[Dovecot] Authenticating dovecot against Active Directory using bsdauth and login_ldap

Timo Sirainen tss at iki.fi
Sun Oct 15 22:28:30 UTC 2006


On Sun, 2006-10-15 at 21:48 +0100, Martin Croker wrote:
> The approach I've taken (being the only one I was able to make work)
> is to use login_ldap to perform bind authentication against Active
> Directory/LDAP and authenticate dovecot using bsdauth. As far as I can
> tell the dovecot ldap authentication module requires access to the
> encrypted password field to which Active Directory does not permit
> access.

You should be able to user Dovecot's LDAP code by using auth_bind=yes.

> These lines seem to require that the pw structure contains the
> encrypted password in pw->pw_passwd. Where login_ldap is used against
> Active Directory the encrypted password is not available to bsdauth
> and instead pw->pw_passwd contains '*'. If auth_userokay is called
> independently it is however able to authenticate the user correctly,
> as such I wonder if the IS_VALID_PASSWD check is actually necessary.

Yea, I guess they're not useful. I'll remove them.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20061016/34fe5532/attachment-0001.pgp 


More information about the dovecot mailing list