[Dovecot] ldap and digest-md5 problem

Łukasz Mierzwa prymitive at pcserwis.net
Tue May 8 20:43:41 EEST 2007 

Saturday 05 of May 2007 16:13:47 Łukasz Mierzwa napisał(a):
> Hi,
>
> I'm using dovecot-1.0.0 on gentoo box and I have problem with
> authentication using digest-md5 and passwords stored as plain text in ldap
> database, when I use cram-md5 it works, while digest-md5 give this error
> (squirrelmail login):
>
> May  5 16:03:32 srv dovecot: auth(default): client in: AUTH     1
> DIGEST-MD5      service=IMAP    secured lip=127.0.0.1   rip=127.0.0.1
> May  5 16:03:32 srv dovecot: auth(default): client out: CONT    1
> [password hash]
> May  5 16:03:32 srv dovecot: auth(default): client in: CONT<hidden>
> May  5 16:03:32 srv dovecot: auth(default):
> ldap(user at domain.com,127.0.0.1): pass search:
> base=ou=domain.com,cn=Users,dc=domain,dc=com scope=subtree
> filter=(&(objectClass=posixAccount)(uid=user)) fields=userPassword May  5
> 16:03:32 srv dovecot: auth(default): ldap(user at domain.com,127.0.0.1):
> result: userPassword(password)=<hidden>
> May  5 16:03:32 srv dovecot: auth(default): digest-md5
> (user at domain.com,127.0.0.1): password mismatch
> May  5 16:03:32 srv dovecot: auth(default): client out: FAIL    1
> user=user at domain.com
> May  5 16:03:32 srv dovecot: imap-login: Aborted login:
> user=<user at domain.com>, method=DIGEST-MD5, rip=127.0.0.1, lip=127.0.0.1,
> secured
>
> It seems that client and dovecot hashes calculated for DIGEST-MD5 are
> different, I tested squirrelmail 1.4.9a, kmail 3.5.6 both can't login using
> digest-md5 so maybe dovecot does not working correctly? Passwords where
> created using phpldapadmin and "clear" password type, cram-md5 logins are
> ok. I can't find any info on ldap and digest-md5 incompatibility in dovecot
> wiki, can anyone give my a hint?
>
> my dovecot-ldap.conf:
> uris = ldaps://127.0.0.1
> dn = uid=dovecot,cn=Daemons,dc=domain,dc=com
> dnpass = secret
> sasl_bind = no
> tls = no
> auth_bind = no
> ldap_version = 3
> base = ou=%d,cn=Users,dc=domain,dc=com
> deref = never
> scope = subtree
> pass_attrs = userPassword=password
> pass_filter = (&(objectClass=posixAccount)(uid=%n))
> default_pass_scheme = PLAIN
>
> my dovecot.conf:
> protocols = imap imaps managesieve
> shutdown_clients = yes
> syslog_facility = mail
> ssl_cert_file = /etc/ssl/cert
> ssl_key_file = /etc/ssl/key
> verbose_ssl = no
> login_process_per_connection = yes
> login_processes_count = 2
> login_max_processes_count = 10
> login_user = dovecot
> login_dir = /var/run/dovecot/login
> login_chroot = yes
> mail_location = maildir:/var/mail/%d/%n
> mail_extra_groups = postfix
> mail_full_filesystem_access = no
> mail_debug = no
> verbose_proctitle = yes
> first_valid_uid = 2000
> last_valid_uid = 2000
> first_valid_gid = 2000
> last_valid_uid = 2000
> maildir_copy_with_hardlinks = yes
> disable_plaintext_auth = yes
>
> protocol imap {
>   imap_client_workarounds = outlook-idle
> }
>
> protocol lda {
>   postmaster_address = postmaster at domain.com
>   hostname = domain.com
>   mail_plugins = cmusieve
> }
>
> auth_default_realm = pcserwis.net
> auth_username_format = %Lu
> auth_verbose = yes
> auth_debug = yes
> auth_debug_passwords = no
>
> auth default {
>   mechanisms = plain login cram-md5 digest-md5
>
>   passdb ldap {
>     args = /etc/dovecot/dovecot-ldap.conf
>   }
>
>   userdb static {
>     args = uid=2000 gid=2000 home=/var/mail/%d/%n
>   }
>
>   socket listen {
>     client {
>         path = /var/spool/postfix/private/auth
>         mode = 0660
>         user = vmail
>         group = postfix
>     }
>     master {
>         path = /var/run/dovecot/auth-master
>         mode = 0600
>         user = vmail
>     }
>   }
> }
>
> protocol managesieve {
>     listen = *:2000
>     login_executable = /usr/libexec/dovecot/managesieve-login
>     mail_executable = /usr/libexec/dovecot/managesieve
> }

Nobody tried DIGEST-MD5 ?

-- 
Łukasz Mierzwa

More information about the dovecot mailing list