[Dovecot] Ldap and secondary PosixGroups
Timo Sirainen
tss at iki.fi
Fri Feb 4 19:23:30 EET 2011
On Thu, 2011-02-03 at 10:34 +0100, Matthieu Ambrosy wrote:
> I'm using "Pam Ldap" for my users (Debian Lenny).
>
> getent passwd :
> *m.ambrosy:x:2000:100:m.ambrosy:/home/m.ambrosy:/bin/bash*
>
> getent group :
> *l_admin:*:2000:m.ambrosy
> l_personnel:*:2001:m.ambrosy
> l_mail:*:2003:m.ambrosy*
These are NSS lookups, not PAM.
> In fact, Dovecot seems to not see secondary groups for my user. It just
> checks the primary group (gidNumber).
Assuming you're using userdb passwd, it should have set the secondary
groups. dovecot -n output could have been helpful though.
> If I modify my Ldap user like this, getent passwd :
> *m.ambrosy:x:2000:2003:m.ambrosy:/home/m.ambrosy:/bin/bash
> *It works fine but my "l_mail" group must be secondary (like an option for
> some users), not the primary gidNumber. Can I do it in the conf file?*
You could also set mail_access_groups = l_mail.
More information about the dovecot
mailing list