Hi,
I've digged a bit deeper and found out, that if I use an attribute different
from userPassword, digest-md5 and ldap works:
the following setting in dovecot-ldap.conf
--------CUT--------
pass_attrs = uid,gecos
--------CUT--------
... allows me to use the gecos string as password.
At first glance this looks like an ACL problem, but it isn't because plain
authentication works (and I've crosschecked with ldapsearch).
Searching the ML archives I saw that there are a some ldap-issues in the
1.0-test series, but as I am using the latest stable 0.99.14 release (on
debian sid) , this should (?) not be related.
Udo Rader
BestSolution.at GmbH
http://www.bestsolution.at
On Sun, 8 May 2005 22:38:20 +0200, Udo Rader wrote> hi,
>
> I am trying to set up dovecot with digest-md5 as authentication
> mechanism and openldap as passdb.
>
> My problem is ... that I just can't get it working. PLAIN
> authentication works as expected, but no luck with digest-md5.
>
> An excerpt from the two configuration files:
>
> dovecot.conf:
> --------CUT--------
> auth = default
> auth_mechanisms = plain digest-md5
> auth_userdb = ldap /etc/dovecot/dovecot-ldap.conf
> auth_passdb = ldap /etc/dovecot/dovecot-ldap.conf
> --------CUT--------
>
> dovecot-ldap.conf:
> --------CUT--------
> user_filter = (&(objectClass=posixAccount)(|(mail=%u)(uid=%n)))
> pass_filter = (&(objectClass=posixAccount)(|(mail=%u)(uid=%n)))
> default_pass_scheme = plain
> --------CUT--------
>
> My dovecot installation with plain authentication and OpenLDAP has
> been quite mature for a long time, so I doubt that it is an issue
> with openldap.
>
> >From Cryrus-SASL I know that in order to get DIGEST-MD5 running it is
required
> to have plaintext passwords in the DIT, but that does not solve anything.
>
> syslog tells me this:
>
> dovecot-auth: May 08 21:25:09 Error: ldap(frodo): No password in reply
>
> So any ideas on where I went wrong?
>
> Udo Rader
>
> BestSolution.at GmbH
> http://www.bestsolution.at