reconsidering my (your?) current setup

[Marc]

With redhat 'dumping' the support for centos and the availability of containers. I thought about reconsidering my default dovecot setup. 

Since the concept of having a lts distribution that is supported by redhat/centos is more or less 'unavailable'. I thought about using the repo of dovecot with centos8stream. 

os
==
For now I stick with centos8stream, just because the rest is still on centos7 support and the ceph development team is using it as a default. (And can't yet let go of the idea this closest to professional distro ;))

auth uid gid os
===============
I am not really convinced that storing users in mysql/postgres is a better alternative than having linux do auth. I also think it is good to have mailbox files stored with different uid's (no idea if this is even the case when dovecot is using mysql/maria/postgres)

Normally I would use a synced ldap server on the vm for authentication. But I was thinking of using now an external ldap task from the container environment. To de-duplicate services/data and make the environment simple. Since rh is moving to a different ldap server, it would be good to have this seperated in the future.

New to me is the sssd, used nscd/nslcd for decades without issues.

I guess the best solution is to have the os uid/gid coming from sssd, configure sssd to have a huge timeout if the backend ldap auth is not available. What is your thought about this?

auth uid gid dovecot
====================
I do not really have an idea if I should have dovecot use ldap directly or use this sssd pam? The advantage of using ldap directly is you could maybe skip identifying users in the os. But maybe then tools like dovadm that require a user are not working anymore. 
From the keep it simple perspective it is probably better to use sssd. However centos8stream and sssd are not really known to me. So any ideas/advice about this?