# Authentication for LDAP users. Included from auth.conf.
#
# <https://doc.dovecot.org/latest/core/config/auth/databases/ldap.html>

## See <https://doc.dovecot.org/latest/core/config/dict.html#ldap>

ldap_uris = ldap://${LDAP_SERVER_HOST}
ldap_auth_dn = ${LDAP_BIND_DN}
ldap_auth_dn_password = ${LDAP_BIND_PWD}
ldap_base = ${LDAP_SEARCH_BASE}
ldap_version = 3

passdb ldap {
  filter = (&(objectClass=PostfixBookMailAccount)(|(uniqueIdentifier=%{user})(mail=%{user})))
#  ldap_bind = no

  fields {
    # user=%{ldap:uid}
    # password=%{ldap:userPassword}
    # userdb_home=%{ldap:homeDirectory}
    # userdb_uid=%{ldap:uidNumber}
    # userdb_gid=%{ldap:gidNumber}
    user=%{ldap:uniqueIdentifier}
    password=%{ldap:userPassword}
  }
}

# "prefetch" user database means that the passdb already provided the
# needed information and there's no need to do a separate userdb lookup.
# <https://doc.dovecot.org/latest/core/config/auth/databases/prefetch.html>
#userdb prefetch {
#}

userdb ldap {
  filter = (&(objectClass=PostfixBookMailAccount)(|(uniqueIdentifier=%{user})(mail=%{user})))

# Default fields can be used to specify defaults that LDAP may override
  fields {
#    home=/home/virtual/%{user}
    home=%{ldap:mailHomeDirectory}
    uid=%{ldap:mailUidNumber}
    gid=%{ldap:mailGidNumber}
    mail=%{ldap:mailStorageDirectory}
  }
}

# If you don't have any user-specific settings, you can avoid the userdb LDAP
# lookup by using userdb static instead of userdb ldap, for example:
# <https://doc.dovecot.org/latest/core/config/auth/databases/static.html>
#userdb static {
  #fields {
  #  uid = vmail
  #  gid = vmail
  #  home = /var/vmail/%{user}
  #}
#}