One not obvious feature in courier imap is the superuser account. The feature is a bit hidden in documentation for courier-authlib (see man auth_generic). It is based on the IMAP group functionality of courier.
You can assign a user account to different groups independently from other (system) groups the belongs to. The group assignement is implemented with the option field in courier-authlib, see man auth_generic.
There is a special group name “administrators”. If you assign one account to that group you have automatically full access to all other users mailboxes and folders over the #shared namespace. This is especially usefull when doing e.g. email migration over IMAP from one server to another.
If you use courier-authlib-ldap there is neither a explicit option field nor a groups field in couriers LDAP scheme. But you can assign arbitrary text attributes to group setting with the LDAP_AUXOPTIONS variable. As I don’t use the sharedgroup attribute I simply misused it for the group setting by adding the following to /etc/authlib/authldaprc:
LDAP_AUXOPTIONS disableimap=disableimap,disablepop3=disablepop3,disablewebmail=disablewebmail,sharedgroup=group