{% if dovecot.ldap.enable %}
## Debug everything
# debug_level = -1

uris = {{ dovecot.ldap.uris }}

# Use TLS to connect to the LDAP server.
# Set to no because we use LDAPS and dovecot tells you this is not possible together
tls = no

dn = {{ dovecot.ldap.bind_dn }}
dnpass = {{ dovecot.ldap.bind_pw }}

# TLS options, currently supported only with OpenLDAP:
tls_ca_cert_file = {{ dovecot.ldap.tls.ca }}
#tls_ca_cert_dir =
#tls_cipher_suite =

# TLS cert/key. This must be set only if LDAP server requires a client certificate.
# If you set it in other cases, the LDAP connection will fail.
# tls_cert_file =
# tls_key_file =

# Valid values: never, hard, demand, allow, try
tls_require_cert = hard

auth_bind = yes
pass_filter = {{ dovecot.ldap.filter }}

ldap_version = 3
base = {{ dovecot.ldap.base }}
deref = never
scope = subtree

user_attrs = \
{% for attr in dovecot.ldap.user_attrs %}
={{ attr.attr }}={{ attr.value }}{% if not loop.last %}, \
{% endif %}
{% endfor %}

user_filter = {{ dovecot.ldap.filter }}

default_pass_scheme = {{ dovecot.ldap.default_pass_scheme }}

# iterate_attrs = mail=user # Wird vor allem von "doveadm" benötigt, um Benutzer zu finden
# iterate_filter = (objectClass=person)
{% else %}
# LDAP is not configured for this instance.
{% endif %}