On Thu, 2009-12-17 at 10:55 +0900, Lukas Haase wrote:
> > But anyway, the problem has to do with userdb not returning those UNIX
> > groups that you expect.
> 
> Oh, ok I think there is a point which I do not understand. What has the 
> userdb to do with UNIX rights? As far as I understood from the wiki 
> there are two levels:
> 
> * UNIX rights. The mailboxes need to just have the correct *UNIX* 
> permission in order to access the files in the needed way (read or 
> write). So IMO this could also be achieved with, say, POSIX ACLs (setfacl)

Right. The issue has to do with what UNIX rights Dovecot sets for the
process. In a previous mail you said you used:

>    userdb:
>      driver: ldap
>      args: /etc/dovecot/dovecot-ldap.conf

The question is what fields does LDAP return? When you're using ldap,
Dovecot doesn't directly use /etc/group or NSS equivalent to figure out
what groups a users belong to. If you want Dovecot to do that, you need
to return system_user=<username> field from userdb.

> So far I also do not understand what the userdb has to do with that. The 
> userdb is just for *internal* users of the application (dovecot) 

Exactly.

> and has 
> nothing to do with the access system from the operating system or the 
> system users/groups.

But you want Dovecot to interact with operating system's users/groups,
so you need to tell Dovecot how to do that.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to