You set ‘auth_bind' to ‘no' and and you make sure ‘dn’ and ‘dnpass’ are properly configured with a user with enough privileges to read users passwords.
And also, you make sure your pass_attrs contains a password attributes (containing the user password hash).
Le 2 oct. 2019 à 19:33, David Wells - Alfavinil S.A. via dovecot <dovecot@dovecot.org> a écrit :
Is there anywhere an example of how this would be setup? I understand the use of a service account which I already setup but I can't figure out how to use this service account to retrieve information and authenticate users.
Thanks! Best regards, David Wells.
El 02/10/2019 a las 04:29, Aki Tuomi escribió:
On 1.10.2019 17.33, David Wells - Alfavinil S.A. via dovecot wrote:
Good morning.
I was just reading https://wiki.dovecot.org/AuthDatabase/LDAP/PasswordLookups <https://wiki.dovecot.org/AuthDatabase/LDAP/PasswordLookups> and found the following statement
When using LDA <https://wiki.dovecot.org/LDA> and static userdb, deliver can check if destination user exists. With auth binds this check isn't possible.
Is this still relevant? Is there a workaround? It seems like using dovecots lmtp in an active directory environment is not possible, is this correct?
You cannot check user existence with auth binds because auth bind requires user credentials.
This is why I suggested you use a "service user" in LDAP to perform the database lookups instead of auth binds. You can still authenticate your users using kerberos.
Aki