Some FYIs
I dont use ldap/active dir as this is more of a microsoft thing
microsoft AD was designed more for users accessing network resources (ie drive mappings etc)
also yes it can apparently be used via ldap ?
Active Directory
When connecting to AD, you may need to use port 3268. Then again, not all LDAP fields are available in port 3268. Use whatever works. https://technet.microsoft.com/en-us/library/cc978012.aspx
A director proxy doesn’t need userdb configuration (unlike backends).
passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap }
The included dovecot-ldap-director.conf.ext can be used as template for the /etc/dovecot/dovecot-ldap.conf.ext. Its most important settings are:
hosts = ldap.example.com dn = cn=admin,dc=example,dc=com dnpass = secret base = dc=example,dc=com
Configure how the LDAP server is reached. Active directory allows binding with username@domain.
auth_bind_userdn = %u auth_bind = yes
Use LDAP authentication binding for verifying users’ passwords.
pass_attrs = =proxy=y, =proxy_timeout=10, =user=%{ldap:mailRoutingAddress}, =password=%{ldap:userPassword}
Normalize the username to exactly the mailRoutingAddress field’s value regardless of how the pass_filter found the user.
pass_filter = (mailRoutingAddress=%u) iterate_attrs = mailRoutingAddress=user iterate_filter = (objectClass= messageStoreRecipient)
from :
https://doc.dovecot.org/2.3/configuration_manual/authentication/ldap/
dovecot is more of a unix style programming allowing for postgresql (what i use), mysql, passwd etc
hope this points you in the right direction.
Thanks - Paul Kudla (Manager SCOM.CA Internet Services Inc.)
Have A Happy Sunday AND Happy Sucessful 2026 !
Scom.ca Internet Services <http://www.scom.ca> 104-1009 Byron Street South Whitby, Ontario - Canada L1N 4S3
Toronto 416.642.7266 Main 1.866.411.7266 Fax 1.888.892.7266 Email paul@scom.ca
On 2026-01-25 3:50 AM, ByteWave via dovecot wrote:
Are there any Dovecot configuration examples for linking an Active Directory? The documentation doesn't mention it, and my configuration only works for IMAP authentication; for some unknown reason, the user is then not found...
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org