[Dovecot] Acl, Namespace, User Confusion

[Jim Horner]

I'm using dovecot RC6.

I have a group named "cmpymail" with 2 users "jdoe at arinbe.com" 
and "jsmith at arinbe.com". I set up a mail folders like:

drwxrwx---  4 cmpymail  cmpymail 4096 2006-08-13 02:21 cmpymail
drwxrwx---  3 jdoe      users    4096 2005-11-21 13:34 jdoe
drwxrwx---  3 jsmith    users    4096 2006-08-13 02:27 jsmith
drwxrwx---  3 fred      users    4096 2006-08-13 02:27 fred
drwxrwx---  3 wilma     users    4096 2006-08-13 02:27 wilma

In dovecot.conf 

namespace public {
   separator = .
   prefix = COMPANY.
   location = 
maildir:/home/services/mail/arinbe.com/company/Maildir:CONTROL=%h/shared-settings/company/control:INDEX=%h/shared-settings/rootmail/index
   hidden = no
}

I have a dovecot-shared file

-rw-rw---- 1 cmpymail cmpymail 0 2006-08-13 13:24 dovecot-shared


What I can not do is restrict access to cmpymail to -just- jdoe and jsmith. 

I've looked at

http://www.dovecot.org/list/dovecot/2006-June/013683.html

I've tried adding 

  mail_plugin_dir = /usr/local/lib/dovecot/imap
  mail_plugins = acl

and a dovecot-acl file

owner
user=jdoe at arinbe.com lrwstiekxa
user=jsmith at arinbe.com lrwstiekxa
user=jdoe rwstiekxa
user=jsmith lrwstiekxa

I am not exactly sure what username to use. All users are in LDAP. 

The "cmpymail" group shows

# getent group
cmpymail:*:5555:jdoe,jsmith

Nothing I do seems to work. I either get errors that wilma and fred can't 
access cmpymail, for instance when wilma/fred try to subscribe to folders, or 
wilma and fred have complete access to cmpymail (if I change cmpymail's group 
to users instead of cmpymail).

Is there a way to restrict access like I want?

Thanks,

Jim