diff -urN dovecot-1.1.2/dovecot-example.conf dovecot-1.1.2.patched/dovecot-example.conf
--- dovecot-1.1.2/dovecot-example.conf	2008-07-12 01:14:14.000000000 +0200
+++ dovecot-1.1.2.patched/dovecot-example.conf	2008-07-25 11:57:52.490911533 +0200
@@ -784,6 +784,9 @@
 # Path for Samba's ntlm_auth helper binary.
 #auth_winbind_helper_path = /usr/bin/ntlm_auth
 
+# User arguments for Samba's ntlm_auth helper binary.
+#auth_winbind_helper_args = --require-membership-of=DOMAIN\Domain Group
+
 # Number of seconds to delay before replying to failed authentications.
 #auth_failure_delay = 2
 
diff -urN dovecot-1.1.2/src/auth/mech-winbind.c dovecot-1.1.2.patched/src/auth/mech-winbind.c
--- dovecot-1.1.2/src/auth/mech-winbind.c	2008-06-12 08:45:10.000000000 +0200
+++ dovecot-1.1.2.patched/src/auth/mech-winbind.c	2008-07-25 12:02:02.479381189 +0200
@@ -98,6 +98,9 @@
 {
 	int infd[2], outfd[2];
 	pid_t pid;
+	char *helper_args = NULL;
+	char *end_arg_ptr = NULL;
+	int num_args = 0;
 
 	if (winbind->in_pipe != NULL || winbind->pid != -1)
 		return;
@@ -119,9 +122,28 @@
 		return;
 	}
 
+	helper_args = getenv ("WINBIND_HELPER_ARGS");
+	if (helper_args != NULL && *helper_args != '\0') {
+		/* if helper_args exists, then we have at least one argument */
+		num_args++;
+
+		/* Save the arg pointer to prevent having to look through envp again */
+		end_arg_ptr = helper_args;
+
+		/* then count the number of supplied user arguments */
+		while ((end_arg_ptr = strstr (end_arg_ptr, " -")) != NULL)
+			num_args++;
+	}
+	else
+		helper_args = NULL;
+
+	/* As we use this number to allocate the args array, we need 3 (more) elements (cmd name, hard coded arg, terminating element */
+	num_args += 3;
+
 	if (pid == 0) {
 		/* child */
-		const char *helper_path, *args[3];
+		const char *helper_path, *args[num_args];
+		int arg_num = 2;
 
 		(void)close(infd[0]);
 		(void)close(outfd[1]);
@@ -134,9 +156,22 @@
 		if (helper_path == NULL)
 			helper_path = DEFAULT_WINBIND_HELPER_PATH;
 
+		
 		args[0] = helper_path;
 		args[1] = winbind->param;
-		args[2] = NULL;
+
+		if (helper_args != NULL) {
+			/* Put the first argument in the array */
+			args[arg_num++] = helper_args;
+			while ((helper_args = strstr (helper_args, " -")) != NULL) {
+				/* then for each found argument, terminate the previous argument string */
+				*helper_args++ = 0;
+				/* then put the new argument in the array */
+				args[arg_num++] = helper_args;
+			}
+		}
+		args[arg_num] = NULL;
+
 		execv(args[0], (void *)args);
 		i_fatal("execv(%s) failed: %m", args[0]);
 	}
diff -urN dovecot-1.1.2/src/master/auth-process.c dovecot-1.1.2.patched/src/master/auth-process.c
--- dovecot-1.1.2/src/master/auth-process.c	2008-06-12 08:45:10.000000000 +0200
+++ dovecot-1.1.2.patched/src/master/auth-process.c	2008-07-25 11:57:52.494913039 +0200
@@ -497,6 +497,11 @@
 	}
 	env_put(t_strconcat("WINBIND_HELPER_PATH=",
 			    set->winbind_helper_path, NULL));
+	if (*set->winbind_helper_path != '/0' && 
+	    *set->winbind_helper_args != '/0') {
+		env_put(t_strconcat("WINBIND_HELPER_ARGS=",
+				    set->winbind_helper_args, NULL));
+	}
 	env_put(t_strdup_printf("FAILURE_DELAY=%u", set->failure_delay));
 
 	restrict_process_size(set->process_size, (unsigned int)-1);
diff -urN dovecot-1.1.2/src/master/master-settings.c dovecot-1.1.2.patched/src/master/master-settings.c
--- dovecot-1.1.2/src/master/master-settings.c	2008-06-21 15:09:16.000000000 +0200
+++ dovecot-1.1.2.patched/src/master/master-settings.c	2008-07-25 11:57:52.494913039 +0200
@@ -35,7 +35,7 @@
 	SETTINGS_TYPE_AUTH_SOCKET,
 	SETTINGS_TYPE_AUTH_PASSDB,
 	SETTINGS_TYPE_AUTH_USERDB,
-        SETTINGS_TYPE_NAMESPACE,
+	SETTINGS_TYPE_NAMESPACE,
 	SETTINGS_TYPE_SOCKET,
 	SETTINGS_TYPE_DICT,
 	SETTINGS_TYPE_PLUGIN
@@ -51,7 +51,7 @@
 	struct auth_socket_settings *auth_socket;
 	struct auth_passdb_settings *auth_passdb;
 	struct auth_userdb_settings *auth_userdb;
-        struct namespace_settings *namespace;
+	struct namespace_settings *namespace;
 
 	int level;
 };
@@ -83,6 +83,8 @@
 	DEF_STR(krb5_keytab),
 	DEF_STR(gssapi_hostname),
 	DEF_STR(winbind_helper_path),
+	DEF_STR(winbind_helper_args),
+
 	DEF_INT(failure_delay),
 
 	DEF_BOOL(verbose),
@@ -318,6 +320,7 @@
 	MEMBER(krb5_keytab) "",
 	MEMBER(gssapi_hostname) "",
 	MEMBER(winbind_helper_path) "/usr/bin/ntlm_auth",
+	MEMBER(winbind_helper_args) "",
 	MEMBER(failure_delay) 2,
 
 	MEMBER(verbose) FALSE,
diff -urN dovecot-1.1.2/src/master/master-settings.h dovecot-1.1.2.patched/src/master/master-settings.h
--- dovecot-1.1.2/src/master/master-settings.h	2008-06-12 08:45:10.000000000 +0200
+++ dovecot-1.1.2.patched/src/master/master-settings.h	2008-07-25 11:57:52.494913039 +0200
@@ -4,8 +4,8 @@
 #include "network.h"
 
 enum mail_protocol {
-        MAIL_PROTOCOL_ANY,
-        MAIL_PROTOCOL_IMAP,
+	MAIL_PROTOCOL_ANY,
+	MAIL_PROTOCOL_IMAP,
 	MAIL_PROTOCOL_POP3,
 	MAIL_PROTOCOL_LDA
 };
@@ -166,7 +166,7 @@
 
 	const char *type;
 	struct socket_settings master;
-        struct socket_settings client;
+	struct socket_settings client;
 };
 
 struct auth_passdb_settings {
@@ -210,6 +210,7 @@
 	const char *krb5_keytab;
 	const char *gssapi_hostname;
 	const char *winbind_helper_path;
+	const char *winbind_helper_args;	
 	unsigned int failure_delay;
 
 	bool verbose, debug, debug_passwords;
@@ -225,8 +226,8 @@
 	/* .. */
 	uid_t uid;
 	gid_t gid;
-        struct auth_passdb_settings *passdbs;
-        struct auth_userdb_settings *userdbs;
+	struct auth_passdb_settings *passdbs;
+	struct auth_userdb_settings *userdbs;
 	struct auth_socket_settings *sockets;
 };
 
@@ -254,7 +255,7 @@
 	struct settings *pop3;
 	struct auth_settings *auths;
 	struct auth_settings auth_defaults;
-        struct namespace_settings *namespaces;
+	struct namespace_settings *namespaces;
 
 	ARRAY_DEFINE(dicts, const char *);