7 Aug
2007
7 Aug
'07
11:20 a.m.
On Tue, 2007-08-07 at 08:38 +0200, Hadmut Danisch wrote:
Hi,
just a question:
I know that dovecot supports SASL authentication and supports LDAP. Which means that dovecot performs the SASL methods itself and stores the plaintext secret on LDAP.
But it is also possible to have the LDAP do the SASL work and dovecot just pass SASL messages through? Even when the LDAP server uses a proprietary SASL method not supported by dovecot?
For plaintext authentication you can use authentication binds and have the password stored on LDAP side in any way you want.
For non-plaintext authentication Dovecot needs the secret in plaintext or some other specific format. LDAP doesn't support "SASL forwarding".