On Tue, Oct 05, 2004 at 03:14:58PM +0200, Adam Pordzik wrote:
Hello,
am I right, that dovecot can't cope with ldap so authentification is handled by ldap itself? And, for that I have to use {CRYPT} and cannot use other mechanisms as {SMD5}
Dovecot doesn't support handing off authentication to LDAP, unless you use PAM (which eliminates the possibility of CRAM-MD5 or DIGEST-MD5 authentication).
Dovecot supports the RFC2307 userPassword LDAP attribute and through that the following schemes:
{CRYPT} {MD5} (note: Dovecot's {MD5} differs from LDAP's {MD5}) {PLAIN} {DIGEST-MD5} {SHA1} {PLAIN-MD5}
You can fix the MD5 issue and gain support for {SMD5} with my patch at http://www.roughtrade.net/dovecot/dovecot-ldap-md5-quirk-0.99.10.6.diff although I haven't tested this recently. Let me know if it works for you.
NB The 1.0-test series also adds support for more password hashes:
{SHA} / {SHA1} / {SMD5} / {SSHA} / {CLEARTEXT} / {HMAC-MD5} / {LDAP-MD5} {LANMAN} / {NTLM} / {RPA}
AFAIK, all the above are either directly compatible with OpenLDAP's authentication behaviour or can at least be stored in userPassword.
J
-- Joshua Goodall "as modern as tomorrow afternoon" joshua@roughtrade.net - FW109