[Dovecot] LDAP: bind to LDAP server instead of retreiving a password from it?
Steffen Kaiser
skdovecot at smail.inf.fh-bonn-rhein-sieg.de
Mon Jul 10 10:38:04 EEST 2006
On Fri, 7 Jul 2006, Geert Hendrickx wrote:
> Dovecot currently treats an LDAP user/password database the same way as a text
> or SQL based database: it just tries to retreive the (hashed) password for a
> given username. LDAP however has the capability to authenticate the user
> itself: dovecot could try to bind to LDAP with the given username and password,
> and if authentication succeeded, the LDAP server returns the other info (uid,
> homedir, ...), but not the password. I know at least qmail's pop3 server uses
> LDAP this way. Could this authentication mechanism be implemented in Dovecot
> as well?
Does your dovecot-ldap.conf (the template one that is shipped with
Dovecot) mention this:
"# Use authentication binding for verifying password's validity. This
works by
# logging into LDAP server using the username and password given by
client.
# NOTE: pass_attrs option will (naturally) be ignored if you enable this.
#auth_bind = no
# If authentication binding is used, you can save one LDAP request per
login
# if users' DN can be specified with a common template. The template can
use
# the standard %variables (see user_filter). For example:
#
# auth_bind_userdn = cn=%u,ou=people,o=org
#
#auth_bind_userdn =
"
If not, upgrade.
Bye,
--
Steffen Kaiser
More information about the dovecot
mailing list