SASL External and LDAP - Login attempt with empty password - dovecot

26 Jul 2023


      Hi all,
I am trying to configure dovecot to accept SASL EXTERNAL authentication with a client certificate and no password.
I have tried the following configuration:
passdb {
driver = ldap
# Path for LDAP configuration file, see example-config/dovecot-ldap.conf.ext
args = /etc/dovecot/dovecot-ldap-external.conf.ext
mechanisms = external
default_fields = noauthenticate=y
}
In the logs I see dovecot correctly negotiate SASL EXTERNAL, but eventually we reach this line and we fail:
https://github.com/dovecot/core/blob/34a18f5a79bf7eca58e55aff3e1fe69468292d0...
Which is in turn reached by following this code:
https://github.com/dovecot/core/blob/34a18f5a79bf7eca58e55aff3e1fe69468292d0...
In theory, if I understand this correctly, what is missing is a field to say “don’t try check any password”, which field is this supposed to be? “nopassword”? “noauthenticate”?
I am happy to patch this, but need some guidance as what the correct approach is.
Regards,
Graham
—

SASL External and LDAP - Login attempt with empty password

Graham Leggett

tags

participants (1)