Hi,

I'm looking for a solution to use nested AD groups for authorization in shared-imap folders(namespace public).

As a simple hack to determine the (primary) groups of a user we use the following setup with a post-login script:

in dovecot.conf ... protocol imap { mail_executable = /etc/dovecot/ldap_groups.sh ...

ldap_groups.sh

ACL_GROUPS=ldapsearch -h ldapserver -p 3268 -s sub -D "cn=ldap mail, ou=user, ou=global, ou=xxx, dc=xxx, dc=local" -b "ou=xxx, dc=xxx, dc=local" "(&(sAMAccountName=$USER))" -LLL memberOf -w password | grep "memberOf: CN=" | sed 's/memberOf: CN=//' | sed 's/,OU=.*//' | tr "\n" "," | sed 's/, $//' export ACL_GROUPS exec /usr/libexec/dovecot/imap $*

Does anyone know, how to simply get the groups of groups with such a post-login script?

Thanks, Martin