On Sun, 2006-10-15 at 21:48 +0100, Martin Croker wrote:
The approach I've taken (being the only one I was able to make work) is to use login_ldap to perform bind authentication against Active Directory/LDAP and authenticate dovecot using bsdauth. As far as I can tell the dovecot ldap authentication module requires access to the encrypted password field to which Active Directory does not permit access.
You should be able to user Dovecot's LDAP code by using auth_bind=yes.
These lines seem to require that the pw structure contains the encrypted password in pw->pw_passwd. Where login_ldap is used against Active Directory the encrypted password is not available to bsdauth and instead pw->pw_passwd contains '*'. If auth_userokay is called independently it is however able to authenticate the user correctly, as such I wonder if the IS_VALID_PASSWD check is actually necessary.
Yea, I guess they're not useful. I'll remove them.