LDAP Authentication

[TravisWhitehead]

In the future we may wish to use LDAP authentication with Dovecot.

LDAP can be used with Dovecot in two manners: with authentication binds or password lookups. (Password lookups are probably more desirable unless we don't want Dovecot to be able to access LDAP hashes for security reasons.)

Overview:

1. Research and decide between authentication binds or password lookups
2. Create recipe included with its own enable_userdb and enable_passdb attributes, see how osl-imap::auth_sql and osl-imap::auth_system are set up for examples
3. Determine changes needed on LDAP's end (depends on decision in step 1, see Dovecot's wiki)

Relevant:

• https://wiki.dovecot.org/AuthDatabase/LDAP
• https://wiki.dovecot.org/AuthDatabase/LDAP/PasswordLookups
• https://wiki.dovecot.org/AuthDatabase/LDAP/Userdb
• https://github.com/zuazo/dovecot-cookbook#ldap-authentication-attributes

[TravisWhitehead]

Another alternative would be to setup LDAP on the system level via NSS & PAM and then tell Dovecot to use the system/passdb/PAM userdb & passdb.