On 9 May 2024, at 19:45, Aki Tuomi aki.tuomi@open-xchange.com wrote:
On 09/05/2024 20:15 EEST Francis Augusto Medeiros-Logeay via dovecot
mailto:dovecot@dovecot.org> wrote: Hi,
I was wondering:
1 - Is it possible to configure authentication methods per user? For example, oauth2 for most users, but plain for others? 2 - I had a feeling that when oauth2 authentication fails, dovecot tries to authenticate via plain with the received token. Doesn’t seem logical, but I get my user blocked on my directory server (freeipa) after a few failed oath authentications. If so, can this be prevented?
Best,
Francis
dovecot mailing list -- dovecot@dovecot.org mailto:dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org mailto:dovecot-leave@dovecot.org Yep. See https://doc.dovecot.org/configuration_manual/authentication/password_databas...
you can filter by mechanism.
Aki
The weird thing is that I get this still:
May 09 21:45:47 auth: Error: oauth2(myuser@mydomain.com,48.237.124.127): oauth2 failed: Introspection failed: No username returned May 09 21:45:47 auth: Error: ldap(myuser@mydomain.com,48.237.124.127): ldap_bind() failed: Constraint violation
Even when I have my configuration like this:
auth_mechanisms = $auth_mechanisms xoauth2 oauthbearer
passdb { driver = oauth2 mechanisms = xoauth2 oauthbearer args = /etc/dovecot/dovecot-oauth2.conf.ext result_failure=return-fail }
What could be the cause?
Best, Francis