Chris Shenton <[EMAIL PROTECTED]> writes:
> Radish# ldapsearch ... '(&(objectclass=qmailuser)(uid=cshenton))'
> ...
> userPassword:: e1NTSEF9bWp1ZmgwUU1uSlBSeWkzN1ZSTjE1VUhPcFdjMkpma0g=
>
> If I run that BASE64-encoded userPassword through a decoder I get:
>
> {SSHA}mjufh0QMnJPRyi37VRN15UHOpWc2JfkH
After some googling on the POP error response "user record incorrect"
I find I need to change my default encoding from {SSHA} in OpenLDAP to
be {SHA} to get qmail-ldap to work; in slapd.conf:
password-hash {SHA}
Then I set my password again (to store it with the new encoding),
repeat the ldap search, then I can test and match correctly:
Radish# /var/qmail/bin/qmail-ldaplookup -u cshenton -p cshenton
init_ldap: passwords are not compared via rebind
...
qldap_lookup: searching with (&(objectclass=qmailuser)(uid=cshenton))
qldap_lookup: succeeded, found:
uid: cshenton
...
userPassword: {SHA}fpZ8ao8TwKbSyQc1JJjjI94ZAFc=
qldap_lookup: password compare was successful
I can now auth to the POP server and the IMAP server successfully.
If I'm reading the google results right, this CRYPT/SHA/SSHA default
for OpenLDAP is a somewhat recent change. Here are the versions of
OpenLDAP and qmail-ldap I'm running at the moment:
* openldap20-2.0.25_3
* qmail-ldap2-with_tls-1.03.20020901
