[Dovecot] Overlapping userdb/passdbs
I have an ldap server for which each entry includes the email address and the username portion of the email address for authentication. Authentication works by username if the username is unique among all the entries. I need to now add some users which must authenticate even if the username is not unique. I figured one way to do this would be to add a second user/pass db which puts further restrictions on the ldap query to make it unique for those users. This doesn't seem to work however as if the user is found in the first ldap query but the password does not match it does not try the second. I would use the password as part of the query but this setup requires me to allow the client to hash the password. Is there a way to do this? Or maybe I am approaching the problem wrong.
On 26.10.2012, at 22.13, James Devine wrote:
I have an ldap server for which each entry includes the email address and the username portion of the email address for authentication. Authentication works by username if the username is unique among all the entries. I need to now add some users which must authenticate even if the username is not unique. I figured one way to do this would be to add a second user/pass db which puts further restrictions on the ldap query to make it unique for those users. This doesn't seem to work however as if the user is found in the first ldap query but the password does not match it does not try the second. I would use the password as part of the query but this setup requires me to allow the client to hash the password. Is there a way to do this? Or maybe I am approaching the problem wrong.
You'd need to update this patch:
http://dovecot.org/patches/2.0/auth-multi-password-2.0.diff
It worked for v1.1 and maybe for v1.2. I never included it mainly because I never had time to check if it had any security issues.
participants (2)
-
James Devine
-
Timo Sirainen