On Thu, 2011-02-03 at 10:34 +0100, Matthieu Ambrosy wrote:
I'm using "Pam Ldap" for my users (Debian Lenny).
getent passwd : *m.ambrosy:x:2000:100:m.ambrosy:/home/m.ambrosy:/bin/bash*
getent group : *l_admin:*:2000:m.ambrosy l_personnel:*:2001:m.ambrosy l_mail:*:2003:m.ambrosy*
These are NSS lookups, not PAM.
In fact, Dovecot seems to not see secondary groups for my user. It just checks the primary group (gidNumber).
Assuming you're using userdb passwd, it should have set the secondary groups. dovecot -n output could have been helpful though.
If I modify my Ldap user like this, getent passwd : *m.ambrosy:x:2000:2003:m.ambrosy:/home/m.ambrosy:/bin/bash *It works fine but my "l_mail" group must be secondary (like an option for some users), not the primary gidNumber. Can I do it in the conf file?*
You could also set mail_access_groups = l_mail.