But this is something old that I had and am not using. This allows the cn=dovecot to also access the password field. I am not sure if that is necessary/wanted.

LDAP server directly using the login and password provided by the
client. To perform authentication, it must execute a BIND by an
intermediate user, regardless of where the password check takes place -
in LDAP or in Dovecot.

Are there any other ways for the client to log in directly with their
credentials on the Dovecot server?

Yes forget about using ldap in dovecot, and configure ldap for the os and let dovecot authenticate against the os.


_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-leave@dovecot.org

I really got your point, but how you will implement aliases or domain query or maybe quota? You still need to access ldap directly for other info's.

I mean, dovecot can probably use linux login but i'm not sure about the MTA.  Unless you have a fixed list of domains added manually.

Anyway, it is not required to use the manager credentials for retrieving users. Can be an user who only have rights to read users ( you need to retrieve the dn for the next bind with this dn and the password provided by user).