Re: [SOGo] sogo / dovecot / saml

2016-12-03 Thread Christoph Kreutzer 
Hello MJ

Please see the first of my mails again. There is an option beginning with 
NGImap... in my configuration example doing exactly that :)

Good luck!

Regards,
Christoph

> Am 03.12.2016 um 21:21 schrieb mj (li...@merit.unu.edu) :
> 
> 
> 
>> On 12/03/2016 07:52 PM, mj (li...@merit.unu.edu) wrote:
>> 
>> It would be so nice if we could re-use the password-less OpenChange imap
>> listener on 127.0.0.1/32 also for SAML access.
> 
> Timo Sirainen from dovecot tells me:
> 
> "If SOGo used AUTHENTICATE PLAIN instead of LOGIN, it should work. The SASL 
> authentication buffer is larger (8 kB) than regular commands' buffer (~1 kB)."
> 
> Is there a way to make SOGo do that?
> 
> MJ
> -- 
> users@sogo.nu
> https://inverse.ca/sogo/lists
-- 
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] sogo / dovecot / saml

2016-12-03 Thread mj 



On 12/03/2016 07:52 PM, mj (li...@merit.unu.edu) wrote:


It would be so nice if we could re-use the password-less OpenChange imap
listener on 127.0.0.1/32 also for SAML access.


Timo Sirainen from dovecot tells me:

"If SOGo used AUTHENTICATE PLAIN instead of LOGIN, it should work. The 
SASL authentication buffer is larger (8 kB) than regular commands' 
buffer (~1 kB)."


Is there a way to make SOGo do that?

MJ
--
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] sogo / dovecot / saml

2016-12-03 Thread mj 

Just replying to my own post:

On 12/02/2016 11:01 PM, mj (li...@merit.unu.edu) wrote:


It appears that sogo is not trying to authenticate at all?


Using tcpflow I can tell that SOGo IS actually trying to authenticate, 
like this:



1 login "username" 
"eF7VVm1vmzAQ/iuI77wY8kJQEy1t2inSukpJVU37UhlzJN7AjmyzZPv1Owfgkdjfkgkfldlkfjg9jQNMvaNZMm7RvifC/Pc/ecfaFpkcdTrUEZLoW1K3Kh4+rn2C6ViCXVXMeCFqBjw+Ll9PZDHLh+TFsPu3ERmozttTGb2PO22627DV2pVl7g+8T7dPthydZQUIcLbahgYFsPoDQmHNsYzbbms7E9nz32B8kIEuY7oxFETi8bpE6U9MAZjiiLUiABzdB1rnUJ8zqSQX+fDBwSOH54T6I49GPiu2Q4+GxPLmps9Wk1qUrTWBtP3QIUN24pShfS0qOlWXsKaF5or7ZceId++yDLMvkCzDQhPyId85l1I1VBsYLf8URcUjPHUyerj8al0BtgPOOQ2pM1lBsuvjbp9jGbBE26KykyXjlWnbkFs5bpy11hRZwAVaBa8CcCzaih1kdp7sSdmmYG1C8U9mM/2lNoLbDaDYeK55ZALVcyPOJwefde1qwFjuYrIYWzkdpgp8QC9EYKDfdybD/eDC9JQAbX08tr0huSYBDOZv3+VUD6/evQJ4HtTRo2TtR9ZGqYQopSXvGjK0yXgETDiZnoAL0InHTAm+jTMkXwDBCFUZxVeY4s9VzhWL3CSgGGpkh8A6+N22I6mWc/hk8Au8xmLZaGGiiwL9YUx1e8LgZrCbrS21yksBvbgzDssWGUOQFLe04vooDwoscmtAwGpIBBEHYzlCdAcswsGsFcPjrKsddsIBs8uK6YDGrzuEWOdBAx8ZTgi7aCdsTW4cMtLQY7FBSGuioOTZYlcRQPzy16X5FuvOYxaSbgTsOK2daNwKNL8+z4edokyJkthqoMdaW05DzQvwcLtGJvvGzy+w+"


This incredibly long password (I actually quoted it shortened above 
here) is (I guess) what makes dovecot choke, with



Dec 02 22:34:33 imap-login: Info: Disconnected: Input buffer full (no
auth attempts in 0 secs): user=<>, rip=x.y.z.32, lip=x.y.z.68,
session=

and

BYE Input buffer full, aborting


It would be so nice if we could re-use the password-less OpenChange imap 
listener on 127.0.0.1/32 also for SAML access.


I'm not sure what that long string of characters is, but could SOGo 
somehow be configured to send a shorter password? I'm guessing that this 
is all that's needed to make this work.


MJ
--
users@sogo.nu
https://inverse.ca/sogo/lists