Hi,
I read a lot of howto's and I got problems with LDAP and Dovecot to work together.
I'm using: Gentoo Linux 2008.0 hardened Dovecot 1.1.7 Kernel 2.6.26 OpenLDAP 2.3.43
My dovecot-ldap.conf is: uris = ldaps://auth.mydomain.com:636 auth_bind = yes auth_bind_userdn = uid=%u,ou=People,dc=mydomain,dc=com ldap_version = 3 base = ou=People,dc=mydomain,dc=com deref = never scope = subtree user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid user_filter = (&(objectClass=posixAccount)(uid=%u)) pass_attrs = uid=user,userPassword=password pass_filter = (&(objectClass=posixAccount)(uid=%u)) default_pass_scheme = CRYPT
I also tried default_pass_scheme = MD5-CRYPT
In the logs I find smething like this:
Feb 16 12:20:49 mail dovecot: Dovecot v1.1.7 starting up
Feb 16 12:20:50 mail dovecot: auth(default): new auth connection: pid=30582
Feb 16 12:20:50 mail dovecot: auth(default): new auth connection: pid=30583
Feb 16 12:20:50 mail dovecot: auth(default): new auth connection: pid=30584
Feb 16 12:20:53 mail dovecot: auth(default): new auth connection: pid=30585
Feb 16 12:20:58 mail dovecot: auth(default): client in: AUTH 1
PLAIN service=imap secured lip=172.30.0.10 rip=172.30.0.254
lport=993
rport=51269
Feb 16 12:20:58 mail dovecot: auth(default): client out: CONT 1
Feb 16 12:20:58 mail dovecot: auth(default): client in: CONT 1
AGd1ZW50aGVyADE*********=
Feb 16 12:20:58 mail dovecot: auth(default):
ldap(guenther,172.30.0.254): invalid credentials
Feb 16 12:21:00 mail dovecot: auth(default): client out: FAIL 1
user=guenther
Feb 16 12:21:00 mail dovecot: auth(default): client in: AUTH 2
PLAIN service=imap secured lip=172.30.0.10 rip=172.30.0.254
lport=993
rport=51269 resp=AGd1ZW50aGVyADE*********=
Feb 16 12:21:00 mail dovecot: auth(default):
ldap(guenther,172.30.0.254): invalid credentials
Feb 16 12:21:02 mail dovecot: auth(default): client out: FAIL 2
user=guenther
It seems dovecot ignores the CRYPT password scheme. The password seems to be encrypted in SSHA.
What am I doing wrong please?? I am sure, the password is correct as I can login into the machine via nss_ldap and pam_ldap.
Regards
Günther