Hello,
I’m currently working on the implementation of application specific passwords
for my mail server (like Googles:
https://support.google.com/accounts/answer/185833
<https://support.google.com/accounts/answer/185833>).
My main authentication/user source is LDAP, but I don’t want my users to set
their LDAP passwords on their devices for accessing Cal/CardDAV.
Therefore I created an SQL authentication source which allows to add more than
one password per account.
Since you can’t write your own password query like in Dovecot, I built a view
over it and tried several ways without success:
1. Return multiple entries with the same c_uid and a different c_name
(PK@c_uid), each with a different c_password (because of „c_name: will be used
to uniquely identify entries“ in documentation)
=> only the first c_uid matching result works
2. Return multiple entries with different c_uid and the same c_name, each with
a different c_passwords
=> creates multiple accounts and needs PK@c_name as login user
3. Return a single entry with multiple, space delimited c_password
=> doesn’t work at all
Does someone know a working configuration? As a last resort I thought of the
following workaround:
Create multiple views (5 - 10), each returning only one entry per c_uid with
different passwords, configure the same amount of AuthSources in sogo.conf. But
that isn’t really beautiful, as it restricts the amount of app specific
passwords and I think the performance would lack because of the 10 additional
queries per login attempt.
I already had a look into SQLSource.m
(https://github.com/inverse-inc/sogo/blob/master/SoObjects/SOGo/SQLSource.m#L209
<https://github.com/inverse-inc/sogo/blob/master/SoObjects/SOGo/SQLSource.m#L209>),
but I think I need to dig deeper to find out if it’s possible to process more
than one result row (and more than one password, therefore). Relevant part
starting around L#270.
Thanks,
Christoph
--
users@sogo.nu
https://inverse.ca/sogo/lists
