Hi,

I figured out that Dovecot does not honer secondary groups with auth/auth-worker (??), if doing LDAP/TLS stuff. I had to use file system acls to add the user "vmail" to /etc/ssl/private and to the corresponding key file:

doveconf -n

# 2.1.3: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-40-generic-pae i686 Ubuntu 10.04.4 LTS auth_master_user_separator = * auth_mechanisms = plain login auth_verbose = yes hostname = mail.roessner-net.de lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes mail_access_groups = vmail mail_gid = vmail mail_location = mdbox:~/mdbox mail_plugins = autocreate quota acl fts fts_solr zlib mail_log notify mail_privileged_group = mail mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace { list = children location = mdbox:%%h/mdbox prefix = shared/%%u/ separator = / subscriptions = no type = shared } namespace inbox { inbox = yes location = mailbox "Deleted Messages" { special_use = \Trash } mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } mailbox junkmail { special_use = \Junk } prefix = separator = / type = private } passdb { args = /etc/dovecot/master-users driver = passwd-file master = yes pass = yes } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { acl = vfile acl_shared_dict = file:/var/mail/virtual/shared-mailboxes.db autocreate = Trash autocreate2 = Sent autocreate3 = Drafts autocreate4 = junkmail autosubscribe = Trash autosubscribe2 = Sent autosubscribe3 = Drafts autosubscribe4 = junkmail fts = solr fts_solr = break-imap-search url=http://localhost:8080/solr/ mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid size quota = dict:User quota::file:%h/mdbox/dovecot-quota quota_rule = *:storage=300M:messages=20000 quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u sieve = ~/.dovecot.sieve sieve_dir = ~/sieve zlib_save = gz zlib_save_level = 6 } protocols = imap pop3 lmtp sieve service auth-worker { unix_listener auth-worker { user = vmail } user = vmail } service auth { unix_listener auth-userdb { mode = 0600 user = vmail } user = vmail } service dict { unix_listener dict { mode = 0600 user = vmail } } service lmtp { inet_listener lmtp { address = ::1 port = 24 } } service quota-warning { executable = script /usr/local/bin/quota-warning.sh unix_listener quota-warning { user = vmail } user = dovecot } ssl_ca =

Normally, mail is placed under /var/mail/virtual as user vmail, group vmail. Is there something wrong with my config that prevents switching to secondary groups?

/etc/dovecot/dovecot-ldap.conf.ext:

uris = ldap://ldap0.roessner-net.de/ ldap://db.roessner-net.de/ sasl_bind = yes sasl_mech = EXTERNAL tls = yes tls_ca_cert_file = /etc/ssl/certs/ca-certificates.crt tls_cert_file = /etc/ssl/certs/mx0.roessner-net.de.pem tls_key_file = /etc/ssl/private/mx0.roessner-net.de.key.pem tls_require_cert = hard base = ou=people,ou=it,dc=roessner-net,dc=de user_attrs = rnsMSQuota=quota_rule=*:storage=%$,rnsMSMailboxHome=home user_filter = (&(objectClass=rnsMSDovecotAccount)(rnsMSRecipientAddress=%u)) pass_attrs = rnsMSDeliverToAddress=user,userPassword=password pass_filter = (&(objectClass=rnsMSDovecotAccount)(rnsMSRecipientAddress=%u)(rnsMSEnableDovecot=TRUE)) iterate_attrs = rnsMSDovecotUser=user iterate_filter = (objectClass=rnsMSDovecotAccount) default_pass_scheme = CRYPT

Thanks in advance.

-Christian

Roessner-Network-Solutions Bachelor of Science Informatik Nahrungsberg 81, 35390 Gießen F: +49 641 5879091, M: +49 176 93118939 USt-IdNr.: DE225643613 http://www.roessner-network-solutions.com