debug_level = 0 # LDAP database uris = ldapi://%2Frun%2Fslapd%2Fsock base = ou=posix,dc=%Dd scope = subtree #deref = never # NOTE: sufficient for small systems and uses less resources. blocking = no # LDAP auth sasl_bind = yes sasl_mech = EXTERNAL #dn = cn=admin,dc=%Dd #dnpass = useless with sasl_mech=EXTERNAL # DOC: https://wiki.dovecot.org/AuthDatabase/LDAP/AuthBinds # Using auth_bind is a bit more secure : dovecot does not need # to have read acces to userPassword. auth_bind = yes auth_bind_userdn = uid=%n,ou=accounts,ou=posix,dc=%Dd ## dovecot passdb query #pass_filter = (&(objectClass=posixAccount)(uid=%n)(mailEnabled=TRUE)) #pass_attrs = uidNumber=userdb_uid,\ # gidNumber=userdb_gid,\ # mailHomeDirectory=userdb_home,\ # mailStorageDirectory=userdb_mail,\ # mailGroupMember=userdb_mail_access_groups,\ # quotaBytes=userdb_quota_rule=*:bytes=%{ldap:quotaBytes},\ # =user=%n@%d #default_pass_scheme = SSHA # dovecot userdb query # For dovecot-lda user_filter = (&(objectClass=posixAccount)(uid=%n)(mailEnabled=TRUE)) user_attrs = uidNumber=uid,\ gidNumber=gid,\ mailHomeDirectory=home,\ mailStorageDirectory=mail,\ mailGroupMember=mail_access_groups,\ mailQuota=quota_rule=*:bytes=%{ldap:mailQuota} # doveadm user query iterate_attrs = =user=%{ldap:uid}@%d iterate_filter = (&(objectClass=posixAccount)(mailEnabled=TRUE))