[Dovecot] LDAP, MD5-CRYPT, invalid credentials, BUG or config issue?
guenther
guenther at onetreetechnologies.com
Mon Feb 16 13:24:01 EET 2009
Hi,
I read a lot of howto's and I got problems with LDAP and Dovecot to work
together.
I'm using:
Gentoo Linux 2008.0 hardened
Dovecot 1.1.7
Kernel 2.6.26
OpenLDAP 2.3.43
My dovecot-ldap.conf is:
uris = ldaps://auth.mydomain.com:636
auth_bind = yes
auth_bind_userdn = uid=%u,ou=People,dc=mydomain,dc=com
ldap_version = 3
base = ou=People,dc=mydomain,dc=com
deref = never
scope = subtree
user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid
user_filter = (&(objectClass=posixAccount)(uid=%u))
pass_attrs = uid=user,userPassword=password
pass_filter = (&(objectClass=posixAccount)(uid=%u))
default_pass_scheme = CRYPT
I also tried default_pass_scheme = MD5-CRYPT
In the logs I find smething like this:
Feb 16 12:20:49 mail dovecot: Dovecot v1.1.7 starting up
Feb 16 12:20:50 mail dovecot: auth(default): new auth connection: pid=30582
Feb 16 12:20:50 mail dovecot: auth(default): new auth connection: pid=30583
Feb 16 12:20:50 mail dovecot: auth(default): new auth connection: pid=30584
Feb 16 12:20:53 mail dovecot: auth(default): new auth connection: pid=30585
Feb 16 12:20:58 mail dovecot: auth(default): client in: AUTH 1
PLAIN service=imap secured lip=172.30.0.10 rip=172.30.0.254
lport=993
rport=51269
Feb 16 12:20:58 mail dovecot: auth(default): client out: CONT 1
Feb 16 12:20:58 mail dovecot: auth(default): client in: CONT 1
AGd1ZW50aGVyADE*********=
Feb 16 12:20:58 mail dovecot: auth(default):
ldap(guenther,172.30.0.254): invalid credentials
Feb 16 12:21:00 mail dovecot: auth(default): client out: FAIL 1
user=guenther
Feb 16 12:21:00 mail dovecot: auth(default): client in: AUTH 2
PLAIN service=imap secured lip=172.30.0.10 rip=172.30.0.254
lport=993
rport=51269 resp=AGd1ZW50aGVyADE*********=
Feb 16 12:21:00 mail dovecot: auth(default):
ldap(guenther,172.30.0.254): invalid credentials
Feb 16 12:21:02 mail dovecot: auth(default): client out: FAIL 2
user=guenther
It seems dovecot ignores the CRYPT password scheme. The password seems
to be encrypted in SSHA.
What am I doing wrong please??
I am sure, the password is correct as I can login into the machine via
nss_ldap and pam_ldap.
Regards
Günther
More information about the dovecot
mailing list