# NOTE: If you're not using authentication binds (which is default), you'll
# have to give dovecot-auth read access to userPassword field in LDAP server
# With OpenLDAP this is done by modifying /etc/ldap/slapd.conf. There should
# already be something like this:

# access to attribute=userPassword
#        by dn="<dovecot's dn>" read # add this
#        by anonymous auth
#        by self write
#        by * none

# Space separated list of LDAP hosts to use. host:port is allowed too.
#hosts = localhost

# Distinguished Name - the username used to login to the LDAP server
#dn = 

# Password for LDAP server
#dnpass = 

# Use authentication binding for verifying password's validity. This works by
# logging into LDAP server using the username and password given by client.
# NOTE: pass_attrs option will (naturally) be ignored if you enable this.
#auth_bind = no

# If authentication binding is used, you can save one LDAP request per login
# if users' DN can be specified with a common template. The template can use
# the standard %variables (see user_filter). For example:
#
#   auth_bind_userdn = cn=%u,ou=people,o=org
#
#auth_bind_userdn =

# LDAP protocol version to use. Likely 2 or 3.
#ldap_version = 2

# LDAP base. %variables can be used here.
base = uid=someone, dc=foo, dc=bar, dc=org

# Dereference: never, searching, finding, always
#deref = never

# Search scope: base, onelevel, subtree
#scope = subtree

# User attributes are given in LDAP-name=dovecot-internal-name list. The
# internal names are:
#  home: Home directory
#  mail: MAIL environment
#  system_user: System user name (for getting user's groups from /etc/group)
#    - For virtual users you don't want to use this, so this defaults to none.
#  uid: System user ID
#  gid: System group ID
#user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid

# Filter for user lookup. Some variables can be used (see
# http://wiki.dovecot.org/Variables for full list):
#   %u - username
#   %n - user part in user@domain, same as %u if there's no domain
#   %d - domain part in user@domain, empty if user there's no domain
#user_filter = (&(objectClass=posixAccount)(uid=%u))

# Password checking attributes:
#  user: Virtual user name (user@domain), if you wish to change the
#        user-given username to something else
#  password: Password, may optionally start with {type}, eg. {crypt}
#pass_attrs = uid=user,userPassword=password

# If you wish to avoid two LDAP lookups (passdb + userdb), you can use
# userdb prefetch instead of userdb ldap in dovecot.conf. In that case you'll
# also have to include user_attrs in pass_attrs field prefixed with "userdb_"
# string. For example:
#pass_attrs = uid=user,userPassword=password,homeDirectory=userdb_home,uidNumber=userdb_uid,gidNumber=userdb_gid

# Filter for password lookups
#pass_filter = (&(objectClass=posixAccount)(uid=%u))

# Default password scheme. "{scheme}" before password overrides this.
# List of supported schemes is in: http://wiki.dovecot.org/Authentication
#default_pass_scheme = CRYPT

# You can use same UID and GID for all user accounts if you really want to.
# If the UID/GID is still found from LDAP reply, it overrides these values.
#user_global_uid = 
#user_global_gid =