On 27 Oct 2015, at 17:43, Andrey Fesenko <[email protected]> wrote: > > Hello, i'm test system dovecot (proxy with director) and backend > storage, auth LDAP server (user plain passwords) > > If i use plain auth, work fine. > > If connect DIGEST-MD5 or CRAM-MD5 proxy not redirect connection > (Requested DIGEST-MD5 scheme, but we have a NULL password) > > ### Frontend proxy+director .. > passdb { > args = /usr/local/etc/dovecot/dovecot-ldap.conf > driver = ldap > }
So LDAP is the primary way of authenticating. > pass_attrs = > uid=user,=password=,description=proxy,ipHostNumber=host,=nopassword=y,=starttls=any-cert But you set password to empty and nopassword=yes. CRAM-MD5 and DIGEST-MD5 authentication requires that the server already knows the password. The only way to make it work is to have proxy actually fully authenticate the user and then login to Dovecot backend with a master password.
