Page 1 of 1

cannot enable cbpolicyd access control

Posted: Fri Dec 06, 2019 8:35 am
by fferraro87
Hi,

i'm trying to enable Access Control for my cbpolicyd on a my zimbra mail server.

I've installed on this server that version :

Release 8.8.15_GA_3869.RHEL7_64_20190917004220 RHEL7_64 FOSS edition, Patch 8.8.15_P3.

on a CentOS Linux release 7.7.1908 (Core)

As you can see also if i enable zimbraCBPolicydAccessControlEnabled, i've always to false.
Why?

Code: Select all

[zimbra@mail06 ~]$ zmprov ms `zmhostname` zimbraCBPolicydAccessControlEnabled TRUE
[zimbra@mail06 ~]$ zmprov gacf | grep zimbraCBPolicydAccessControl
zimbraCBPolicydAccessControlEnabled: FALSE

Re: cannot enable cbpolicyd access control

Posted: Fri Dec 06, 2019 9:04 am
by DualBoot
Hello,

there is a difference between checking global configuration and server configuration.

Regards,

Re: cannot enable cbpolicyd access control

Posted: Fri Dec 06, 2019 11:13 am
by fferraro87
DualBoot wrote:Hello,

there is a difference between checking global configuration and server configuration.

Regards,


so how can i see if access control is enabled?

Re: cannot enable cbpolicyd access control

Posted: Fri Dec 06, 2019 11:59 am
by fs.schmidt
fferraro87 wrote:
DualBoot wrote:Hello,

there is a difference between checking global configuration and server configuration.

Regards,


so how can i see if access control is enabled?


Hi,

You should use:

Code: Select all

zmprov gs `zmhostname` zimbraCBPolicydAccessControlEnabled

Re: cannot enable cbpolicyd access control

Posted: Sat Dec 07, 2019 4:12 pm
by L. Mark Stone
Fundamentally, Zimbra broadly supports inheritance throughout the software.

Set an email quota in a CoS, and all mailboxes in the CoS inherit that quota restriction -- unless you set a quota explicitly on the mailbox.

Same for global config variables (gcf/mcf)... Zimbra servers inherit the global config values unless they have been set explicitly at the server level (gs/ms).

Hope that helps,
Mark

Re: cannot enable cbpolicyd access control

Posted: Sat Dec 07, 2019 5:32 pm
by king0770
If you set zimbraCBPolicydAccessControlEnabled to TRUE at the serverConfig, chances are cbpolicydAccessControl is enabled.

When you test cbpolicydAccessControl, check the /opt/zimbra/log/cbpolicyd.log file to see if the access control rules are working (...or not working).

When you make changes to the cbpolicyd config, make sure to restart the service to pick up the changes.

zmcbpolicydctl restart

It should be noted regarding cbpolicydAccessControl, you will need to create access control rules. Access Control for cbpolicyd is one of those modules you will need to explicitly create rules for; otherwise you've enabled cbpolicydAccessControl with no rules.