[Dovecot] password_verify in test67 with ldap
Thomas Hummel
hummel at pasteur.fr
Mon Apr 18 19:51:17 EEST 2005
Hello Timo,
your patch introducing pass_attr_names and user_attr_names fixed the
problem of the 'shared' attr_names member of [passdb|userdb]_ldap_conn
as I answered in the relative thread.
Now I think there is a problem while comparing user-provided and
ldap-provided passwords causing a false 'password mismatch' situation,
while using PLAIN mechanism with LDAP authentication.
As a matter of fact, the user provided by the user, as read in the
'mech_plain_auth_continue' function is passed as an argument in the
'auth_request_verify_plain' function which, in turns pass it to the
function pointed to by 'passdb->verify_plain' (that is
'ldap_verify_plain') which doesn't use it [instead maybe of setting
the 'passdb_ldap_request' 'password' field with it ?].
So once back from the LDAP request, when in 'handle_request' we call
'password_verify', the password we try to match against the one read
in the LDAP db is null.
Did I get it right ?
Thanks
--
Thomas Hummel | Institut Pasteur
<hummel at pasteur.fr> | Pôle informatique - systèmes et réseau
More information about the dovecot
mailing list