cannot enable cbpolicyd access control

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
User avatar
fferraro87
Advanced member
Advanced member
Posts: 99
Joined: Thu Apr 28, 2016 8:58 am

cannot enable cbpolicyd access control

Post by fferraro87 »

Hi,

i'm trying to enable Access Control for my cbpolicyd on a my zimbra mail server.

I've installed on this server that version :

Release 8.8.15_GA_3869.RHEL7_64_20190917004220 RHEL7_64 FOSS edition, Patch 8.8.15_P3.

on a CentOS Linux release 7.7.1908 (Core)

As you can see also if i enable zimbraCBPolicydAccessControlEnabled, i've always to false.
Why?

Code: Select all

[zimbra@mail06 ~]$ zmprov ms `zmhostname` zimbraCBPolicydAccessControlEnabled TRUE
[zimbra@mail06 ~]$ zmprov gacf | grep zimbraCBPolicydAccessControl
zimbraCBPolicydAccessControlEnabled: FALSE
User avatar
DualBoot
Elite member
Elite member
Posts: 1326
Joined: Mon Apr 18, 2016 8:18 pm
Location: France - Earth
ZCS/ZD Version: ZCS FLOSS - 8.8.15 Mutli servers
Contact:

Re: cannot enable cbpolicyd access control

Post by DualBoot »

Hello,

there is a difference between checking global configuration and server configuration.

Regards,
User avatar
fferraro87
Advanced member
Advanced member
Posts: 99
Joined: Thu Apr 28, 2016 8:58 am

Re: cannot enable cbpolicyd access control

Post by fferraro87 »

DualBoot wrote:Hello,

there is a difference between checking global configuration and server configuration.

Regards,
so how can i see if access control is enabled?
User avatar
fs.schmidt
Outstanding Member
Outstanding Member
Posts: 278
Joined: Sat Sep 13, 2014 3:37 am
Location: Brazil
Contact:

Re: cannot enable cbpolicyd access control

Post by fs.schmidt »

fferraro87 wrote:
DualBoot wrote:Hello,

there is a difference between checking global configuration and server configuration.

Regards,
so how can i see if access control is enabled?
Hi,

You should use:

Code: Select all

zmprov gs `zmhostname` zimbraCBPolicydAccessControlEnabled
User avatar
L. Mark Stone
Ambassador
Ambassador
Posts: 2796
Joined: Wed Oct 09, 2013 11:35 am
Location: Portland, Maine, US
ZCS/ZD Version: 10.0.6 Network Edition
Contact:

Re: cannot enable cbpolicyd access control

Post by L. Mark Stone »

Fundamentally, Zimbra broadly supports inheritance throughout the software.

Set an email quota in a CoS, and all mailboxes in the CoS inherit that quota restriction -- unless you set a quota explicitly on the mailbox.

Same for global config variables (gcf/mcf)... Zimbra servers inherit the global config values unless they have been set explicitly at the server level (gs/ms).

Hope that helps,
Mark
___________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
AWS Certified Solutions Architect-Associate
User avatar
king0770
Outstanding Member
Outstanding Member
Posts: 242
Joined: Fri Sep 12, 2014 10:44 pm
Contact:

Re: cannot enable cbpolicyd access control

Post by king0770 »

If you set zimbraCBPolicydAccessControlEnabled to TRUE at the serverConfig, chances are cbpolicydAccessControl is enabled.

When you test cbpolicydAccessControl, check the /opt/zimbra/log/cbpolicyd.log file to see if the access control rules are working (...or not working).

When you make changes to the cbpolicyd config, make sure to restart the service to pick up the changes.

zmcbpolicydctl restart

It should be noted regarding cbpolicydAccessControl, you will need to create access control rules. Access Control for cbpolicyd is one of those modules you will need to explicitly create rules for; otherwise you've enabled cbpolicydAccessControl with no rules.
--
Rick King
Post Reply