3.11. User access control

The ZCP user plugins are extended with user access control. At the moment the POP3 and IMAP service can be enabled or disabled per user. When the IMAP/POP3 service is enabled for the user the extra IMAP/POP3 data will be stored.

The following table will show when a user can use IMAP or POP3.

Table 3.2. Access control overview

	Service enabled for user	Service disabled for user	Nothing configured for user
Service listed in disable_feature in server.cfg
Service not listed in disable_feature in server.cfg

The /etc/zarafa/server.cfg has the new configuration option disabled_features. With this option globally imap/pop3 access can be controlled. This option can be overruled by the user plugin.

To enable imap or pop3 access for an individual user when using the db or unix plugin, use:

zarafa-admin -u john --enable-feature imap
zarafa-admin -u john --disable-feature pop3

When the ldap plugin is used, the access control will be stored in the attribute zarafaEnabledFeatures and zarafaDisabledFeatures. These multi-valued properties can contain any string, but only the features Zarafa knows about will actually be provided through the system. The values that can be currently used are imap and pop3.

In Active Directory the Zarafa plugin is extended with an additional tab, see the screenshot.

Figure 3.2. User access control from ADS

Note

Make sure a particular feature isn’t listed in both zarafaEnabledFeatures and zarafaDisabledFeatures. Consistency will not be guaranteed.

Note

Later on user access control for the other components, like Outlook, WebAccess and Z-Push will be added.