# NOTE: We don't support "authentication binds", so you'll have to give
# dovecot-auth read access to userPassword field in LDAP server. With OpenLDAP
# this is done by modifying /etc/ldap/slapd.conf. There should already be
# something like this:

# access to attribute=userPassword
#        by dn="<dovecot's dn>" read # add this
#        by anonymous auth
#        by self write
#        by * none

# Space separated list of LDAP hosts to use. host:port is allowed too.
#hosts = localhost

# Distinguished Name - the username used to login to the LDAP server
#dn = 

# Password for LDAP server
#dnpass = 

# LDAP protocol version to use. Likely 2 or 3.
#ldap_version = 2

# LDAP base
base = uid=someone, dc=foo, dc=bar, dc=org

# Dereference: never, searching, finding, always
#deref = never

# Search scope: base, onelevel, subtree
#scope = subtree

# User attributes in order:
#  Virtual user name (user@domain)
#  Home directory
#  MAIL environment
#  System user name (for initgroups())
#  System UID
#  System GID
#  Chroot to home directory? (yes / no)
#user_attrs = uid,homeDirectory,,uid,uidNumber,gidNumber

# Filter for user lookup. Some variables can be used:
#   %u - username
#   %n - user part in user@domain, same as %u if there's no domain
#   %d - domain part in user@domain, empty if user there's no domain
#user_filter = (&(objectClass=posixAccount)(uid=%u))

# Password checking attributes in order:
#  Virtual user name (user@domain)
#  Password, may optionally start with {type}, eg. {crypt}
#pass_attrs = uid,userPassword

# Filter for password lookups
#pass_filter = (&(objectClass=posixAccount)(uid=%u))

# Default password scheme. "{scheme}" before password overrides this.
# Currently supported schemes include PLAIN, PLAIN-MD5, DIGEST-MD5, CRYPT
#default_pass_scheme = CRYPT

# You can use same UID and GID for all user accounts if you really want to.
# If the UID/GID is still found from LDAP reply, it overrides these values.
#user_global_uid = 
#user_global_gid =