debug_level = 0

# LDAP database
uris = ldapi://
base = ou=posix,dc=%Dd
scope = subtree
#deref = never
# NOTE: sufficient for small systems and uses less resources.
blocking = no

# LDAP auth
sasl_bind = yes
sasl_mech = EXTERNAL
#dn = cn=admin,dc=%Dd
#dnpass = useless with sasl_mech=EXTERNAL
# DOC: https://wiki.dovecot.org/AuthDatabase/LDAP/AuthBinds
# Using auth_bind is a bit more secure : dovecot does not need
# to  have read acces to userPassword.
auth_bind = yes
auth_bind_userdn = uid=%n,ou=accounts,ou=posix,dc=%Dd

## dovecot passdb query
#pass_filter = (&(objectClass=posixAccount)(uid=%n)(mailEnabled=TRUE))
#pass_attrs = uidNumber=userdb_uid,\
#             gidNumber=userdb_gid,\
#             mailHomeDirectory=userdb_home,\
#             mailStorageDirectory=userdb_mail,\
#             mailGroupMember=userdb_mail_access_groups,\
#             quotaBytes=userdb_quota_rule=*:bytes=%{ldap:quotaBytes},\
#             =user=%n@%d
#default_pass_scheme = SSHA

# dovecot userdb query
# For dovecot-lda
user_filter = (&(objectClass=posixAccount)(uid=%n)(mailEnabled=TRUE))
user_attrs = uidNumber=uid,\
             gidNumber=gid,\
             mailHomeDirectory=home,\
             mailStorageDirectory=mail,\
             mailGroupMember=mail_access_groups,\
             mailQuota=quota_rule=*:bytes=%{ldap:mailQuota}

# doveadm user query
iterate_attrs = =user=%{ldap:uid}@%d
iterate_filter = (&(objectClass=posixAccount)(mailEnabled=TRUE))