<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">You set ‘auth_bind' to ‘no' and and you make sure ‘dn’ and ‘dnpass’ are properly configured with a user with enough privileges to read users passwords.<br class=""><div><br class=""></div><div>And also, you make sure your pass_attrs contains a password attributes (containing the user password hash).</div><div><br class=""></div><div><br class=""><blockquote type="cite" class=""><div class="">Le 2 oct. 2019 à 19:33, David Wells - Alfavinil S.A. via dovecot <<a href="mailto:dovecot@dovecot.org" class="">dovecot@dovecot.org</a>> a écrit :</div><br class="Apple-interchange-newline"><div class="">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" class="">
<div text="#000000" bgcolor="#FFFFFF" class="">
Is there anywhere an example of how this would be setup? I
understand the use of a service account which I already setup but I
can't figure out how to use this service account to retrieve
information and authenticate users.<br class="">
<br class="">
Thanks!<br class="">
Best regards,<br class="">
David Wells.<br class="">
<br class="">
<br class="">
<div class="moz-cite-prefix">El 02/10/2019 a las 04:29, Aki Tuomi
escribió:<br class="">
</div>
<blockquote type="cite" cite="mid:969f801b-998a-56d4-2397-e1ebc0d09b80@open-xchange.com" class="">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" class=""><p class=""><br class="">
</p>
<div class="moz-cite-prefix">On 1.10.2019 17.33, David Wells -
Alfavinil S.A. via dovecot wrote:<br class="">
</div>
<blockquote type="cite" cite="mid:400f009b-bf7a-8ec5-5fbd-bda692dc0478@alfavinil.com" class="">
<meta http-equiv="content-type" content="text/html;
charset=utf-8" class="">
Good morning.<br class="">
<br class="">
I was just reading <a class="moz-txt-link-freetext" href="https://wiki.dovecot.org/AuthDatabase/LDAP/PasswordLookups" moz-do-not-send="true">https://wiki.dovecot.org/AuthDatabase/LDAP/PasswordLookups</a>
and found the following statement<br class="">
<blockquote type="cite" class="">When using <a href="https://wiki.dovecot.org/LDA" moz-do-not-send="true" class="">LDA</a>
and static userdb, deliver can check if destination user
exists. With auth binds this check isn't possible.</blockquote>
<br class="">
Is this still relevant? Is there a workaround? It seems like
using dovecots lmtp in an active directory environment is not
possible, is this correct?<br class="">
<div class="moz-forward-container"><br class="">
</div>
</blockquote><p class="">You cannot check user existence with auth binds because auth
bind requires user credentials.</p><p class="">This is why I suggested you use a "service user" in LDAP to
perform the database lookups instead of auth binds. You can
still authenticate your users using kerberos.<br class="">
</p><p class="">Aki<br class="">
</p>
</blockquote>
<br class="">
</div>
</div></blockquote></div><br class=""></body></html>