Hello list,
our users are authenticated against ldap-server. anything works fine...
dovecot: imap-login: Login: user=<xxx>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
but now we want to use secure passwords and not only plain over ssl. so we configured dovecot to use cram-md5 and configured the ldap-server with CRAM-MD5 passwords. as client we used thunderbird 2.0 and a webfrontend called roundcube. that does not work, because the server gives...
dovecot: auth(default): ldap(xxx,127.0.0.1): Password mismatch
then we tried to use DIGEST-MD5. we changed the ldap password to the created one with dovecotpw. but this doesnt work too. thunderbird requests CRAM-MD5 and not DIGEST-MD5.
so the log says: dovecot: auth(default): password(xxx,127.0.0.1): Requested CRAM-MD5 scheme, but we have only DIGEST-MD5 imap-login: Aborted login: user=<xxx>, method=CRAM-MD5
after that we changed the password back to CRAM-MD5, but we mad the failure not to delete the DIGEST-MD5 value. so the users had 2 passwords set...
{CRAM-MD5}e02d374fde0dc75a17a557039a3a5338c7743304777dccd376f332bee68d2cf6 {DIGEST-MD5}358aefa044c08e6c19711c8117714fb0
password is "test" in both cases. on the next try we start thunderbird it works. i dont know why and the log of dovecot says...
auth(default): ldap(xxx,127.0.0.1): Multiple password values not supported imap-login: Login: user=<xxx>, method=CRAM-MD5, rip=127.0.0.1, lip=127.0.0.1, secured
user was logged in using CRAM-MD5. it's not nice but it works. anyone have an idea why? because of apache-module to auth against ldap and apache doesnt support nor CRAM-MD5 or DIGEST-MD5 we have set the password third time using MD5.
So every user has three same passwords with different encryptions. Not nice - but it works. But what can we do to change this. I dont like to set passwords three times.
our configuration:
# /etc/dovecot/dovecot.conf ssl_cert_file: /etc/ssl/ssl.pem ssl_key_file: /etc/ssl/ssl.key login_dir: /var/run/dovecot/login login_executable: /usr/libexec/dovecot/imap-login mail_extra_groups: mail mail_location: mbox:/var/mail/dovecot/%n:INDEX=/var/mail/dovecot/indexes/%n mail_plugins: quota imap_quota auth default: mechanisms: plain login cram-md5 digest-md5 verbose: yes passdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf userdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf plugin: quota: maildir:storage=1024
# /etc/dovecot/dovecot-ldap.conf hosts = 127.0.0.1:389 dn = cn=dovecot,dc=xxx,dc=com dnpass = dovecot
sasl_bind = no sasl_mech = DIGEST-MD5 tls = no auth_bind = no
ldap_version = 3 base = ou=People,dc=xxx,dc=com scope = subtree
user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid user_filter = (&(objectClass=posixAccount)(uid=%u)) pass_attrs = uid=user,userPassword=password pass_filter = (&(objectClass=posixAccount)(uid=%u))
default_pass_scheme = DIGEST-MD5
best regards Andre