From cc7d959435fa58ce5e27c4f57c1a93cf322ed6b3 Mon Sep 17 00:00:00 2001
From: Kishi85 <git@eightyfive.net>
Date: Mon, 13 May 2019 21:30:13 +0200
Subject: [PATCH] mail: dovecot verify password by binding to ldap

---
 roles/mail/templates/dovecot/dovecot-ldap.conf.ext.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/mail/templates/dovecot/dovecot-ldap.conf.ext.j2 b/roles/mail/templates/dovecot/dovecot-ldap.conf.ext.j2
index 3b0ec3a..a8f5048 100644
--- a/roles/mail/templates/dovecot/dovecot-ldap.conf.ext.j2
+++ b/roles/mail/templates/dovecot/dovecot-ldap.conf.ext.j2
@@ -67,7 +67,7 @@ tls_require_cert = demand
 # The pass_filter is used to find the DN for the user. Note that the pass_attrs
 # is still used, only the password field is ignored in it. Before doing any
 # search, the binding is switched back to the default DN.
-#auth_bind = no
+auth_bind = yes
 
 # If authentication binding is used, you can save one LDAP request per login
 # if users' DN can be specified with a common template. The template can use