On 5/8/23 23:06, Marc wrote:
so far I had a setup where Dovecot was using a passwd file as userdb and
passdb. Postfix was then authenticating with Dovecot via SASL to
validate user accounts.

Now I added an LDAP backend and would like to use that for Dovecot and
Postfix. My first approach was to change the passdb to use the LDAP
driver with the following settings:

hosts = openldap:1389
base = ou=users,dc=example,dc=com
auth_bind = yes
auth_bind_userdn = uid=%n,ou=users,dc=example,dc=com

So why not handle this on the os? Have the os publish the ldap users, and have dovecot handle os users. It needs to create uid's anyway for the files etc.
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-leave@dovecot.org

If I understood correctly the question, you ask why do not add the ldap users to system ( like using pam ldap plugin) .

This will certainly work but I consider more secure to have pure e-mail users, not system users - which can have shell, local folder and so on ( sure it can be restricted but why bother if nobody will ssh on that server).

But the main reason is the scalability: if your setup became bigger you can consider to have different servers ( or containers), adding multiple ldap servers for redundancy and so on...