diff --git a/README.md b/README.md
index bc34aab..73053e9 100644
--- a/README.md
+++ b/README.md
@@ -90,7 +90,7 @@ Default password scheme used on the ldap host.
 List of characters allowed in a username.
 
 ## AUTH_MECHANISMS
-- default: plain login
+- default: plain
 
 Space seperated list of supported [authentication mechanisms](http://wiki2.dovecot.org/Authentication/Mechanisms).
 
diff --git a/rootfs/etc/confd/templates/10-auth.conf.tmpl b/rootfs/etc/confd/templates/10-auth.conf.tmpl
index e40f07c..f7c7b0f 100644
--- a/rootfs/etc/confd/templates/10-auth.conf.tmpl
+++ b/rootfs/etc/confd/templates/10-auth.conf.tmpl
@@ -1,4 +1,4 @@
 auth_username_chars = {{getenv "ALLOWED_USERNAME_CHARS" "äöüabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@"}}
 auth_username_format = %Lu
-auth_mechanisms = {{getenv "AUTH_MECHANISMS" "plain login"}}
+auth_mechanisms = {{getenv "AUTH_MECHANISMS" "plain"}}
 !include auth-ldap.conf.ext
diff --git a/rootfs/etc/confd/templates/app-passwords-lookup.lua.tmpl b/rootfs/etc/confd/templates/app-passwords-lookup.lua.tmpl
index 7078b3a..5edda4b 100644
--- a/rootfs/etc/confd/templates/app-passwords-lookup.lua.tmpl
+++ b/rootfs/etc/confd/templates/app-passwords-lookup.lua.tmpl
@@ -4,7 +4,7 @@ function auth_passdb_lookup(req)
     local ldap_host = "{{ getenv "LDAP_HOST" }}"
     local ldap_bin_dn = "{{ getenv "LDAP_BIND_DN" }}"
     local ldap_bind_password = "{{ getenv "LDAP_BIND_PASSWORD" }}"
-    local ldap_use_tls = {{ getenv "LDAP_USE_TLS" }}
+    local ldap_use_tls = {{ if eq (getenv "LDAP_USE_TLS") "yes" }}true{{ else }}false{{ end }}
 
     ld = assert (lualdap.open_simple(
         ldap_host,
@@ -27,12 +27,12 @@ function auth_passdb_lookup(req)
         local app_base_dn = "{{ getenv "LDAP_APP_PASSWORDS_BASE_DN" }}"
         local app_base_dn_formatted = app_base_dn:gsub("%%u", username)
         local app_pass_filter = "{{ getenv "LDAP_APP_PASSWORDS_FILTER" }}"
-        local ldap_user_attribute = "{{ getenv "LDAP_USER_ATTRIBUTE" }}"
+        local ldap_user_attribute = "{{ getenv "LDAP_USER_ATTRIBUTE" "cn" }}"
 
         local user_password = req.password
 
         for dn, attribs in ld:search { base = app_base_dn_formatted, scope = "subtree", filter = app_pass_filter } do
-            lualdap.open_simple(
+            local test_conn = lualdap.open_simple(
                 ldap_host,
                 dn,
                 user_password,
@@ -45,7 +45,7 @@ function auth_passdb_lookup(req)
         return dovecot.auth.PASSDB_RESULT_USER_UNKNOWN, "no such user"
     end
 
-    return dovecot.auth.PASSDB_RESULT_NEXT, "no app password matches"
+    return dovecot.auth.PASSDB_RESULT_NEXT, ""
 end
 
 function script_init()