so far I had a setup where Dovecot was using a passwd file as userdb and passdb. Postfix was then authenticating with Dovecot via SASL to validate user accounts. Now I added an LDAP backend and would like to use that for Dovecot and Postfix. My first approach was to change the passdb to use the LDAP driver with the following settings: hosts = openldap:1389 base = ou=users,dc=example,dc=com auth_bind = yes auth_bind_userdn = uid=%n,ou=users,dc=example,dc=comSo why not handle this on the os? Have the os publish the ldap users, and have dovecot handle os users. It needs to create uid's anyway for the files etc. _______________________________________________ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
If I understood correctly the question, you ask why do not add the ldap users to system ( like using pam ldap plugin) .
This will certainly work but I consider more
secure to have pure e-mail users, not system users - which can
have shell, local folder and so on ( sure it can be restricted
but why bother if nobody will ssh on that server).
But the main reason is the scalability: if your
setup became bigger you can consider to have different servers (
or containers), adding multiple ldap servers for redundancy and
so on...