Hello,
I've got dovecot set up to authenticate against our LDAP server. So far seems to work well.
I have two concerns that I haven't been able to find answers for in the documentation or archives.
Is there any intention to support "authentication binds" so you don't have to bind as a user with read privileges to everyone's userPassword attribute? For security purposes I'd like to see this functionality.
And my next concern would become a non-issue if the above was supported, but is there a way to set the dnpass equal to a SSHA password? When I try setting it like this:
dnpass = {SSHA}VhxqnmwCLVQj7g3rQV+g9F3XnaJ6bRXR
in dovecot-ldap.conf
It still tries to do a simple bind and fails. I get this error:
dovecot-auth: LDAP: ldap_simple_bind_s() failed
(dn cn=authadmin,ou=people,dc=domain,dc=com): Invalid credentials
I'd prefer not to have the password for the authentication admin user stored in plain text in the conf file.
Thanks, -jared