Re: [Dovecot] LDAP, MD5-CRYPT, invalid credentials, BUG or config issue?
On Mon, Feb 16, 2009 at 12:28:54PM +0100, Guenther Falk wrote: > My dovecot-ldap.conf is: > auth_bind = yes > auth_bind_userdn = uid=%u,ou=People,dc=mydomain,dc=com > [...] > default_pass_scheme = CRYPT > [...] > It seems dovecot ignores the CRYPT password scheme. The password seems > to be encrypted in SSHA. If you use auth_bind, then the password scheme specified in dovecot-ldap.conf is irrelevant, as the password comparison will be done by the LDAP server (cf. http://wiki.dovecot.org/AuthDatabase/LDAP). Also, your logs show the communication between the two Dovecot components responsible for the auth process, not between Dovecot and the LDAP server. You may want to check you OpenLDAP logs to see what's going on.
[Dovecot] LDAP, MD5-CRYPT, invalid credentials, BUG or config issue?
Hi, I read a lot of howto's and I got problems with LDAP and Dovecot to work together. I'm using: Gentoo Linux 2008.0 hardened Dovecot 1.1.7 Kernel 2.6.26 OpenLDAP 2.3.43 My dovecot-ldap.conf is: uris = ldaps://auth.mydomain.com:636 auth_bind = yes auth_bind_userdn = uid=%u,ou=People,dc=mydomain,dc=com ldap_version = 3 base = ou=People,dc=mydomain,dc=com deref = never scope = subtree user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid user_filter = (&(objectClass=posixAccount)(uid=%u)) pass_attrs = uid=user,userPassword=password pass_filter = (&(objectClass=posixAccount)(uid=%u)) default_pass_scheme = CRYPT I also tried default_pass_scheme = MD5-CRYPT In the logs I find smething like this: Feb 16 12:20:49 mail dovecot: Dovecot v1.1.7 starting up Feb 16 12:20:50 mail dovecot: auth(default): new auth connection: pid=30582 Feb 16 12:20:50 mail dovecot: auth(default): new auth connection: pid=30583 Feb 16 12:20:50 mail dovecot: auth(default): new auth connection: pid=30584 Feb 16 12:20:53 mail dovecot: auth(default): new auth connection: pid=30585 Feb 16 12:20:58 mail dovecot: auth(default): client in: AUTH1 PLAIN service=imapsecured lip=172.30.0.10 rip=172.30.0.254 lport=993 rport=51269 Feb 16 12:20:58 mail dovecot: auth(default): client out: CONT 1 Feb 16 12:20:58 mail dovecot: auth(default): client in: CONT1 AGd1ZW50aGVyADE*= Feb 16 12:20:58 mail dovecot: auth(default): ldap(guenther,172.30.0.254): invalid credentials Feb 16 12:21:00 mail dovecot: auth(default): client out: FAIL 1 user=guenther Feb 16 12:21:00 mail dovecot: auth(default): client in: AUTH2 PLAIN service=imapsecured lip=172.30.0.10 rip=172.30.0.254 lport=993 rport=51269 resp=AGd1ZW50aGVyADE*= Feb 16 12:21:00 mail dovecot: auth(default): ldap(guenther,172.30.0.254): invalid credentials Feb 16 12:21:02 mail dovecot: auth(default): client out: FAIL 2 user=guenther It seems dovecot ignores the CRYPT password scheme. The password seems to be encrypted in SSHA. What am I doing wrong please?? I am sure, the password is correct as I can login into the machine via nss_ldap and pam_ldap. Regards Günther
[Dovecot] LDAP, MD5-CRYPT, invalid credentials, BUG or config issue?
Hi, I read a lot of howto's and I got problems with LDAP and Dovecot to work together. I'm using: Gentoo Linux 2008.0 hardened Dovecot 1.1.7 Kernel 2.6.26 OpenLDAP 2.3.43 My dovecot-ldap.conf is: uris = ldaps://auth.mydomain.com:636 auth_bind = yes auth_bind_userdn = uid=%u,ou=People,dc=mydomain,dc=com ldap_version = 3 base = ou=People,dc=mydomain,dc=com deref = never scope = subtree user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid user_filter = (&(objectClass=posixAccount)(uid=%u)) pass_attrs = uid=user,userPassword=password pass_filter = (&(objectClass=posixAccount)(uid=%u)) default_pass_scheme = CRYPT I also tried default_pass_scheme = MD5-CRYPT In the logs I find smething like this: Feb 16 12:20:49 mail dovecot: Dovecot v1.1.7 starting up Feb 16 12:20:50 mail dovecot: auth(default): new auth connection: pid=30582 Feb 16 12:20:50 mail dovecot: auth(default): new auth connection: pid=30583 Feb 16 12:20:50 mail dovecot: auth(default): new auth connection: pid=30584 Feb 16 12:20:53 mail dovecot: auth(default): new auth connection: pid=30585 Feb 16 12:20:58 mail dovecot: auth(default): client in: AUTH1 PLAIN service=imapsecured lip=172.30.0.10 rip=172.30.0.254 lport=993 rport=51269 Feb 16 12:20:58 mail dovecot: auth(default): client out: CONT 1 Feb 16 12:20:58 mail dovecot: auth(default): client in: CONT1 AGd1ZW50aGVyADE*= Feb 16 12:20:58 mail dovecot: auth(default): ldap(guenther,172.30.0.254): invalid credentials Feb 16 12:21:00 mail dovecot: auth(default): client out: FAIL 1 user=guenther Feb 16 12:21:00 mail dovecot: auth(default): client in: AUTH2 PLAIN service=imapsecured lip=172.30.0.10 rip=172.30.0.254 lport=993 rport=51269 resp=AGd1ZW50aGVyADE*= Feb 16 12:21:00 mail dovecot: auth(default): ldap(guenther,172.30.0.254): invalid credentials Feb 16 12:21:02 mail dovecot: auth(default): client out: FAIL 2 user=guenther It seems dovecot ignores the CRYPT password scheme. The password seems to be encrypted in SSHA. What am I doing wrong please?? I am sure, the password is correct as I can login into the machine via nss_ldap and pam_ldap. Regards Günther
