[Dovecot] ldap and digest-md5 problem

Hi,

I'm using dovecot-1.0.0 on gentoo box and I have problem with authentication using digest-md5 and passwords stored as plain text in ldap database, when I use cram-md5 it works, while digest-md5 give this error (squirrelmail login):

May 5 16:03:32 srv dovecot: auth(default): client in: AUTH 1
DIGEST-MD5 service=IMAP secured lip=127.0.0.1 rip=127.0.0.1 May 5 16:03:32 srv dovecot: auth(default): client out: CONT 1
[password hash] May 5 16:03:32 srv dovecot: auth(default): client in: CONT<hidden> May 5 16:03:32 srv dovecot: auth(default): ldap(user@domain.com,127.0.0.1): pass search: base=ou=domain.com,cn=Users,dc=domain,dc=com scope=subtree filter=(&(objectClass=posixAccount)(uid=user)) fields=userPassword May 5 16:03:32 srv dovecot: auth(default): ldap(user@domain.com,127.0.0.1): result: userPassword(password)=<hidden> May 5 16:03:32 srv dovecot: auth(default): digest-md5 (user@domain.com,127.0.0.1): password mismatch May 5 16:03:32 srv dovecot: auth(default): client out: FAIL 1
user=user@domain.com May 5 16:03:32 srv dovecot: imap-login: Aborted login: user=user@domain.com, method=DIGEST-MD5, rip=127.0.0.1, lip=127.0.0.1, secured

It seems that client and dovecot hashes calculated for DIGEST-MD5 are different, I tested squirrelmail 1.4.9a, kmail 3.5.6 both can't login using digest-md5 so maybe dovecot does not working correctly? Passwords where created using phpldapadmin and "clear" password type, cram-md5 logins are ok. I can't find any info on ldap and digest-md5 incompatibility in dovecot wiki, can anyone give my a hint?

my dovecot-ldap.conf: uris = ldaps://127.0.0.1 dn = uid=dovecot,cn=Daemons,dc=domain,dc=com dnpass = secret sasl_bind = no tls = no auth_bind = no ldap_version = 3 base = ou=%d,cn=Users,dc=domain,dc=com deref = never scope = subtree pass_attrs = userPassword=password pass_filter = (&(objectClass=posixAccount)(uid=%n)) default_pass_scheme = PLAIN

my dovecot.conf: protocols = imap imaps managesieve shutdown_clients = yes syslog_facility = mail ssl_cert_file = /etc/ssl/cert ssl_key_file = /etc/ssl/key verbose_ssl = no login_process_per_connection = yes login_processes_count = 2 login_max_processes_count = 10 login_user = dovecot login_dir = /var/run/dovecot/login login_chroot = yes mail_location = maildir:/var/mail/%d/%n mail_extra_groups = postfix mail_full_filesystem_access = no mail_debug = no verbose_proctitle = yes first_valid_uid = 2000 last_valid_uid = 2000 first_valid_gid = 2000 last_valid_uid = 2000 maildir_copy_with_hardlinks = yes disable_plaintext_auth = yes

protocol imap { imap_client_workarounds = outlook-idle }

protocol lda { postmaster_address = postmaster@domain.com hostname = domain.com mail_plugins = cmusieve }

auth_default_realm = pcserwis.net auth_username_format = %Lu auth_verbose = yes auth_debug = yes auth_debug_passwords = no

auth default { mechanisms = plain login cram-md5 digest-md5

passdb ldap { args = /etc/dovecot/dovecot-ldap.conf }

userdb static { args = uid=2000 gid=2000 home=/var/mail/%d/%n }

socket listen { client { path = /var/spool/postfix/private/auth mode = 0660 user = vmail group = postfix } master { path = /var/run/dovecot/auth-master mode = 0600 user = vmail } } }

protocol managesieve { listen = *:2000 login_executable = /usr/libexec/dovecot/managesieve-login mail_executable = /usr/libexec/dovecot/managesieve }

-- Łukasz Mierzwa