Congratulations,

Your solution has worked with six w2k3 domain controllers and 20.000 accounts !!!!


RedHat Enterprise Linux 4.0 UP 2
Dovecot: dovecot-1.0-0_33.rc15.el4.at.i386.rpm 


Thanks



On Thu, 2006-11-09 at 10:47 +0000, Chris Wakelin wrote:
> 
> Matheus Antonio Oliveira wrote:
> > People,
> > 
> > Almost resolved, but with "blank password" against a "active directory - ldap - 
> > windows 2003 sp1" the user was logged in. See following logs.
> > 
> > Good notice: the situation doesn't happen in "active directory - ldap - windows 
> > 2000 sp4"
> > 
> 
> Oh dear - you're right! We're using 2003 Active Directory (but in "2000
> mode") and I can repeat the behaviour with my test rc12 server ...
> 
> * OK University of Reading IMAP test ready.
> . LOGIN <username> ""
> . OK Logged in.

Umm.. The auth bind succeeds with the empty password?

So should I just add a check that empty password will always fail if
auth_bind=yes? This prevents having users who don't have a password (eg.
they'd be proxied elsewhere), but I guess it's not that important.