--- a/src/plugins/acl/acl-api-private.h	Sun Nov 16 16:29:47 2008 +0200
+++ b/src/plugins/acl/acl-api-private.h	Sun Nov 16 16:30:14 2008 +0200
@@ -82,5 +82,6 @@
 			   const struct acl_mask *mask, pool_t pool);
 int acl_backend_get_default_rights(struct acl_backend *backend,
 				   const struct acl_mask **mask_r);
+bool acl_rights_has_nonowner_lookup_changes(const struct acl_rights *rights);
 
 #endif

--- a/src/plugins/acl/acl-api.c	Sun Nov 16 16:29:47 2008 +0200
+++ b/src/plugins/acl/acl-api.c	Sun Nov 16 16:30:14 2008 +0200
@@ -171,3 +171,22 @@
 	*_ctx = NULL;
 	ctx->backend->v.nonowner_lookups_iter_deinit(ctx);
 }
+
+bool acl_rights_has_nonowner_lookup_changes(const struct acl_rights *rights)
+{
+	const char *const *p;
+
+	if (rights->id_type == ACL_ID_OWNER) {
+		/* ignore owner rights */
+		return FALSE;
+	}
+
+	if (rights->rights == NULL)
+		return FALSE;
+
+	for (p = rights->rights; *p != NULL; p++) {
+		if (strcmp(*p, MAIL_ACL_LOOKUP) == 0)
+			return TRUE;
+	}
+	return FALSE;
+}

--- a/src/plugins/acl/acl-backend-vfile-acllist.c	Sun Nov 16 16:29:47 2008 +0200
+++ b/src/plugins/acl/acl-backend-vfile-acllist.c	Sun Nov 16 16:30:14 2008 +0200
@@ -125,25 +125,6 @@
 	}
 }
 
-static bool rights_has_lookup_changes(const struct acl_rights *rights)
-{
-	const char *const *p;
-
-	if (rights->id_type == ACL_ID_OWNER) {
-		/* ignore owner rights */
-		return FALSE;
-	}
-
-	if (rights->rights == NULL)
-		return FALSE;
-
-	for (p = rights->rights; *p != NULL; p++) {
-		if (strcmp(*p, MAIL_ACL_LOOKUP) == 0)
-			return TRUE;
-	}
-	return FALSE;
-}
-
 static int
 acllist_append(struct acl_backend_vfile *backend, struct ostream *output,
 	       struct mail_storage *storage, const char *name)
@@ -159,7 +140,7 @@
 
 	iter = acl_object_list_init(aclobj);
 	while ((ret = acl_object_list_next(iter, &rights)) > 0) {
-		if (rights_has_lookup_changes(&rights))
+		if (acl_rights_has_nonowner_lookup_changes(&rights))
 			break;
 	}
 	acl_object_list_deinit(&iter);

--- a/src/plugins/acl/acl-backend-vfile.c	Sun Nov 16 16:29:47 2008 +0200
+++ b/src/plugins/acl/acl-backend-vfile.c	Sun Nov 16 16:30:14 2008 +0200
@@ -1092,6 +1092,8 @@
 				const struct acl_rights_update *update)
 {
 	struct acl_object_vfile *aclobj = (struct acl_object_vfile *)_aclobj;
+	struct acl_backend_vfile *backend =
+		(struct acl_backend_vfile *)_aclobj->backend;
 	const struct acl_rights *rights;
 	struct dotlock *dotlock;
 	const char *path;
@@ -1115,20 +1117,25 @@
 	if (!changed) {
 		file_dotlock_delete(&dotlock);
 		return 0;
-	} else {
-		path = file_dotlock_get_lock_path(dotlock);
-		if (acl_backend_vfile_update_write(aclobj, fd, path) < 0) {
-			file_dotlock_delete(&dotlock);
-			acl_cache_flush(_aclobj->backend->cache, _aclobj->name);
-			return -1;
-		}
-		acl_backend_vfile_update_cache(_aclobj, fd);
-		if (file_dotlock_replace(&dotlock, 0) < 0) {
-			acl_cache_flush(_aclobj->backend->cache, _aclobj->name);
-			return -1;
-		}
-		return 0;
+	}
+
+	/* ACLs were really changed, write the new ones */
+	path = file_dotlock_get_lock_path(dotlock);
+	if (acl_backend_vfile_update_write(aclobj, fd, path) < 0) {
+		file_dotlock_delete(&dotlock);
+		acl_cache_flush(_aclobj->backend->cache, _aclobj->name);
+		return -1;
 	}
+	acl_backend_vfile_update_cache(_aclobj, fd);
+	if (file_dotlock_replace(&dotlock, 0) < 0) {
+		acl_cache_flush(_aclobj->backend->cache, _aclobj->name);
+		return -1;
+	}
+	/* make sure dovecot-acl-list gets updated if we added any
+	   lookup rights. */
+	if (acl_rights_has_nonowner_lookup_changes(&update->rights))
+		(void)acl_backend_vfile_acllist_rebuild(backend);
+	return 0;
 }
 
 static struct acl_object_list_iter *