-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Tue, 6 Aug 2013, Bo Lynch wrote:
passdb pam { } passdb ldap { args = /etc/dovecot-ldap.pass }
Is it possible to have 2 auth methods? Meaning if user and passwd does not match in pam then go with ldap?
as far as I know, if PAM returns "no such user", the next passdb is tried. If PAM returns "password mismatch", it chains to next passdb.
BTW: Dovecot also caches passwords, maybe you are hit by it?
In the logs I am seeing dovecot: Aug 06 09:08:45 Info: auth(default): ldap(blynch,69.21.103.133):
On Tue, August 6, 2013 9:04 am, Steffen Kaiser wrote:
pass search: base=dc=ameliaschools,dc=com scope=subtree
filter=(&(objectClass=posixAccount)(uid=blynch)) fields=uid, userPassword
dovecot: Aug 06 09:08:45 Info: auth(default): ldap(blynch,69.21.103.133):
result: uid(user)=blynch
dovecot: Aug 06 09:08:46 Info: auth(default): client out: FAIL 1
user=blynch temp
and
dovecot: Aug 06 09:08:48 Error: auth(default): ldap(blynch,69.21.103.133):
No password in reply