Hello, I’m currently working on the implementation of application specific passwords for my mail server (like Googles: https://support.google.com/accounts/answer/185833 <https://support.google.com/accounts/answer/185833>). My main authentication/user source is LDAP, but I don’t want my users to set their LDAP passwords on their devices for accessing Cal/CardDAV.
Therefore I created an SQL authentication source which allows to add more than one password per account. Since you can’t write your own password query like in Dovecot, I built a view over it and tried several ways without success: 1. Return multiple entries with the same c_uid and a different c_name (PK@c_uid), each with a different c_password (because of „c_name: will be used to uniquely identify entries“ in documentation) => only the first c_uid matching result works 2. Return multiple entries with different c_uid and the same c_name, each with a different c_passwords => creates multiple accounts and needs PK@c_name as login user 3. Return a single entry with multiple, space delimited c_password => doesn’t work at all Does someone know a working configuration? As a last resort I thought of the following workaround: Create multiple views (5 - 10), each returning only one entry per c_uid with different passwords, configure the same amount of AuthSources in sogo.conf. But that isn’t really beautiful, as it restricts the amount of app specific passwords and I think the performance would lack because of the 10 additional queries per login attempt. I already had a look into SQLSource.m (https://github.com/inverse-inc/sogo/blob/master/SoObjects/SOGo/SQLSource.m#L209 <https://github.com/inverse-inc/sogo/blob/master/SoObjects/SOGo/SQLSource.m#L209>), but I think I need to dig deeper to find out if it’s possible to process more than one result row (and more than one password, therefore). Relevant part starting around L#270. Thanks, Christoph -- email@example.com https://inverse.ca/sogo/lists