Joshua Goodall wrote:
On Tue, Oct 05, 2004 at 03:14:58PM +0200, Adam Pordzik wrote:
Hello,
am I right, that dovecot can't cope with ldap so authentification is handled by ldap itself? And, for that I have to use {CRYPT} and cannot use other mechanisms as {SMD5}
Dovecot doesn't support handing off authentication to LDAP, unless you use PAM (which eliminates the possibility of CRAM-MD5 or DIGEST-MD5 authentication).
Thank you. I've now also read Timo's posts on that.
Dovecot supports the RFC2307 userPassword LDAP attribute and through that the following schemes:
Anyway, I've recompiled OpenLDAP with crypt support, since in addition it also offers a more simple way to migrate existing posix acocunts.
Although I appreciate your work I doubt that this is the right way: Everytime a new encryption comes to any ldap-server, dovecot has to follow. I'm really, really no Unix/C programer, so I can't appraise what makes more work: To (re-)implement a new hash algorithm or to support auth. ldap binds.
So, might it be better to abandon ldap entirely, to advantage of pam? Or, maintaining a separate attribute "dovecotUserPasswort" or something like that, with an algorithm dovedot can handle.
{MD5} (note: Dovecot's {MD5} differs from LDAP's {MD5})
Does that means that dovecot can't authenticate users with an OpenLDAP MD5 hash?
You can fix the MD5 issue and gain support for {SMD5} with my patch at http://www.roughtrade.net/dovecot/dovecot-ldap-md5-quirk-0.99.10.6.diff although I haven't tested this recently. Let me know if it works for you.
Aha. But patching sources isn't my thing. After doing such, more things will be broken as before... :-(
A
--