You set ‘auth_bind' to ‘no' and and you make sure ‘dn’ and ‘dnpass’ are properly configured with a user with enough privileges to read users passwords.
And also, you make sure your pass_attrs contains a password attributes (containing the user password hash). > Le 2 oct. 2019 à 19:33, David Wells - Alfavinil S.A. via dovecot > <dovecot@dovecot.org> a écrit : > > Is there anywhere an example of how this would be setup? I understand the use > of a service account which I already setup but I can't figure out how to use > this service account to retrieve information and authenticate users. > > Thanks! > Best regards, > David Wells. > > > El 02/10/2019 a las 04:29, Aki Tuomi escribió: >> >> On 1.10.2019 17.33, David Wells - Alfavinil S.A. via dovecot wrote: >>> Good morning. >>> >>> I was just reading >>> https://wiki.dovecot.org/AuthDatabase/LDAP/PasswordLookups >>> <https://wiki.dovecot.org/AuthDatabase/LDAP/PasswordLookups> and found the >>> following statement >>>> When using LDA <https://wiki.dovecot.org/LDA> and static userdb, deliver >>>> can check if destination user exists. With auth binds this check isn't >>>> possible. >>> >>> Is this still relevant? Is there a workaround? It seems like using dovecots >>> lmtp in an active directory environment is not possible, is this correct? >>> >> You cannot check user existence with auth binds because auth bind requires >> user credentials. >> >> This is why I suggested you use a "service user" in LDAP to perform the >> database lookups instead of auth binds. You can still authenticate your >> users using kerberos. >> >> Aki >> >
