1 (edited by misceh 2021-04-16 10:50:08)

Topic: Mailing List - Error: Permission denied.

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.4.0
- Deployed with iRedMail Easy or the downloadable installer? Download
- Linux/BSD distribution name and version: CentOS 7.9
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx):Nginx
- Manage mail accounts with iRedAdmin-Pro? Yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

After upgrade to latest iRedMail 1.4.0 and iRedAdmin-Pro 4.9, the mailing list seems have some issue.

Please note we use subscribable mailing list.

When I log in iRedAdmin-Pro using postmaster account, I can create new mailing list, or modify members. But when I try to edit owner or moderator, system will prompt  "Error: Permission denied" on top, even the postmaster is both owner and moderator. If I create any new mailing list, the owner and moderator will default to postmaster, and the same will happen.

Please kindly advice how to resolve the issue.

Thanks!

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Mailing List - Error: Permission denied.

- Did you update the LDAP schema file during upgrading iRedMail?
- Did you login as the global admin account, or a per-domain admin account?

3 (edited by misceh 2021-04-19 17:32:54)

Re: Mailing List - Error: Permission denied.

ZhangHuangbin wrote:

- Did you update the LDAP schema file during upgrading iRedMail?
- Did you login as the global admin account, or a per-domain admin account?

Hi, Mr Zhang,
- Yes, we follow the steps and did update iRedMail LDAP schema file for our OpenLDAP backend
- We login as global admin account (postmaster)

It was working fine in iRedMail 1.3.2 and iRedAdmin-Pro 4.8, FYI.

4

Re: Mailing List - Error: Permission denied.

Confirmed it's a bug of the latest iRedAdmin-Pro-LDAP-4.9, here's patch to fix it. Note: restarting "iredadmin" service is required after applied the patch.
if you're not familiar with patch, feel free to contact us to get a patched version: https://www.iredmail.org/contact.html

diff --git a/libs/ldaplib/ml.py b/libs/ldaplib/ml.py
index 87e01867..6702897b 100644
--- a/libs/ldaplib/ml.py
+++ b/libs/ldaplib/ml.py
@@ -471,7 +471,7 @@ def update(mail, profile_type, form, conn=None):
 
     elif profile_type == 'owners':
         # Do not allow mailing list owner / moderator to update owner/moderators.
-        if session.get('is_global_admin') or session.get('is_normal_admin'):
+        if not (session.get('is_global_admin') or session.get('is_normal_admin')):
             return (False, "PERMISSION_DENIED")
 
         kvs = {}