diff -r e8285fb4fb63 -r 430b3ecdbbf8 account.pm
--- a/account.pm	Tue Dec 13 21:50:43 2011 +0100
+++ b/account.pm	Tue Dec 13 22:47:23 2011 +0100
@@ -327,10 +327,14 @@
         if ( defined $Cf->aclgroups ) {
 
             my $ag = $Cf->aclgroups;
+            my $lag = $e->get_value(AT_ACLGROUPS); 
+            # groups should be supplied with leading '$' for consistency with
+            # dovecots imap acl, but should not be saved in ldap with it!
+            $ag =~ s/(^|,[+-]?)\K\$//g;
 
             if ( $ag =~ /(^|,\s*)[+-]/ ) {
                 my %x;
-                @x{ split /,/, $e->get_value(AT_ACLGROUPS) } = ();
+                @x{ split /,/, $lag } = ();
                 for ( split /,/, $ag ) {
                     if (s/^-//) {
                         delete $x{$_};
@@ -347,7 +351,7 @@
             if ($ag) {
                 $e->replace( (AT_ACLGROUPS) => $ag );
             } else {
-                $e->delete( AT_ACLGROUPS );
+                $e->delete( AT_ACLGROUPS ) if $lag;
             }
             $modified++;
         }
@@ -476,7 +480,8 @@
         my $ml   = join( ", ", $e->get_value(AT_ADDRESS) ) || "";           # ??
         my $mg   = join( ", ", $e->get_value(AT_GROUP) ) || "";             # ??
         my $forw = join( ", ", $e->get_value(AT_FORWARDINGADDRESS) ) || "";
-        my $ag   = $e->get_value(AT_ACLGROUPS);
+        my $ag   = join ',$', split /,/, $e->get_value(AT_ACLGROUPS);
+        $ag = "\$$ag" if $ag;
 
         print "$uid: $cn <$mr>";