[Dovecot] LDAP, MD5-CRYPT, invalid credentials, BUG or config issue?

Guenther Falk guenther at onetreetechnologies.com
Mon Feb 16 13:28:54 EET 2009 

Hi,

I read a lot of howto's and I got problems with LDAP and Dovecot to work
together.

I'm using:
Gentoo Linux 2008.0 hardened
Dovecot 1.1.7
Kernel 2.6.26
OpenLDAP 2.3.43

My dovecot-ldap.conf is:
uris = ldaps://auth.mydomain.com:636
auth_bind = yes
auth_bind_userdn = uid=%u,ou=People,dc=mydomain,dc=com
ldap_version = 3
base = ou=People,dc=mydomain,dc=com
deref = never
scope = subtree
user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid
user_filter = (&(objectClass=posixAccount)(uid=%u))
pass_attrs = uid=user,userPassword=password
pass_filter = (&(objectClass=posixAccount)(uid=%u))
default_pass_scheme = CRYPT

I also tried default_pass_scheme = MD5-CRYPT

In the logs I find smething like this:
Feb 16 12:20:49 mail dovecot: Dovecot v1.1.7 starting up
Feb 16 12:20:50 mail dovecot: auth(default): new auth connection: pid=30582
Feb 16 12:20:50 mail dovecot: auth(default): new auth connection: pid=30583
Feb 16 12:20:50 mail dovecot: auth(default): new auth connection: pid=30584
Feb 16 12:20:53 mail dovecot: auth(default): new auth connection: pid=30585
Feb 16 12:20:58 mail dovecot: auth(default): client in: AUTH    1      
PLAIN   service=imap    secured lip=172.30.0.10 rip=172.30.0.254       
lport=993
       rport=51269
Feb 16 12:20:58 mail dovecot: auth(default): client out: CONT   1
Feb 16 12:20:58 mail dovecot: auth(default): client in: CONT    1      
AGd1ZW50aGVyADE*********=
Feb 16 12:20:58 mail dovecot: auth(default):
ldap(guenther,172.30.0.254): invalid credentials
Feb 16 12:21:00 mail dovecot: auth(default): client out: FAIL   1      
user=guenther
Feb 16 12:21:00 mail dovecot: auth(default): client in: AUTH    2      
PLAIN   service=imap    secured lip=172.30.0.10 rip=172.30.0.254       
lport=993
       rport=51269     resp=AGd1ZW50aGVyADE*********=
Feb 16 12:21:00 mail dovecot: auth(default):
ldap(guenther,172.30.0.254): invalid credentials
Feb 16 12:21:02 mail dovecot: auth(default): client out: FAIL   2      
user=guenther

It seems dovecot ignores the CRYPT password scheme. The password seems
to be encrypted in SSHA.

What am I doing wrong please??
I am sure, the password is correct as I can login into the machine via
nss_ldap and pam_ldap.

Regards

Günther

More information about the dovecot mailing list