On Thu, 2009-12-17 at 10:55 +0900, Lukas Haase wrote: > > But anyway, the problem has to do with userdb not returning those UNIX > > groups that you expect. > > Oh, ok I think there is a point which I do not understand. What has the > userdb to do with UNIX rights? As far as I understood from the wiki > there are two levels: > > * UNIX rights. The mailboxes need to just have the correct *UNIX* > permission in order to access the files in the needed way (read or > write). So IMO this could also be achieved with, say, POSIX ACLs (setfacl)
Right. The issue has to do with what UNIX rights Dovecot sets for the process. In a previous mail you said you used: > userdb: > driver: ldap > args: /etc/dovecot/dovecot-ldap.conf The question is what fields does LDAP return? When you're using ldap, Dovecot doesn't directly use /etc/group or NSS equivalent to figure out what groups a users belong to. If you want Dovecot to do that, you need to return system_user=<username> field from userdb. > So far I also do not understand what the userdb has to do with that. The > userdb is just for *internal* users of the application (dovecot) Exactly. > and has > nothing to do with the access system from the operating system or the > system users/groups. But you want Dovecot to interact with operating system's users/groups, so you need to tell Dovecot how to do that.
signature.asc
Description: This is a digitally signed message part