powered by Jive Software

Wildfire Ldap with qmail vpopmail schema

Hello, i’'m seting up a wildfire server with ldap and qmail vpopmail, for email accounts, i want wildfire to read the email accounts stored in ldap and login.

Here is what i have working so far, my qmail, vpopmail and courrier is working with ldap, setup the connection with ldap using qmail schema.

Wildfire connect to this ldap server and read data from it as i can see in the debuging of the ldap, actually i can login into wildfire using normal ldap users, however the accounts that are created under vpopmail i can read them but i have a message of incorrect password, i guest it have to do with password encripted using m5 as vpopmail does, but i also store clear passwords so, my question is there a way to change the password field so i can point it to use this clear password field. I’'m using wildfire 2.6 and openldap.

Will be nice to ear some advices.

here is my wildfire config

Message was edited by: aeperezt

To my knowledge, Wildfire doesn’‘t actually handle the low-level authentication (ie. comparing encrypted passwords) when someone logs in. Wildfire will locate the user’‘s DN and then attempt to make a connection to the LDAP server using the user DN it found and the plain text password provided by the user, so the LDAP server is the one that actually authentications the user’'s password.

You may need to open up your LDAP server so that all valid users can authenticate against the server, not just the adminDN.

The thing is that my email users login with user name and password using the same ldap server so users can login but they cannot login with wildfire.

Have you attempted to make the baseDN more specific? something like ou=users, dc=blah,dc=blah

Well i have try that and did not work, so running out of ideas, thanks for the advice

Ok, i did a test to see if it works

I use my ldap admin software and change the field userPassword to use clear password, and wildfire did login as i was specting however my other aplications use md5 encripted password, so this is not a solution, but let me know i was in the right track.

So here is my question is there a way to tell wildfire to use another password field?

Well since no workaround to this problem was here i found my own, i recompile vpopmail without-md5 so now will use crypt instead of md5 and it words my user will login to vpopmail using ldap and the same account and password for wildfire, this works.

I add this lines here becouse it may help someone else.

By the way nice software and thank for the help.

Message was edited by: aeperezt

By the trouble i had i gues you may need to work with md5 encription a little bit. But on the other hand you software is great

Hi,

Matt did create and solve JM-704 (JDBCAuthProvider should support other password types) some days ago, so md5 should probably also be possible here.

But it will work only with plain text authentication (also through TLS) where the client sends the plaintext password.

XMPP supports also an authentication method (client sends public-keyhash, passwordpublic-key==>hash) which requires the server to know the plaintext password so it can verify the hash.

So I’'m quite sure that Matt can provide also a solution here.

LG

Wildfire does authentication in LDAP by doing a “bind” as the given user. The bind operation takes a plaintext password, and gives that to the LDAP server (not a query lookup). So this means your LDAP server needs to be configured to use a given field, and understand its contents. OpenLDP (and most LDAP servers) use the userPassword field for authentication, and store it either as plain text, or as BASE64ENCODEOFHASH where is the algorighm used (MD5, CRYPT, SHA1, etc). Your vpopmail setup dosnt do a bind as the user, it does a query lookup (apparently, Ive never used it anyway) instead of a bind for authentication.