But this is something old that I had and am not using. This allows the cn=dovecot to also access the password field. I am not sure if that is necessary/wanted.
LDAP server directly using the login and password provided by the client. To perform authentication, it must execute a BIND by an intermediate user, regardless of where the password check takes place - in LDAP or in Dovecot.
Are there any other ways for the client to log in directly with their credentials on the Dovecot server? Yes forget about using ldap in dovecot, and configure ldap for the os and let dovecot authenticate against the os.
dovecot mailing list --dovecot@dovecot.org To unsubscribe send an email todovecot-leave@dovecot.org
I really got your point, but how you will implement aliases or domain query or maybe quota? You still need to access ldap directly for other info's.
I mean, dovecot can probably use linux login but i'm not sure about the MTA. Unless you have a fixed list of domains added manually.
Anyway, it is not required to use the manager credentials for retrieving users. Can be an user who only have rights to read users ( you need to retrieve the dn for the next bind with this dn and the password provided by user).