I finally got ldap working for accounts both in ldap and /etc/passwd. Here is my /etc/dovecot.conf file, with all comments removed.
protocols = imaps pop3s log_path = /var/log/dovecot.log ssl_cert_file = /usr/share/ssl/certs/imapd.pem ssl_key_file = /usr/share/ssl/certs/imapd.pem login_dir = /var/run/dovecot/login mmap_disable = yes first_valid_uid = 200 protocol imap { } protocol pop3 { } protocol lda { postmaster_address = postmaster@example.com } auth default { mechanisms = plain passdb pam { } passdb shadow { } passdb ldap { args = /etc/dovecot-ldap.conf } userdb passwd { } userdb ldap { args = /etc/dovecot-ldap.conf } user = root } dict { } plugin { }