guenther
2009-Feb-16 11:24 UTC
[Dovecot] LDAP, MD5-CRYPT, invalid credentials, BUG or config issue?
Hi, I read a lot of howto's and I got problems with LDAP and Dovecot to work together. I'm using: Gentoo Linux 2008.0 hardened Dovecot 1.1.7 Kernel 2.6.26 OpenLDAP 2.3.43 My dovecot-ldap.conf is: uris = ldaps://auth.mydomain.com:636 auth_bind = yes auth_bind_userdn = uid=%u,ou=People,dc=mydomain,dc=com ldap_version = 3 base = ou=People,dc=mydomain,dc=com deref = never scope = subtree user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid user_filter = (&(objectClass=posixAccount)(uid=%u)) pass_attrs = uid=user,userPassword=password pass_filter = (&(objectClass=posixAccount)(uid=%u)) default_pass_scheme = CRYPT I also tried default_pass_scheme = MD5-CRYPT In the logs I find smething like this: Feb 16 12:20:49 mail dovecot: Dovecot v1.1.7 starting up Feb 16 12:20:50 mail dovecot: auth(default): new auth connection: pid=30582 Feb 16 12:20:50 mail dovecot: auth(default): new auth connection: pid=30583 Feb 16 12:20:50 mail dovecot: auth(default): new auth connection: pid=30584 Feb 16 12:20:53 mail dovecot: auth(default): new auth connection: pid=30585 Feb 16 12:20:58 mail dovecot: auth(default): client in: AUTH 1 PLAIN service=imap secured lip=172.30.0.10 rip=172.30.0.254 lport=993 rport=51269 Feb 16 12:20:58 mail dovecot: auth(default): client out: CONT 1 Feb 16 12:20:58 mail dovecot: auth(default): client in: CONT 1 AGd1ZW50aGVyADE*********Feb 16 12:20:58 mail dovecot: auth(default): ldap(guenther,172.30.0.254): invalid credentials Feb 16 12:21:00 mail dovecot: auth(default): client out: FAIL 1 user=guenther Feb 16 12:21:00 mail dovecot: auth(default): client in: AUTH 2 PLAIN service=imap secured lip=172.30.0.10 rip=172.30.0.254 lport=993 rport=51269 resp=AGd1ZW50aGVyADE*********Feb 16 12:21:00 mail dovecot: auth(default): ldap(guenther,172.30.0.254): invalid credentials Feb 16 12:21:02 mail dovecot: auth(default): client out: FAIL 2 user=guenther It seems dovecot ignores the CRYPT password scheme. The password seems to be encrypted in SSHA. What am I doing wrong please?? I am sure, the password is correct as I can login into the machine via nss_ldap and pam_ldap. Regards G?nther
Guenther Falk
2009-Feb-16 11:28 UTC
[Dovecot] LDAP, MD5-CRYPT, invalid credentials, BUG or config issue?
Hi, I read a lot of howto's and I got problems with LDAP and Dovecot to work together. I'm using: Gentoo Linux 2008.0 hardened Dovecot 1.1.7 Kernel 2.6.26 OpenLDAP 2.3.43 My dovecot-ldap.conf is: uris = ldaps://auth.mydomain.com:636 auth_bind = yes auth_bind_userdn = uid=%u,ou=People,dc=mydomain,dc=com ldap_version = 3 base = ou=People,dc=mydomain,dc=com deref = never scope = subtree user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid user_filter = (&(objectClass=posixAccount)(uid=%u)) pass_attrs = uid=user,userPassword=password pass_filter = (&(objectClass=posixAccount)(uid=%u)) default_pass_scheme = CRYPT I also tried default_pass_scheme = MD5-CRYPT In the logs I find smething like this: Feb 16 12:20:49 mail dovecot: Dovecot v1.1.7 starting up Feb 16 12:20:50 mail dovecot: auth(default): new auth connection: pid=30582 Feb 16 12:20:50 mail dovecot: auth(default): new auth connection: pid=30583 Feb 16 12:20:50 mail dovecot: auth(default): new auth connection: pid=30584 Feb 16 12:20:53 mail dovecot: auth(default): new auth connection: pid=30585 Feb 16 12:20:58 mail dovecot: auth(default): client in: AUTH 1 PLAIN service=imap secured lip=172.30.0.10 rip=172.30.0.254 lport=993 rport=51269 Feb 16 12:20:58 mail dovecot: auth(default): client out: CONT 1 Feb 16 12:20:58 mail dovecot: auth(default): client in: CONT 1 AGd1ZW50aGVyADE*********Feb 16 12:20:58 mail dovecot: auth(default): ldap(guenther,172.30.0.254): invalid credentials Feb 16 12:21:00 mail dovecot: auth(default): client out: FAIL 1 user=guenther Feb 16 12:21:00 mail dovecot: auth(default): client in: AUTH 2 PLAIN service=imap secured lip=172.30.0.10 rip=172.30.0.254 lport=993 rport=51269 resp=AGd1ZW50aGVyADE*********Feb 16 12:21:00 mail dovecot: auth(default): ldap(guenther,172.30.0.254): invalid credentials Feb 16 12:21:02 mail dovecot: auth(default): client out: FAIL 2 user=guenther It seems dovecot ignores the CRYPT password scheme. The password seems to be encrypted in SSHA. What am I doing wrong please?? I am sure, the password is correct as I can login into the machine via nss_ldap and pam_ldap. Regards G?nther