Although Dovecot provides it's own SASL, I opted for Cyrus SASL. It is fairly simple to configure both, but in this post I will demonstrate what worked for me.
ldap_servers: ldap://ldap.example.net ldap_version: 3 ldap_search_base: ou=Mail,dc=example,dc=net ldap_scope: sub ldap_filter: (&(uid=%u)(mailEnabled=TRUE)) ldap_auth_method: bind ldap_timeout: 10 ldap_time_limit: 10
For LDAP authentication the above options worked in my environment. To use the
mailEnabled attribute make sure postfix-book.schema is loaded into your LDAP implementation like OpenLDAP. With this we're basically saying users who have Enabled accounts are allowed to authenticate.
pwcheck_method: saslauthd mech_list: plain log_level: 7
Once everything is in place a simple
systemctl restart saslauthd is all that is needed. You should now be able to add your LDAP account credentials to any mail application's SMTP settings.