Hi,
I've digged a bit deeper and found out, that if I use an attribute different from userPassword, digest-md5 and ldap works:
the following setting in dovecot-ldap.conf --------CUT-------- pass_attrs = uid,gecos --------CUT--------
... allows me to use the gecos string as password.
At first glance this looks like an ACL problem, but it isn't because plain authentication works (and I've crosschecked with ldapsearch).
Searching the ML archives I saw that there are a some ldap-issues in the 1.0-test series, but as I am using the latest stable 0.99.14 release (on debian sid) , this should (?) not be related.
Udo Rader
BestSolution.at GmbH http://www.bestsolution.at
On Sun, 8 May 2005 22:38:20 +0200, Udo Rader wrote
hi,
I am trying to set up dovecot with digest-md5 as authentication mechanism and openldap as passdb.
My problem is ... that I just can't get it working. PLAIN authentication works as expected, but no luck with digest-md5.
An excerpt from the two configuration files:
dovecot.conf: --------CUT-------- auth = default auth_mechanisms = plain digest-md5 auth_userdb = ldap /etc/dovecot/dovecot-ldap.conf auth_passdb = ldap /etc/dovecot/dovecot-ldap.conf --------CUT--------
dovecot-ldap.conf: --------CUT-------- user_filter = (&(objectClass=posixAccount)(|(mail=%u)(uid=%n))) pass_filter = (&(objectClass=posixAccount)(|(mail=%u)(uid=%n))) default_pass_scheme = plain --------CUT--------
My dovecot installation with plain authentication and OpenLDAP has been quite mature for a long time, so I doubt that it is an issue with openldap.
From Cryrus-SASL I know that in order to get DIGEST-MD5 running it is required to have plaintext passwords in the DIT, but that does not solve anything.
syslog tells me this:
dovecot-auth: May 08 21:25:09 Error: ldap(frodo): No password in reply
So any ideas on where I went wrong?
Udo Rader
BestSolution.at GmbH http://www.bestsolution.at