Hello, i’'m seting up a wildfire server with ldap and qmail vpopmail, for email accounts, i want wildfire to read the email accounts stored in ldap and login.
Here is what i have working so far, my qmail, vpopmail and courrier is working with ldap, setup the connection with ldap using qmail schema.
Wildfire connect to this ldap server and read data from it as i can see in the debuging of the ldap, actually i can login into wildfire using normal ldap users, however the accounts that are created under vpopmail i can read them but i have a message of incorrect password, i guest it have to do with password encripted using m5 as vpopmail does, but i also store clear passwords so, my question is there a way to change the password field so i can point it to use this clear password field. I’'m using wildfire 2.6 and openldap.
To my knowledge, Wildfire doesn’‘t actually handle the low-level authentication (ie. comparing encrypted passwords) when someone logs in. Wildfire will locate the user’‘s DN and then attempt to make a connection to the LDAP server using the user DN it found and the plain text password provided by the user, so the LDAP server is the one that actually authentications the user’'s password.
You may need to open up your LDAP server so that all valid users can authenticate against the server, not just the adminDN.
I use my ldap admin software and change the field userPassword to use clear password, and wildfire did login as i was specting however my other aplications use md5 encripted password, so this is not a solution, but let me know i was in the right track.
So here is my question is there a way to tell wildfire to use another password field?
Well since no workaround to this problem was here i found my own, i recompile vpopmail without-md5 so now will use crypt instead of md5 and it words my user will login to vpopmail using ldap and the same account and password for wildfire, this works.
I add this lines here becouse it may help someone else.
Matt did create and solve JM-704 (JDBCAuthProvider should support other password types) some days ago, so md5 should probably also be possible here.
But it will work only with plain text authentication (also through TLS) where the client sends the plaintext password.
XMPP supports also an authentication method (client sends public-keyhash, passwordpublic-key==>hash) which requires the server to know the plaintext password so it can verify the hash.
So I’'m quite sure that Matt can provide also a solution here.
Wildfire does authentication in LDAP by doing a “bind” as the given user. The bind operation takes a plaintext password, and gives that to the LDAP server (not a query lookup). So this means your LDAP server needs to be configured to use a given field, and understand its contents. OpenLDP (and most LDAP servers) use the userPassword field for authentication, and store it either as plain text, or as BASE64ENCODEOFHASH where is the algorighm used (MD5, CRYPT, SHA1, etc). Your vpopmail setup dosnt do a bind as the user, it does a query lookup (apparently, Ive never used it anyway) instead of a bind for authentication.