[Dovecot] Ldap and secondary PosixGroups
Matthieu Ambrosy
matthieu.ambrosy at gmail.com
Thu Feb 3 11:34:56 EET 2011
Hello all,
I'm using "Pam Ldap" for my users (Debian Lenny).
getent passwd :
*m.ambrosy:x:2000:100:m.ambrosy:/home/m.ambrosy:/bin/bash*
getent group :
*l_admin:*:2000:m.ambrosy
l_personnel:*:2001:m.ambrosy
l_mail:*:2003:m.ambrosy*
As you can see, in LDAP, user "m.ambrosy" (PosixAccount) is defined with
gidNumber = 100 (local group "users") and uidNumber = 2000.
Furthermore this user belongs to 3 secondary Ldap PosixGroup (l_admin 2000,
l_personnel 2001, l_mail 2003).
If /var/mail belongs to the primary group (100), no problem.
If /var/mail belongs to l_mail (2003) :
*mkdir(/var/mail/m.ambrosy) failed: Permission denied (euid=2000(m.ambrosy)
egid=100(users) missing +w perm: /var/mail, euid is not dir owner*
In fact, Dovecot seems to not see secondary groups for my user. It just
checks the primary group (gidNumber).
If I modify my Ldap user like this, getent passwd :
*m.ambrosy:x:2000:2003:m.ambrosy:/home/m.ambrosy:/bin/bash
*It works fine but my "l_mail" group must be secondary (like an option for
some users), not the primary gidNumber. Can I do it in the conf file?*
*
Am I making myself clear?
Regards,
Matthieu.
More information about the dovecot
mailing list