dovecot - Apr 2015 - can't create folders under shared mailbox's INBOX

Hello,

I have a namespace / ACL problem with shared mailboxes that I can't figure
out. I have a local user tam at crm.yb.lmax that shares it's INBOX and all
other folders with on LDAP group. Members of that group can't create a
folder under the shared local user's INBOX:

[08-Apr-2015 11:43:05 +0000]: [9501] S: * MYRIGHTS tam at crm.yb.lmax
lrwstipekxcd
[08-Apr-2015 11:43:05 +0000]: [9501] S: A0004 OK Myrights completed.
[08-Apr-2015 11:43:05 +0000]: [9501] C: A0005 CREATE tam at
crm.yb.lmax/Templates
[08-Apr-2015 11:43:05 +0000]: [9501] S: A0005 NO [NOPERM] Permission denied


I *can* create a folder underneath another folder of the same shared user that
already exists:

[08-Apr-2015 11:43:47 +0000]: [99CE] S: * MYRIGHTS tam at crm.yb.lmax/Drafts
lrwstipekxcd
[08-Apr-2015 11:43:47 +0000]: [99CE] S: A0004 OK Myrights completed.
[08-Apr-2015 11:43:47 +0000]: [99CE] C: A0005 CREATE tam at
crm.yb.lmax/Drafts/Test
[08-Apr-2015 11:43:47 +0000]: [99CE] S: A0005 OK Create completed.


Creating the subfolder as the local user itself works fine:

[08-Apr-2015 11:35:35 +0000]: [4E9C] C: A0005 CREATE INBOX/Templates
[08-Apr-2015 11:35:35 +0000]: [4E9C] S: A0005 OK Create completed.


However the local user creates INBOX/Templates, whereas the ldap user is
creating under tam at crm.yb.lmax/Templates.  Is this an artifact of how
we've set up namespaces below?

Thanks,

-Luke

[root at localhost dovecot]# doveconf -n
# 2.2.15: /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.6 (3e924b1b6c5c+)
# OS: Linux 2.6.32-358.11.1.el6.x86_64 x86_64 CentOS release 6.4 (Final) 
auth_master_user_separator = *
default_login_user = vmail
disable_plaintext_auth = no
doveadm_password = secret
doveadm_port = 12345
first_valid_gid = 490
first_valid_uid = 490
imapc_ssl_verify = no
listen = *
mail_access_groups = vmail
mail_location = mdbox:~/mdbox/
mail_plugins = "  zlib acl"
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date ihave
mbox_write_locks = fcntl
mdbox_preallocate_space = yes
mdbox_rotate_size = 10 M
namespace {
  hidden = no
  ignore_on_failure = no
  inbox = no
  list = yes
  location = mdbox:/srv/mail/%%d/%%n/mdbox
  prefix = %%u/
  separator = /
  subscriptions = yes
  type = shared
}
namespace personal {
  hidden = yes
  inbox = yes
  location = 
  mailbox LMAX-Sent {
    auto = subscribe
  }
  mailbox Sent {
    auto = subscribe
    special_use = \Sent
  }
  prefix = INBOX/
  separator = /
  subscriptions = yes
  type = private
}
passdb {
  args = scheme=SSHA512 /etc/dovecot/local-users.passdb
  driver = passwd-file
}
passdb {
  args = scheme=SSHA512 /etc/dovecot/master-users.passdb
  driver = passwd-file
  master = yes
}
passdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
  skip = authenticated
}
plugin {
  acl = vfile
  acl_shared_dict = file:/var/lib/dovecot/shared-mailboxes.db
  sieve = ~/%d/%n/.dovecot.sieve
  sieve_dir = ~/%d/%n/sieve
  sieve_extensions = +notify +imapflags +vacation-seconds
  sieve_vacation_min_period = 10s
  zlib_save = gz
  zlib_save_level = 6
}
protocols = imap lmtp sieve
replication_dsync_parameters = -d -l 30 -U
service auth {
  unix_listener auth-userdb {
    group = vmail
    user = vmail
  }
}
service config {
  unix_listener config {
    user = vmail
  }
}
service imap-login {
  process_limit = 500
  process_min_avail = 2
  user = vmail
}
service imap-postlogin {
  executable = script-login /etc/dovecot/ldap_groups.sh
  user = vmail
}
service imap {
  executable = imap imap-postlogin
}
service lmtp {
  inet_listener lmtp {
    address = 127.0.0.1
    port = 24
  }
  unix_listener lmtp {
    mode = 0666
  }
}
service managesieve-login {
  inet_listener sieve {
    port = 4190
  }
}
ssl_cert = </etc/pki/tls/certs/localhost.crt
ssl_client_ca_file = /etc/pki/tls/certs/ca-bundle.crt
ssl_key = </etc/pki/tls/private/localhost.key
userdb {
  args = /etc/dovecot/local-users.userdb
  driver = passwd-file
}
userdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
verbose_proctitle = yes
verbose_ssl = yes
protocol lmtp {
  mail_plugins = " sieve"
}
protocol imap {
  mail_plugins = "  zlib acl  imap_acl"
}

---

LMAX Exchange, Yellow Building, 1A Nicholas Road, London W11 4AN
http://www.LMAX.com/

---
#1 Fastest Growing Tech Company in UK - Sunday Times Tech Track 100 (2014)

Awards
2015 Best FX Trading Venue - ECN/MTF - WSL Institutional Trading Awards
2014 Best Margin Sector Platform - Profit & Loss Readers' Choice Awards
2014 Best FX Trading Venue - ECN/MTF - WSL Institutional Trading Awards
2014 Best Infrastructure/Technology Initiative - WSL Institutional Trading
Awards
2013 #15 Fastest Growing Tech Company in UK - Sunday Times Tech Track 100
2013 Best Overall Testing Project - The European Software Testing Awards
2013 Best Margin Sector Platform - Profit & Loss Readers' Choice Awards
2013 Best FX Trading Platform - ECN/MTF - WSL Institutional Trading Awards
2013 Best Executing Venue - Forex Magnates Awards
2011 Best Trading System - Financial Sector Technology Awards
2011 Innovative Programming Framework - Oracle Duke's Choice Awards
---

FX and CFDs are leveraged products that can result in
losses exceeding your deposit. They are not suitable
for everyone so please ensure you fully understand
the risks involved.

This message and its attachments are confidential,
may not be disclosed or used by any person other
than the addressee and are intended only for the
named recipient(s). This message is not intended for
any recipient(s) who based on their nationality,
place of business, domicile or for any other
reason, is/are subject to local laws or regulations
which prohibit the provision of such products and
services. This message is subject to the terms at
http://www.lmax.com/pdf/general-disclaimers.pdf
however if you cannot access these, please notify
us by replying to this email and we will send you
the terms. If you are not the intended recipient,
please notify the sender immediately and delete any
copies of this message.

LMAX Exchange is the trading name of LMAX Limited. LMAX
Limited operates a multilateral trading facility. LMAX
Limited is authorised and regulated by the Financial
Conduct Authority (firm registration number 509778)
and is a company registered in England and Wales
(number 6505809).

LMAX Hong Kong Limited is a wholly-owned subsidiary
of LMAX Limited. LMAX Hong Kong is licensed by the
Securities and Futures Commission in Hong Kong to
conduct Type 3 (leveraged foreign exchange trading)
regulated activity with CE Number BDV088.