Hi Christoph,
Yes, I had read your email already. Big thanks, because helpful and
detailed.
On 11/25/2016 01:34 PM, Christoph Kreutzer
(kreutzer.christ...@gmail.com) wrote:
Hi MJ,
I’m probably one of the few that got it working. I’m using it on Debian
8, what is your OS?
I'm on debian 8 as well.
Of course it would also be possible to just accept any password on the
dovecot side from localhost. I would try it as it’s documented for
OpenChange.
Yes, my thoughts were the same. I'll try when I find the time.
Your problem isn’t really one: For Dovecot you can specify several
passdb lookups, I’ve done that also (one for localhost with the normal
LDAP userdb, one with PAM for SAML, and one using MySQL for Google-like
app passwords), see below:
# application specific passwords
passdb {
driver = sql
args = /etc/dovecot/dovecot-sql-asp.conf.ext
}
# PAM (for SOGo SAML SSO login)
passdb {
driver = pam
}
# normal login
passdb {
driver = ldap
args = /etc/dovecot/dovecot-ldap.conf.ext
override_fields = allow_nets=local,127.0.0.1/32,::1
}
userdb {
driver = prefetch
}
userdb {
driver = ldap
args = /etc/dovecot/dovecot-ldap-userdb.conf.ext
}
Thanks for the above. Nice that we're both on dovecot. Are you using the
regular jessie packages?
Of course you would need to apply your passwordless config in there. But
I don’t really like the thought of a passwordless mail access…
No, same here, but on the other hand: the whole crudesaml exersize
sounds like a messy journey too.
Also there is currently a problem with CAS/SAML authentication. See
#3884: https://sogo.nu/bugs/view.php?id=3884
Subscribed there.
Thanks for your valuable feedback.
MJ
--
users@sogo.nu
https://inverse.ca/sogo/lists