On 14/06/16 23:15, Karsten Heiken wrote:
Hi Leon,

You should be able to add multiple userPassword attributes to your directory:

userPassword: {CRAM-MD5}xxx
userPassword: {DIGEST-MD5}xxxx
userPassword: {SCRAM-SHA-1}xxxx
userPassword: {NTLM}xxxx
Did try this, didn't end end well.

Jun 14 12:59:43 auth: Error: 
ldap(leonkyn...@itest.com,192.168.99.3,<SQn6QD41TpvLhgGR>): Multiple password 
values not supported
[...]
Huh. You're right, I'm sorry.

A few days ago I tried just that - adding a second userPassword to my LDAP and 
got this result:
dovecot: auth: Warning: ldap(x,127.0.0.1,<TxHjBz41DumCSwXU>): Multiple values 
found for 'password', using value '{SSHA}yaddayadda'
Turns out there is still only one password tried, not all of them - which was 
working as intended on this occasion.

But have you tried to authenticate using auth_bind? Maybe that is possible with 
your LDAP setup.
If you were using auth_bind = yes, then Dovecot shouldn't care about the 
passwords stored in LDAP.

http://wiki2.dovecot.org/AuthDatabase/LDAP/AuthBinds

This of course only works for passdb lookups.

Auth bind wont work here as if they auth with encrypted password it can't bind to ldap with it. and get a lot of these:

auth: Info: ldap(leonkyneur,192.168.99.3,<7Rr1lj41tJzLhgGR>): Requested DIGEST-MD5 scheme, but we have a NULL password

Reply via email to