docs: warn about lack of trimming on the LDAP bind password

default.nix

@@ -425,6 +425,11 @@ in
           example = "/run/my-secret";
           description = ''
             File containing the password required to bind against the LDAP server.
+
+            :::{warning}
+            The password file is read verbatim. Any trailing newline will become
+            part of the password and may cause authentication failures.
+            :::
           '';
         };
       };

docs/release-notes.rst

@@ -64,6 +64,9 @@ LDAP
   typical LDAP practices. The exact attribute can be customized through
   :option:`mailserver.ldap.attributes.username`.
 
+- The LDAP bind password is now read verbatim without trimming whitespace. Any
+  trailing newline is now preserved and may cause authentication failures.
+
 - Local and LDAP accounts can now coexist. For overlapping accounts and addresses
   the local account will always win.