To answer my own question: I completely misunderstood the purpose of the system_groups_user variable. I thought it would return a list of groups the user belongs to dovecot on login. Instead I find it's simply the user for whom dovecot will query group membership on demand. Seems a bit crazy not to default that value to the logged in user. Maybe someone will tell me why that is not the case.
At any rate setting that value for an ldap set up in debian wheezy is actually fairly easy after all
I added uid=system_groups_user to the user_attrs variable in /etc/dovecot/dovecot-ldap.conf.ext.
Like so. user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid,uid=system_groups_user
From: ray klassen julius_ahenobarbus@yahoo.co.uk To: "dovecot@dovecot.org" dovecot@dovecot.org Sent: Friday, 2 August 2013, 9:36 Subject: [Dovecot] system_groups_user syntax especially in LDAP
so if possible, I'd like an example of how to include system_groups_user in the userdb setup.
I'm using ldap, but I could revert to using pam on ldap. There is a ldap query (gleaned from smbldap-tools) that will return a list of groups for a user
(&(objectclass=posixGroup)(memberuid=%u)) but I don't know if the ldap driver will handle it but above all I can't figure out how it fits into the dovecot configuration!
I'm trying to get Dovecot 2.1.7 on debian wheezy to recognize shared folders that have group ownership.