacl" for each one you want to change, probably using an external
> script that talks IMAP.
> 

While obviously needing some work, I've attached a script that -I think- does 
just that.

Kind regards,

Jeroen van Meeuwen

-- 
Senior Engineer, Kolab Systems AG

e: vanmeeuwen at kolabsys.com
t: +44 144 340 9500
m: +44 74 2516 3817
w: http://www.kolabsys.com

pgp: 9342 BF08

import sys

sys.path.append('..')

import pykolab

conf = pykolab.getConf()
conf.debuglevel = 9
conf.read_config("../conf/kolab-shc.conf")

imap = pykolab.imap

imap.connect()

# List the shared and user folders
shared_folders = imap.lm("shared/*@mydomain.com")
user_folders = imap.lm("user/*@mydomain.com")

# Placeholder for valid ACL entries
valid_acls = {
        # These are special keywords used in ACLs
        'anyone': True
    }

# Loop through the user folders found, ...
for user_folder in user_folders:

    # ... and distill the user@domain ACL qualifier.
    folder_parts = imap.parse_mailbox(user_folder)
    if folder_parts['domain']:
        valid_acl = "%s@%s" %(folder_parts['path_parts'][1],folder_parts['domain'])
    else:
        valid_acl = "%s" %(folder_parts['path_parts'])

    # 'valid_acl' now contains the fully qualified user identifier (i.e.
    # u...@domain.tld), which may be used in the ACL entries on the other
    # folders. Store the valid ACL entry.
    if not valid_acls.has_key(valid_acl):
        valid_acls[valid_acl] = True

# For all folders (shared and user), ...
folders = user_folders + shared_folders

print "Iterating over %d folders" %(len(folders))

# ... loop through them and ...
for folder in folders:
    # ... list the ACL entries
    acls = imap.lam(folder)

    # For each ACL entry, see if we think it is a current, valid entry
    for acl_entry in acls.keys():

        # If the key 'acl_entry' does not exist in the dictionary of valid
        # ACL entries, this ACL entry has got to go.
        if not valid_acls.has_key(acl_entry):
            # Set the ACL to '' (effectively deleting the ACL entry)
            imap.sam(folder, acl_entry, '')

Attachment: signature.asc
Description: This is a digitally signed message part.

----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/

Reply via email to