I really got your point, but how you will implement aliases
has nothing to do with dovecot, sendmail can get those from ldap.
or domain sendmail gets these from ldap (but requires a restart)
query or maybe quota? You still need to access ldap directly for other info's. quotas can be/are distributed to the os by ldap. But it depends a bit on your setup, and if you have multiple file systems.
I mean, dovecot can probably use linux login but i'm not sure about the MTA. Unless you have a fixed list of domains added manually.
I have on different servers cron jobs running, getting every 5?min modified/created records and then do a restart or something else. All these processes have own entity in ldap with own acls. sendmail can get anything you want from ldap. For outgoing mail auth, I have sendmail use os users (which come from ldap)
So in the end you still access ldap from another program but not from dovecot :)
I don't get your point. The goal for using ldap is having a centralized database that distributes information. How you choose to implement this, is depending on your requirements.
You avoid to authenticate users directly only to send the credentials of some privilleged user from postfix/sendmail/whatever script...
Not to avoid. Other applications have different needs and thus different acl's. Dovecot does not need to know a users email address or alias. Only the MTA needs to know. The relaying MTA does not need to know the user etc.