Do you have a "nopassword" field in LDAP? If not, then it doesn't get set. Perhaps what you want is:
pass_attrs = uid=user, =nopassword=1
Timo,
Thank you for your tip. The correct dovecot-ldap.conf line should look like:
pass_attrs = uid=user, =password=, =nopassword=1
But even in this case we get:
dovecot: auth(default): ldap(user1,127.0.0.1): pass search: base=ou=People,dc=example,dc=local scope=subtree filter=(&(objectClass=inetOrgPerson)(uid=user1)) fields=uid dovecot: auth(default): ldap(user1,127.0.0.1): result: uid(user)=user1 dovecot: auth(default): ldap(user1,127.0.0.1): No password in reply dovecot: auth(default): client out: FAIL 1 user=user1 temp
in our logs. I beleive this is due to the way attribute templates/static fields are processed in db-ldap.c.
Thanks in advance!
P.S. By the way, could you please share your opinion about possible SASL EXTERNAL usage in this case? Do you think this is the appropriate use case?