After I found out that {CRYPT} doesn't support passwords longer than 8 characters, I decided to switch over to MD5 for user passwords in my LDAP database. However, while I have no problem with Postfix + SASL, Dovecot fails to authenticate.
Relevant bits from /etc/dovecot-ldap.conf:
user_attrs = mailAddress,,,,, # The search string is identical to what's found in /etc/saslauthd.conf: user_filter = (&(|(uid=%u)(mailAddress=%u))(status=active)) pass_attrs = mailAddress,userPassword pass_filter = (&(|(uid=%u)(mailAddress=%u))(status=active)) default_pass_scheme = PLAIN-MD5
When I try to connect using either KMail or SquirrelMail (which worked just fine before I switched schemes), the following error appears in /var/log/syslog: ldap(user@mydomain.tld): password mismatch
But when I try 'testsaslauthd -u user@mydomain.tld -p longpassword' it authenticates just fine. I have the line 'password-hash {MD5}' in /etc/ldap/slapd.conf, and I used 'slappasswd -h {MD5}' to create the MD5 versions of the passwords. Dovecot is v. 0.99.11. If I can't figure out how to get it to work with MD5, I guess I'll have to go back to CRYPT, but it would be nice to have longer passwords... :Peter