[Dovecot] dovecot + LDAP-SASL ?

Timo Sirainen tss at iki.fi
Tue Aug 7 11:20:08 EEST 2007


On Tue, 2007-08-07 at 08:38 +0200, Hadmut Danisch wrote:
> Hi,
> 
> just a question:
> 
> I know that dovecot supports SASL authentication and supports LDAP.
> Which means that dovecot performs the SASL methods itself and stores the
> plaintext secret on LDAP.
> 
> But it is also possible to have the LDAP do the SASL work and dovecot just
> pass SASL messages through? Even when the LDAP server uses a proprietary
> SASL method not supported by dovecot?

For plaintext authentication you can use authentication binds and have
the password stored on LDAP side in any way you want.

For non-plaintext authentication Dovecot needs the secret in plaintext
or some other specific format. LDAP doesn't support "SASL forwarding".
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20070807/e24a8859/attachment.bin 


More information about the dovecot mailing list