> > Am I understanding correctly that the auth_bind option, regardless of > whether it is set to yes or no, and even if anonymous access to the LDAP > directory is blocked, must be used with dn=cn=manager,dc=example,dc=com > and dnpass=password to enable authentication?
Forget about using manager, always create a different entity so you can create acl's specific for this entity and change passwords etc. cn=dovecot,cn=mail,ou=hosts,dc=example,dc=com > It seems to me that there are no other cases where Dovecot can query the I think it queries to get file locations (home dir) and maybe searches for uid's so you need something like this to dn.subtree="ou=mailaccounts,ou=mail,dc=example,dc=com" by ssf=256 dn.exact="cn=dovecot,cn=mail,ou=hosts,dc=example,dc=com" read by ssf=256 self read by anonymous auth by * none But this is something old that I had and am not using. This allows the cn=dovecot to also access the password field. I am not sure if that is necessary/wanted. > LDAP server directly using the login and password provided by the > client. To perform authentication, it must execute a BIND by an > intermediate user, regardless of where the password check takes place - > in LDAP or in Dovecot. > > Are there any other ways for the client to log in directly with their > credentials on the Dovecot server? Yes forget about using ldap in dovecot, and configure ldap for the os and let dovecot authenticate against the os. _______________________________________________ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
