[SOGo] Groups not decomposed

[Ueli Leutwyler]

Dear sogo community
I'm having a hard time with sogo groups and acl.
My environement is as follows:
sogo v 4.0.1
openldap
irdemail
on debian 9
so far everything works great except groups. I need to be able to define 
groups I can then use for acl.

I can define acl for a single user. Works great.
I have a groups section in my config file as follows:

        {
            // groups for acl
            type = ldap;
            id = staff_groups;
            canAuthenticate = YES;
            isAddressBook = YES;
            displayName = "Staff Groups";
            bindAsCurrentUser = NO;

            listRequiresDot = NO;

            hostname = "ldap://127.0.0.1:389";;
            baseDN = 
"OU=Groups,domainName=bws-uster.ch,o=domains,dc=mail2,dc=bws-uster,dc=ch";
            bindDN = "cn=vmail,dc=mail2,dc=bws-uster,dc=ch";
            bindPassword = "*****";
            filter = "(enabledService=aclgroup)";
            scope = SUB;

            IDFieldName = uid;
            // value of UID field must be unique on whole server.
            UIDFieldName = uid;
            IMAPLoginFieldName = mail;
            bindFields=(uid);
            CNFieldName = cn;
        },

The group has a ldap entry as follows:

dn: cn=testgroup,ou=Groups,domainName=bws-uster.ch,o=domains,dc=mail2,dc=bws
objectClass: extensibleObject
objectClass: top
objectClass: groupOfNames
cn: testgroup
member: mail=te...@bws-uster.ch,ou=Users,domainName=bws-uster.ch,o=domains,d
enabledService: aclgroup
mail: testgr...@bws-uster.ch

my users rdn is mail. The login field is uid. A user lookl like that:

dn: mail=te...@bws-uster.ch,ou=Users,domainName=bws-uster.ch,o=domains,dc=ma
objectClass: inetOrgPerson
objectClass: mailUser
objectClass: shadowAccount
objectClass: amavisAccount
cn: Test User 1
mail: te...@bws-uster.ch
sn: User 1
uid: test1
accountStatus: active
amavisLocal: TRUE
enabledService: mail
enabledService: deliver
enabledService: lda
enabledService: lmtp
enabledService: smtp
enabledService: smtpsecured
enabledService: pop3
enabledService: pop3secured
enabledService: pop3tls
enabledService: imap
enabledService: imapsecured
enabledService: imaptls
enabledService: managesieve
enabledService: managesievesecured
enabledService: sogo
enabledService: sieve
enabledService: sievesecured
enabledService: forward
enabledService: senderbcc
enabledService: recipientbcc
enabledService: internal
enabledService: lib-storage
enabledService: indexer-worker
enabledService: doveadm
enabledService: dsync
enabledService: shadowaddress
enabledService: displayedInGlobalAddressBook
givenName: Test
homeDirectory: /var/vmail/vmail1/bws-uster.ch/test1/
mailMessageStore: vmail1/bws-uster.ch/test1/
mailQuota: 10485760000
shadowLastChange: 0
storageBaseDirectory: /var/vmail
userPassword:: e1NTSEE1MTJ9N3J2Y3AxYVpaTmFKbk1pTTRtUVFGMDNRbWFXQWNYUjZVTFdxT

I can see the group in the Adressbook and can also choose it to define 
acl. Everything looks ok.
But the users within the group cannot access shared ressources.

Thanks for your help.

Ueli

--
users@sogo.nu
https://inverse.ca/sogo/lists